Information Systems Security Manager

Job Title: Information Systems Security Manager

Job Location: Remote

Department: Information Technology

Supervisor: Glen Armes

About Old Republic:

Old Republic International Corporation traces its beginnings back to 1923. Old Republic is one of America’s 50 largest shareholder-owned insurance businesses and currently ranks among the Fortune 500 list of the Nation’s biggest companies. Old Republic is primarily a commercial lines underwriter serving the insurance needs of a large number of organizations, including many of America’s leading industrial and financial services institutions.

Located on Michigan Avenue, in the heart of downtown Chicago (“The Loop”), the Old Republic Building (Headquarters) is close to several public transportation lines and parking locations. We are located at 307 N Michigan Avenue, Chicago, IL. This is a remote position.

Job Summary:

The Information Systems Security Manager is responsible for overseeing the security of the company's shared services information systems, ensuring that all data is protected against cyber threats. This role combines hands-on technical activities with leadership responsibilities, managing a team of security professionals to safeguard our IT infrastructure.

Your responsibilities:

• Understand the organization's mission, objectives, and activities to align security measures with business needs.
• Ensure that organizational activities, like managing IT and security operations, align with policies and strategic objectives.
• Identify, evaluates, and mitigates risks that could impact the organization. This includes analyzing potential risk scenarios, assessing their impact, and developing strategies to manage or mitigate risks.
• Maintain an inventory of information systems and their security measures.
• Prepare reports and maintain detailed records on governance, risk management, and compliance activities.
• Work closely with different departments and subsidiaries ensuring a coherent approach across the organization.
• Implement and manage access control policies, procedures, and technologies.
• Ensure data protection through encryption, masking, and other techniques.
• Oversee and govern the performance of regular system maintenance and updates to ensure security controls are effective.
• Deploy and manage security technologies and tools to protect the organization’s infrastructure.
• Monitor for security events and anomalies, analyzing logs and alerts to detect potential threats.
• Implement and maintain continuous monitoring systems to detect, analyze, and respond to security incidents.
• Develop and refine detection processes, ensuring they are effective and up to date.
• Coordinated develop and maintenance of incident response plans with ORI Corporate Security and customers.
• Coordinate communications during and after security incidents with stakeholders.
• Perform analysis of security incidents to determine root causes and impacts.
• Implement strategies to mitigate the effects of security incidents and prevent future occurrences.
• Use lessons learned from incidents and events to improve response strategies and security measures.
• Develop and implement recovery plans to restore normal operations after a security incident.
• Continuously improve recovery strategies based on lessons learned from past incidents and best practice.
• Manage communications with stakeholders during the recovery process.
• Constantly monitor threats to the organization, network, and system activities to identify potential threats as well as aid SOCs to detect, analyze, and respond to security threats and incidents.
• Manage and optimize enterprise security platforms such as security information and event management (SIEM), endpoint detection and response (EDR), dark web monitoring, identity single sign-on (SSO), zero trust technologies, multi-factor authentication (MFA), enterprise password vault, firewall rules, etc.
• Prepare detailed reports on security incidents, threats, and overall security posture. Documents processes, incidents, and lessons learned.
• Ensure systems and processes comply with relevant security policies, standards, and regulatory requirements. Assists in internal and external GRC audit activities.
• Work closely with IT and other departments to implement security measures, share intelligence, and develop a cohesive security strategy.
• Stay updated with the latest security trends and technologies, and continuously seeks to improve the organization's security posture.
• Manage direct report employees that are a part of the security team.
• Travel up to 15%.

Your experience:

• Minimum 5+ years’ experience in IT Security.
• Strong knowledge of ISO 27001/27001 framework, industry standards, and best practices.
• Experience assessing and mitigating complex risks.
• Strong problem solving and analytical skills and ability to identify root cause.
• Excellent research and communication skills.
• Strong experience with security tools such as SIEM, EDR, SSO and MFA.
• Strong vulnerability management ability.
• Familiarity with network protocols, architectures, and devices.
• Familiarity with cyber threats, attack vectors, and mitigation strategies.
• Experience leading or participating cyber incident response activities.
• Familiarity with identity governance and administration.
• Ability to work effectively independently or collaboratively in a team environment.

Old Republic International (ORI) is an Equal Opportunity Employer. ORI provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.