Description

　　Information Security Manager

　　Bernhard’s core mission is delivering innovative engineering, construction, and energy solutions that empower our clients and promote a sustainable future. Bernhard is comprised of four divisions: Mechanical, Electrical, Engineering, and Development, each with a distinct identity and service offerings. The intersection of our capabilities enables Bernhard to provide turnkey Energy-as-a-Service (“EaaS”) solutions to our clients. At the same time, our divisions continue working in the market sectors and communities that the Company has traditionally served. Bernhard’s vision is to be the leading EaaS provider in North America through the delivery of excellent, high-value service and innovative solutions for our clients.

　　Purpose and Essential Duties

　　The Information Security Manager will serve as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. A key element of the Information Security Manager’s role will be working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.

　　Specific responsibilities include:

　　Execute a strategic, comprehensive IT risk management program targeting information security and privacy matters. Ensure the integrity, confidentiality and availability of information owned, controlled, or processed by the organization.

　　Maintain the Bernhard customized information security management framework

　　Provide regular reporting on the current status of the information security program to organization leaders as part of a strategic enterprise risk management program.

　　Ensure that security programs are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.

　　Assist executive leadership in establishing a cyber security culture throughout the enterprise

　　Oversee the approval, training and dissemination of security policies and practices, as well as compliance from all employees, contractors, and approved system users.

　　Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.

　　Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security throughout the organization.

　　Engage with external communities and activities to maintain good perspective on information security practices at peer organizations and the threat environment; promote and increase organizational ability to address common problems. Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.

　　Identify, Report and Control cyber incidents and minimize any disruption to the Bernhard network and protect the organization’s data assets

　　Work directly with the business units to facilitate risk assessment and risk management processes

　　Work directly with business lines to develop, maintain and test disaster recovery and business continuity plans and procedures

　　Maintain strong working relationships with organization leadership and teams to align information security practices across the organization.

　　Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services

　　Design and work with other team members to architect new information security infrastructure solutions

　　Complete customer and vendor assurance risk assessments

　　Overseeing planning and execution of necessary vulnerability audits, penetration testing or forensic IT audits and investigations

　　Program manage initiatives to improve company security posture, protecting company assets, reducing security risks, and meeting customer security requirements while balancing expenses and worker productivity

　　Manage the Bernhard Cyber Hygiene Program and oversee employee training in all the latest security awareness skills

　　This position is Full-Time, Exempt and reports to the Vice President for Information Technology.

　　Required Education, Experience, and Qualifications

　　Degree in computer science, information systems, business administration or a technology-related field, or equivalent work experience.

　　Minimum of seven years of experience in a combination of risk management, information security and other IT jobs

　　Applicable information security certifications (CISSP, CISM, CISA, CRISC, GSEC, or similar)

　　If CISSP is not a current certification, then selected individual must be able to obtain one within six months of being hired by Bernhard.

　　Extensive applied expertise in multiple disciplines, including risk assessment and auditing; security monitoring practices; the system development and engineering lifecycle; network security principles including an understanding of firewalls and security segmentation; endpoint and application security principles including understanding of access controls, vulnerability management; encryption best practices; and cloud and vendor security management principles

　　Policy development and administration skills

　　Strong analytical thinking and innovation skills

　　Effective verbal and written communication skills.

　　Travel Requirements

　　15 % of time will be spent traveling to job site(s)/office location.Physical/Work Environment Requirements

　　Prolonged periods of sitting at a desk and working on a computer.

　　Remaining in a stationary position, often kneeling, standing or sitting for prolonged periods.

　　Repeating motions that may include the wrists, hands and/or fingers.

　　Quiet environment.

　　Light work that includes adjusting and/or moving objects up to 20 pounds.

　　Don’t meet every single requirement? Studies have shown that diverse candidates are less likely to apply to jobs unless they meet every single qualification. At Bernhard, we are dedicated to building a diverse, inclusive, and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.

　　“We are proud to be an Equal Opportunity Employer of Minorities, Women, Protected Veterans, and Individuals with Disabilities, and participate in the e-Verify program. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, age, sexual orientation, gender identity, national origin, veteran status, disability, or any other classification protected by law.”

　　To staffing/placement agencies: We are not responsible for any fee related to unsolicited resumes from 3rd party staffing and placement agencies (whether submitted through this website or sent directly to an employee of Bernhard LLC or its operating companies) unless a written agreement is in place between the agency and Bernhard, LLC (“Company”) and an authorized Company representative makes a written request to the agency to assist with a requisition. Similarly, no fee will be paid for candidates who apply and claim to be represented by an agency. Any unsolicited resumes, CVs, or other candidate information submitted by an agency will become the property of the Company, and no fee will be paid in the event such candidate is hired.

　　If you are an agency and would like to be considered for partnership with Bernhard, LLC please send your company’s information to [email protected].

　　Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

　　The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)