QTS Manager, Information Security Risk Management in Suwanee, Georgia
The IT world is evolving. New technologies. New trends. New opportunities. There’s true excitement surrounding the future. That’s where QTS comes in. We’re fearlessly leading the way by redefining what it means to be a data center. We innovate next-generation cloud and hybrid solutions. We deliver a fully-integrated I.T. platform from top to bottom – one enabled by technology and world-class infrastructure. Simply put, we’re defining the curve.
As one of the nation’s largest and fastest growing data center companies, we help manage and protect critical data during a time of unprecedented change. The power of QTS' innovation happens when smart, creative people with a unified vision collaborate to break new ground, solve new problems, and create new solutions to improve lives.
We are powered by our people.
At QTS, we know where IT is going. And we’d like to invite you to join us.
The Manager, Information Security Risk Management (ISRM), reporting to the QTS Chief Information Security Officer (CISO), will lead a team of Security Analysts in the design, support, and execution of the QTS information security risk management program. The ISRM Manager will work directly with QTS business units to identify and manage information security risk for both QTS and its customers. The ISRM Manager will supervise the daily execution of information security and compliance controls including monitoring, vulnerability scanning, analysis, reporting, abuse management, and incident response. The role will serve QTS and its customers in a consultative capacity as an information security and risk subject matter expert providing advice and guidance on information security risks and appropriate risk mitigation options. Candidates must have proven experience in leading information security teams. Strong technical leadership, coaching, time management, and organizational skills are required for success in this position.
Lead the QTS Vulnerability Management program, including the vulnerability scanning system architecture, implementation, reporting, and remediation prioritization & recommendations.
Manage vendors and service providers of solutions/tools used by the QTS information security risk management team.
Lead the organization, execution, verification, reporting, and evidence archival of User Access Certification campaigns.
Manage the QTS vulnerability notification program to collect, assess and publish a weekly internal notification to all QTS technical lines of business for vendor vulnerability disclosures and notifications.
Manage the team’s daily review and analysis of audit reports & security events for information security incidents and indicators of compromise.
Lead the continuous monitoring and vulnerability scanning programs for the QTS Government Cloud FedRAMP compliant environments.
Establish and implement metrics and key performance indicators measuring the performance of the QTS information security & risk management program.
Present ongoing status and performance of the QTS information security & risk management program to the QTS CISO and executive staff.
Manage the design and implementation of QTS processes & workflows to ensure internal security controls are appropriate and functioning as intended to meet security and compliance requirements.
Manage the QTS information security incident response program.
Manage ongoing corporate information security risk assessments and business impact analyses.
Coordinate the security risk assessment portion of the QTS third party IT risk program.
Manage the development, publication and maintenance of QTS Information Security policies, procedures, standards and specifications.
Support corporate and client facing audit engagements to ensure QTS adherence to applicable standards and compliance initiatives (e.g. FISMA, FedRAMP, PCI DSS, SOC 1 & SOC 2, HITRUST, and others)
Work with other QTS groups in the design, review, implementation, and support of information security solutions to manage QTS information security risk.
Work with the Learning and Development team to develop and maintain the QTS security awareness training program and provide guidance on role based information security training requirements.
Bachelor’s degree in Information Security, Computer Science, Engineering or related field.
10 or more years experience in Information Security and Risk Management.
5 or more years experience managing information security compliance programs such as PCI DSS, FedRAMP, or SOC 2.
Experience in a technical leadership role with direct supervisory responsibilities.
Experience with enterprise IT risk assessment and risk management practices.
Experience with the implementation and management of common information security & risk management frameworks such as NIST 800-53, PCI-DSS, HITRUST, NIST CSF, ISO27K, ISO31K.
Experience in the implementation and management of risk based information security program for a growing mid-sized Enterprise.
Ability to travel up to 25%.
Master’s degree in Information Security, Computer Science, Engineering or related field.
Security career certification (e.g. CISSP, CISA, CISM, CRISC).
Experience in the Managed Services, the Managed Security Services, or Data Center/Cloud Services Provider industry.
Experience with GRC solutions.
Basic scripting/programming capabilities.
KNOWLEDGE, SKILLS AND ABILITIES
A strong and growing passion for managing the ever-increasing information security risks in a highly technical data center and cloud services organization.
Strong leadership, influencing, and mentoring skills necessary to build and maintain business relationships with employees across all levels of the organization, vendors, and clients.
External Company Name: Quality Technology Services, LLC.
External Company URL: www.qtsdatacenters.com