IT Security Manager (Hybrid)

Are you looking to join a team where "corporate values" aren't just words on the website but instead are the genuine beliefs of the team? Where the people are smart, hardworking, fun, and loving? A place where the talk is walked?


That's Kasasa! There are 4 values that define our company culture - Interdependence, Empowered Ownership, Badassitude, and Love - Together these values form THE PATCH. Elevate is the wrapper around the whole Patch reminding us to seek the "highest form" of our values.


If you feel that our company values align with your own, please apply! If you don't, we encourage you to find a company whose values do!


Our values are a living commitment to one another. It defines everything we do, including how we build products, serve our clients, plan for the future, and work together. It is our

uncompromising promise to one another, our communities, and our clients.
• Interdependence - Only team wins count. I take responsibility for my team's success. My Team is Kasasa. I hold my shield for all of us.
• Empowered Ownership - I know my goals. If they're to be, it's up to me.
• Badassitude - I am passionate about what I do because I understand why it matters. I will courageously face challenges, seeing each one as a steppingstone toward growth.
• Love - We boldly bring love to the workplace and the world.
• ELEVATE - I CREATE THE HIGHER POSSIBILITY.

ONLY THE BADASS NEED APPLY!
We're looking for much more than qualified applicants! We're looking for people who "relentlessly give a sh!t" (Or "RGAS" for short; this is a component of our Badassitude value)! e want individuals who will courageously face challenges. We don't settle for good enough. At Kasasa, we have the determination, grit, and hustle to create excellence.


Kasasa's mission is to inspire and elevate community financial institutions to be the source for love and financial wellbeing in their communities. Kasasa employees (Spartans) are passionately dedicated to this mission and lead the way - sharing our "love" with the world - through our words and actions - via community service and outreach. Expect to get involved and make an impact if you expect to be a Spartan.


As Spartans once did, we stand together and inspire others to join us in our mission. Stronger together and united by core values, we are more than a team. We are a Phalanx!


The purpose of this position description is to serve as a general summary and overview of the major duties and responsibilities of the job. It is not intended to represent the entirety of the job, nor is it intended to be all-inclusive. Therefore, the position may be required or requested to perform for Kasasa other work duties not specifically listed herein. Management reserves the right to modify, defer, or rescind this position description at any time, with or without prior notice.


Role Overview
In today's digital environment, the role of an Information Technology Security Manager is an essential position within our organization. By developing security strategies; implementing policies and procedures; executing risk assessments and penetration testing; collaborating with colleagues to mitigate known and emerging vulnerabilities and threat and by briefing senior management on the company's overall risk management posture, our Information Technology Security Manager plays a vital role in protecting our organization against cyber-attacks that threaten the integrity of our data, networks and information technology assets. This job description outlines the responsibilities and qualifications required for the position.


ESSENTIAL FUNCTIONS (Responsibilities)

• Infuse the Patch Values into your work ethic, every day and every interaction.
• Develop and implement the organization's security strategies, policies, procedures, and remediation efforts.
• Provide guidance, training, and support to ensure the effective execution of security initiatives.
• Conduct regular risk assessments and vulnerability tests to identify potential security threats and develop action plans to mitigate them.
• Monitor and analyze security incidents, investigating any breaches or security incidents and implementing corrective actions as necessary. Establish client facing communication protocols.
• Stay up to date with the latest industry trends, threats, and technologies to ensure that the organization's cybersecurity measures are current and effective.
• Collaborate with other departments to ensure that security requirements are integrated into the design, implementation and deployment of new systems, technologies, network and devices.
• Develop and implement security awareness programs to educate employees about security best practices and promote a culture of security within the organization.
• Manage relationships with external vendors and partners to ensure that security controls are effectively implemented and maintained.
• Ensure compliance with relevant regulatory requirements and industry standards, such as state data privacy laws, regulations, and requirements.
• Prepare and present regular reports to senior management on the organization's IT security posture, including insights, recommendations, and metrics. Annual Board reporting.
• Other duties as assigned.

POSITION REQUIREMENTS (Qualifications)

• 6+ years of IT security / cybersecurity experience.
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity or a related field.
• Professional certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), Offensive Security Certified Professional (OSCP), or CISA (Certified Information Systems Auditor) are highly desirable.
• Proven experience in an IT security role, with a track record of successfully implementing and managing IT security programs.
• Familiarity and experience with security controls for cloud-based infrastructure such as Amazon Web Services (AWS).
• Hands on experience with anti-phishing; anti-malware; remote device monitoring; threat
• intelligence; patch management software, tools, and controls.
• Strong knowledge of relevant regulations and standards, such as data privacy and protection laws.
• Experience with risk management methodologies and frameworks. Preferred: NIST framework.
• Prior experience working with external auditors.
• Familiarity with project management principles and practices.
• Excellent written and verbal communication skills. Strong collaboration skills.
• Strong attention to detail and the ability to prioritize and manage multiple tasks simultaneously.

PHYSICAL REQUIREMENTS
• Sitting for extended periods of time; approximately 5-6 hours per day
• Simultaneous use of hand, wrist and fingers
• Daily operation of standard office equipment
• Frequent use of oral communication to perform work
• Lifts and moves 7-10 pounds occasionally


Are you ready to join an amazing group of people who genuinely love their jobs in an environment that inspires greatness?
We are committed to providing equal employment opportunities to all employees and applicants for employment without regard to race, color, ancestry, national origin, citizenship status, gender, gender identity, pregnancy, sexual orientation, transgender status, marital status, religion, creed, age, physical or mental disability, results of genetic testing, genetic information, past, present or prospective service in the military, or any other characteristic or activity protected by federal, state, or local law.