IT Information Tech - IT Security Manager II ( 100% Remote) - WindStream Communications
Saint Paul, MN
About the Job
Windstream Holdings, Inc., is a leading provider of advanced network communications and technology solutions for consumers, small businesses, enterprise organizations and carrier partners across the U.S.
+ Kinetic is a premier internet solutions provider on a mission to deliver ultra-fast, reliable internet to consumers and small businesses across the U.S., helping them Internet better™.
+ Windstream Enterprise is a leading managed services provider providing strategic communications and security products to mid-size businesses and enterprise clients.
+ Windstream Wholesale provides high-capacity, high-performance networking solutions and services to other telecom carriers, data centers, content providers and enterprises.
The Windstream team provides innovative software and network solutions to connect people and empower business in a world of infinite possibilities!
_________________________________________________________
Job Overview:
Windstream is seeking a seasoned Information Security Governance, Risk, and Compliance Manager to join our dynamic Information Security Team. In this pivotal role, you will be instrumental in shaping and enforcing our security policies, managing vendor-related risks, enhancing cybersecurity awareness, and ensuring our compliance with key security standards.
Key Responsibilities:
1. Policy Development and Implementation:
1.
1. Assist in developing and implementing policies, procedures, and controls to ensure compliance with laws, regulations, and industry standards.
2. Enforce security policies and procedures by administering and monitoring security, investigating security exceptions, and maintaining security controls documentation.
1. Risk Management:
1.
1. Identify and assess risks associated with third-party vendor relationships.
2. Maintain, track, and report on third-party risks to appropriate stakeholders.
3. Review third-party contracts to ensure proper cybersecurity measures are in place.
4. Measure and evaluate cybersecurity risks through the creation and continuous maintenance of the Cybersecurity Risk Register.
5. Perform initial and periodic information security risk assessments, mitigation, and remediation.
1. Cybersecurity Awareness:
1.
1. Develop and maintain a security awareness program to ensure employees act securely, reducing organizational risk.
2. Maintain records of data assets and technical data classification standards.
3. Maintain a data security incident management plan to ensure timely incident remediation.
1. Audit Coordination:
1.
1. Coordinate IT activities with internal auditors and external assessors, including the selection of external assessors.
2. Prepare reports, business cases, and presentations on security risk, controls, and the status of compliance efforts.
1. Project Leadership:
1.
1. Drive high-profile and high-impact projects solving complex challenges.
2. Lead and sponsor projects relating to cybersecurity, ensuring timely and within-budget delivery.
3. Demonstrate the ability to lead teams in successfully implementing new technologies and services.
1. Vendor and Technology Management:
1.
1. Maintain and foster key relationships with software vendors and providers.
2. Hold vendors accountable for responses, troubleshooting, and solution fixes.
3. Stay abreast of technological advances and continuously research better ways to accomplish tasks and integrate new cybersecurity technologies.
4. Provide advice on innovative security tools that may offer cost savings, reduce complexity, better meet compliance, or benefit the company.
1. Performance Metrics:
1.
1. Define and report against critical metrics and key performance indicators (KPIs).
2. Identify gaps and enhance processes and technology to better align with industry standards and best practices.
Qualifications:
+ Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related field.
+ One or more of the following certifications are a plus: CISSP, CISM, CISA, GIAC, PMP.
+ Familiarity with security industry standards including NIST CSF, NIST Privacy, NIST 800-53, and PCI DSS, with experience working with at least one of these frameworks.
+ Experience in business risk analysis and mitigation.
+ Proven experience in the design, delivery, and management of enterprise-level security programs and technologies.
+ Experience with GRC platforms/tools and third-party risk assessment tools.
+ Strong knowledge of data privacy regulations and guidelines is a plus.
+ Excellent analytical and problem-solving abilities.
+ Effective communication and interpersonal skills, with the ability to collaborate across departments.
+ Proven presentation and facilitation skills
Actual base pay for this job will depend on the candidate's primary work location and other factors, such as relevant skills and experience The starting compensation range for this job is $108,100 to $147,500
Physical Tasks- Standing Occasionally: 0-33% | Walking Occasionally: 0-33% |Sitting Continuously: 67-100% | Bending: Occasionally: 0-33% | Crouching: Occasionally: 0-33% | Pushing-Pulling: Occasionally: 0-33% | Carrying: Occasional: 0-33% | Reaching Above Head: Occasionally: 0-33% | Lifting-Lowering >1-15 lbs: Occasionally: 0-33% | Repetitive Hand Action: Medium Dexterity: Continuously: 67-100% | Fine Manipulating: frequently: 34% - 66%Audio Visual Needs - Hearing: Continuously: 67-100%| Near Vision: Continuously: 67-100% | Far Vision: Occasionally: 0-33% | Peripheral Vision: Occasionally: 0-33%Equipment Used in Job Performance: Computer, Printer, Telephone, Basic Office Supplies, Copier
_________________________________________________________
Our Benefits:
+ Medical, Dental, Vision Insurance Plans
+ 401K Plan
+ Health & Flexible Savings Account
+ Life and AD&D, Spousal Life, Child Life Insurance Plans
+ Educational Assistance Plan
+ Identity Theft, Legal, Auto & Home and Pet Insurance
+ https://windstreambenefits.com
Windstream CIB Statement:
Connecting people in a world of infinite possibilities. Windstream cultivates a workplace culture where innovation and belonging are the cornerstones of our success. We are dedicated to empowering every member of our team to contribute their unique talents and perspectives, fostering an environment where creativity and innovation flourish. Together, we strive to build a more welcoming and connected future, both within our organization and in the broader community we serve.
