The IT Security Manager (ITSM) acts as an interface between the Executive Director of IT and IT Security strategic and process-based activities and the work of the technology-focused analysts, engineers, and administrators in the Information Technology (IT) organization. The ITSM is a leadership role that requires an individual with a strong technical background, as well as an ability to work with the IT organization and business management to align priorities and plans with key business objectives.

This role and its function are part of the Information Technology shared services model. A Team Member in a shared service structure, works within a dedicated business unit (including people, processes, and technologies) that is structured as a centralized point of service and is focused on defined business functions. These units typically serve multiple business groups enterprise wide, and typically have established Service Level Agreements.

• Translates the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting.
• Coordinates the IT organization's technical activities to implement and manage security infrastructure, and to provide regular status and service-level reports to management.
• Strategic Support:

• • Works with the Executive Director of IT and IT Security to develop a security program and security projects that address identified risks and business security requirements.
  • Manages the process of gathering, analyzing, and assessing the current and future threat landscape, as well as providing the Director of IT Security with a realistic overview of risks and threats in the enterprise environment.
  • Monitors and reports on compliance with security policies, as well as the enforcement of policies within the IT department while proposing changes to the existing policies and procedures.

• Security Liaison:

• • Provides security communication, awareness, and training for audiences, which may range from senior leaders to field staff.
  • Acts as the liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements.
  • Manages production issues and incidents and participates in problem and change management forums.
  • Works with the Executive Director of IT and IT Security and business stakeholders to define metrics and reports strategies that effectively communicate successes and progress of the security program.

• Architecture/Engineering Support:

• • Ensures that security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and software.
  • Researches, evaluates, designs, tests, recommends, and plans the implementation of new or updates information security hardware or software and analyzes its impact.
  • Develops and implements controls and configurations aligned with security policies and legal, regulatory and audit requirements.

• Operational Support

• • Coordinates, measures, and reports on the technical aspects of security management.
  • Manages outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
  • Manages the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate information about residual risk.
  • Manages security projects and provides expert guidance on security matters for other IT projects.
  • Assist and guides the disaster recovery planning team in the selection of recovery strategies through the development, testing and maintenance of disaster recovery plans.
  • Designs, coordinates, and oversees security testing procedures to verify the security of systems, networks, and applications, and manages the remediation of identified risks.

• Hires, trains, develops, empowers, coaches, counsels, conducts performance and salary reviews, resolves problems, provides open communication vehicles, disciplines, and recommends terminations as appropriate.
• Builds a work environment that promotes teamwork, partnership, recognition, mutual respect, collaboration, performance feedback/management, and Team Member satisfaction while role modeling the company values, behaviors, and culture of One.Team.Chumash.
• Performs other duties as assigned.

• High School Diploma or GED Certificate.
• Bachelor’s Degree in Computer Science, IT security/cybersecurity, equivalent educational or work experience.
• Five years of IT experience with two years in an information security role.
• Two years of experience in a supervisory role. 
• Advanced computer proficiency utilizing Microsoft applications, e-mail, and Internet.
• Must apply for, receive, and maintain a Gaming License from the Tribal Gaming Agency.
• Native American hiring preference applies.
• Organizational Awareness: Having and using knowledge of systems, situations, procedures, and culture inside the organization to identify potential problems and opportunities; perceiving the impact and the implications of decisions on other components of the organization.
• Leadership: Achieving results through people by successful objective setting, performance review, motivation, delegation, teambuilding, commitment gains, and empowerment.
• Conceptual Thinking: Understanding a given situation or problem by combining information that is readily available; identifying patterns or connections between situations that are not obviously related; identifying key or underlying issues in complex situations.
• Problem Solving: Having the ability to identify problems and issues of varying complexities and to find effective solutions with few guidelines.
• Continuous Learning: Actively and continuously gaining insight of strengths and weaknesses in order to identify the relevant areas that need further development (with regard to skills and knowledge) and acting upon it.