Information Security Manager

Company: NVR, Inc.
Location: Reston
Posted on: June 12, 2021

Job Description:

NVR has been helping families build their happily ever after since 1948. As a Top 5 US homebuilder, we're committed to quality and to our customers and we take pride in the nearly 500,000 new homes we have sold and built across the country. Working in the homebuilding industry is tangible and rewarding, but not every job at NVR requires a hard hat. We don't just sell and build new homes; we also manage teams, acquire land, manufacture materials, provide mortgages to our customers, and provide corporate support to NVR's multi-billion dollar business operations.

At NVR, the Information Security Manager (ISM) is a critical member of the Chief Information Security Officer's (CISO's) team. In this role, you will act as an interface between the CISO's strategic and process-based activities and the work of the technology-focused analysts, engineers, and administrators in the IT organization. You'll serve the critical role of translating the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as developing metrics for ongoing performance measurement and reporting. You will coordinate the IT organization's technical activities to implement and manage security infrastructure, and to provide regular status and service-level reports to management.

This leadership role requires an individual with a strong technical background, as well as an ability to work with the IT organization and business management to align priorities and plans with key business objectives. You will act as an empowered representative of the CISO during IT architectural review and other governance processes to ensure that security measures are incorporated and that service expectations are clearly defined. The ISM is also responsible for working with business and IT stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility, and performance.

Primary Responsibilities

Security Operations

• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about risk mitigation.
• Manage security related production issues and incidents, and participate in the IT change management board.
• Manage a staff of information security professionals. Hire and train new staff, conducting performance coaching and developing personal development programs for team members.
• Coordinate responses to third parties' security evaluations and audits.

Security Architecture and Design

• Work with the enterprise architecture team to ensure that security requirements are properly incorporated into new IT solutions and design changes to existing systems.
• Provide expert guidance on security matters for other IT projects, as needed.
• Research, and recommend new or updated information security solutions, analyzing impacts to the existing environment.

Security Engineering and Compliance

• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Provide technical and managerial expertise for the administration of security tools.
• Maintain up-to-date documentation on the compliance with security frameworks and including identified gaps and residual risks.
• Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
• Manage implementation of any information security-led projects.

Required Qualifications

• 7+ years of IT experience, serving at least 5 years in an information security role and 2+ years in a supervisory capacity.
• A bachelor's degree in information systems or equivalent work experience.
• Security-related industry certifications (e.g., CISA, CISSP, GSEC).
• Strong leadership skills and demonstrated ability to work effectively with business leaders, IT management teams, and IT staff.
• Excellent verbal, written and interpersonal communication skills
• Experience developing and maintaining policies, procedures, standards and guidelines.
• Experience with common information security management frameworks, such as CIS Top 20 controls and Cybersecurity Framework.
• Proficiency performing risk, business impact, control and vulnerability assessments, defining treatment strategies, and managing projects.
• Knowledge of and experience in developing, documenting and reviewing security architecture and plans, including strategic, technical and project plans.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• A strong understanding of Cloud security, operating system internals, and network protocols.

Preferred Qualifications

*

• M.S. in Information Security.
• Familiarity with security assessments, incident response activities and working in environments subject to regulations (e.g., SOX, Data Privacy) and audit oversight.
• Experience in application technology security controls and testing (white box, black box and code review).
• Experience in system technology security testing (vulnerability scanning and penetration testing).

Life at NVR

At NVR, your desire to excel is matched by our commitment to your success and we'll give you the tools and industry knowledge you need. Our management team is tenured and talented, nearly 80% of them promoted from within, so you'll find mentors who can share their knowledge, provide career guidance and encourage your success.

NVR also offers benefits among the best in the industry that reflect the strong commitment we have to all of our employees.

• Competitive Compensation
• Home Purchase Discount
• Mortgage and Settlement Services Discounts
• Comprehensive Health, Life and Disability Insurance
• 401(k) (Full-time employees are eligible to contribute immediately)
• Employee Stock Ownership Program
• Vacation and Holidays

In addition to the traditional benefits, we offer all our employees stock ownership through a profit sharing trust as part of our retirement savings package. NVR has had the highest Earnings Per Share growth rate in the homebuilding industry for the past 10 years, so as we grow financially, so do you.

We are an Equal Opportunity Employer.

Drug Testing and Credit Check are required.

Applicants must be legally entitled to work in the United States, as NVR does not provide visa sponsorships.

Keywords: NVR, Inc., Reston , Information Security Manager, Other , Reston, Virginia