Our Employee Resource Groups:
+ WinVets – Veteran Employee Resource Group
+ WOW – Women Employee Resource Group
+ WINPRIDE – LGBTQ+ Employee Resource Group
+ WBPN – Black Professional Resource Group
+ WARG – Ability Resource Group
+ LaFamilia –Hispanic Resource Group
+ AAPI - Asian American Pacific Islander Resource Group
Windstream is an equal opportunity employer. At Windstream, we celebrate the authenticity and uniqueness of our people and their ideas. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, genetic information, protected veteran status, current military status, disability, sexual orientation, gender identity, marital status, creed, citizenship status, or any other status protected by law, and to give full consideration to qualified disabled individuals and protected veterans. The diverse voices of our employees fuel our innovation and our inclusive culture. Employment at Windstream is subject to post offer, pre-employment drug testing.
Actual base pay for this job will depend on the candidate's primary work location and other factors, such as relevant skills and experience.
Notice to Non-U.S. Citizens: Windstream, as a holder of licenses granted by the Federal Communications Commission, is required to notify and to obtain approval from federal regulatory agencies prior to granting certain system/network access to any non-U.S. citizen personnel. Offers of employment extended to non-U.S. citizens are contingent upon receiving the requisite approval from agencies overseeing compliance. Non-U.S. citizens are required to provide Windstream with the personal identifying information required to obtain the necessary approval prior to accessing certain systems and/or Windstream’s network. _If you are not a U.S. citizen, please notify your recruiter or email CORP.HRlegal@windstream.com as soon as possible for information on Windstream’s foreign personnel disclosure and approval requirements._
Job Details
Job Family IT
Job Function Data Security
Pay Type Salary
+ Kinetic is a premier internet solutions provider on a mission to deliver ultra-fast, reliable internet to consumers and small businesses across the U.S., helping them Internet better™.
+ Windstream Enterprise is a leading managed services provider providing strategic communications and security products to mid-size businesses and enterprise clients.
+ Windstream Wholesale provides high-capacity, high-performance networking solutions and services to other telecom carriers, data centers, content providers and enterprises.
The Windstream team provides innovative software and network solutions to connect people and empower business in a world of infinite possibilities!
_________________________________________________________
Job Overview:
Windstream is seeking a seasoned Information Security Governance, Risk, and Compliance Manager to join our dynamic Information Security Team. In this pivotal role, you will be instrumental in shaping and enforcing our security policies, managing vendor-related risks, enhancing cybersecurity awareness, and ensuring our compliance with key security standards.
Key Responsibilities:
1. Policy Development and Implementation:
1.
1. Assist in developing and implementing policies, procedures, and controls to ensure compliance with laws, regulations, and industry standards.
2. Enforce security policies and procedures by administering and monitoring security, investigating security exceptions, and maintaining security controls documentation.
1. Risk Management:
1.
1. Identify and assess risks associated with third-party vendor relationships.
2. Maintain, track, and report on third-party risks to appropriate stakeholders.
3. Review third-party contracts to ensure proper cybersecurity measures are in place.
4. Measure and evaluate cybersecurity risks through the creation and continuous maintenance of the Cybersecurity Risk Register.
5. Perform initial and periodic information security risk assessments, mitigation, and remediation.
1. Cybersecurity Awareness:
1.
1. Develop and maintain a security awareness program to ensure employees act securely, reducing organizational risk.
2. Maintain records of data assets and technical data classification standards.
3. Maintain a data security incident management plan to ensure timely incident remediation.
1. Audit Coordination:
1.
1. Coordinate IT activities with internal auditors and external assessors, including the selection of external assessors.
2. Prepare reports, business cases, and presentations on security risk, controls, and the status of compliance efforts.
1. Project Leadership:
1.
1. Drive high-profile and high-impact projects solving complex challenges.
2. Lead and sponsor projects relating to cybersecurity, ensuring timely and within-budget delivery.
3. Demonstrate the ability to lead teams in successfully implementing new technologies and services.
1. Vendor and Technology Management:
1.
1. Maintain and foster key relationships with software vendors and providers.
2. Hold vendors accountable for responses, troubleshooting, and solution fixes.
3. Stay abreast of technological advances and continuously research better ways to accomplish tasks and integrate new cybersecurity technologies.
4. Provide advice on innovative security tools that may offer cost savings, reduce complexity, better meet compliance, or benefit the company.
1. Performance Metrics:
1.
1. Define and report against critical metrics and key performance indicators (KPIs).
2. Identify gaps and enhance processes and technology to better align with industry standards and best practices.
Qualifications:
+ Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related field.
+ One or more of the following certifications are a plus: CISSP, CISM, CISA, GIAC, PMP.
+ Familiarity with security industry standards including NIST CSF, NIST Privacy, NIST 800-53, and PCI DSS, with experience working with at least one of these frameworks.
+ Experience in business risk analysis and mitigation.
+ Proven experience in the design, delivery, and management of enterprise-level security programs and technologies.
+ Experience with GRC platforms/tools and third-party risk assessment tools.
+ Strong knowledge of data privacy regulations and guidelines is a plus.
+ Excellent analytical and problem-solving abilities.
+ Effective communication and interpersonal skills, with the ability to collaborate across departments.
+ Proven presentation and facilitation skills
Actual base pay for this job will depend on the candidate's primary work location and other factors, such as relevant skills and experience The starting compensation range for this job is $108,100 to $147,500
Physical Tasks- Standing Occasionally: 0-33% | Walking Occasionally: 0-33% |Sitting Continuously: 67-100% | Bending: Occasionally: 0-33% | Crouching: Occasionally: 0-33% | Pushing-Pulling: Occasionally: 0-33% | Carrying: Occasional: 0-33% | Reaching Above Head: Occasionally: 0-33% | Lifting-Lowering >1-15 lbs: Occasionally: 0-33% | Repetitive Hand Action: Medium Dexterity: Continuously: 67-100% | Fine Manipulating: frequently: 34% - 66%Audio Visual Needs - Hearing: Continuously: 67-100%| Near Vision: Continuously: 67-100% | Far Vision: Occasionally: 0-33% | Peripheral Vision: Occasionally: 0-33%Equipment Used in Job Performance: Computer, Printer, Telephone, Basic Office Supplies, Copier
_________________________________________________________
Our Benefits:
+ Medical, Dental, Vision Insurance Plans
+ 401K Plan
+ Health & Flexible Savings Account
+ Life and AD&D, Spousal Life, Child Life Insurance Plans
+ Educational Assistance Plan
+ Identity Theft, Legal, Auto & Home and Pet Insurance
+ https://windstreambenefits.com
Windstream CIB Statement:
Connecting people in a world of infinite possibilities. Windstream cultivates a workplace culture where innovation and belonging are the cornerstones of our success. We are dedicated to empowering every member of our team to contribute their unique talents and perspectives, fostering an environment where creativity and innovation flourish. Together, we strive to build a more welcoming and connected future, both within our organization and in the broader community we serve.
Our Employee Resource Groups:
+ WinVets – Veteran Employee Resource Group
+ WOW – Women Employee Resource Group
+ WINPRIDE – LGBTQ+ Employee Resource Group
+ WBPN – Black Professional Resource Group
+ WARG – Ability Resource Group
+ LaFamilia –Hispanic Resource Group
+ AAPI - Asian American Pacific Islander Resource Group
Windstream is an equal opportunity employer. At Windstream, we celebrate the authenticity and uniqueness of our people and their ideas. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, genetic information, protected veteran status, current military status, disability, sexual orientation, gender identity, marital status, creed, citizenship status, or any other status protected by law, and to give full consideration to qualified disabled individuals and protected veterans. The diverse voices of our employees fuel our innovation and our inclusive culture. Employment at Windstream is subject to post offer, pre-employment drug testing.
Actual base pay for this job will depend on the candidate's primary work location and other factors, such as relevant skills and experience.
Notice to Non-U.S. Citizens: Windstream, as a holder of licenses granted by the Federal Communications Commission, is required to notify and to obtain approval from federal regulatory agencies prior to granting certain system/network access to any non-U.S. citizen personnel. Offers of employment extended to non-U.S. citizens are contingent upon receiving the requisite approval from agencies overseeing compliance. Non-U.S. citizens are required to provide Windstream with the personal identifying information required to obtain the necessary approval prior to accessing certain systems and/or Windstream’s network. _If you are not a U.S. citizen, please notify your recruiter or email CORP.HRlegal@windstream.com as soon as possible for information on Windstream’s foreign personnel disclosure and approval requirements._
Job Details
Job Family IT
Job Function Data Security
Pay Type Salary
Source : WindStream Communications