Rockler Companies, Inc.
  • Corporate Office
  • Medina, MN, USA
  • Based on Experience
  • Salary
  • Full Time

Competitive benefits offered!


Come work for an industry leader! Rockler Companies, Inc. is a growing national retail, direct mail and publishing organization with retail stores across the U.S. We're committed to attracting and employing the best people by offering competitive salaries and benefits, a diverse work environment, and challenging growth opportunities. Learn more about our company at www.rockler.com!

The Information Systems Security Manager is responsible for the development, implementation, and maintenance of Rockler's information security infrastructure. Participates in on-going IT and business operational activities that serve to establish appropriate protection, confidentiality, integrity and availability of Enterprise Systems and data through effective security controls. Validates compliance of policies, standards and plans that keep Rockler's applications safe and secure from cyberattacks and breaches.


Marjor Areas of Accountability:


    • Provides timely and effective operational support for Rockler's information security tools, processes, and practices. Partners with other support teams and vendors to resolve problems or implement new products or services. Uses standard technology security tools to monitor assigned environment and/or technical assets and identify/detect behavior outside of established standards. Escalates key security issues to the appropriate team to be addressed
    • Facilitates annual security assurance test activities against all controls.
    • Monitors compliance with information security policies and practices and any applicable laws. Assists with internal and external security assessments, risk analysis, and application or system-level vulnerability testing and reviews. Leads the assessment of compliance with security regulations such as HIPAA, PCI and GDPR.
    • Monitors and documents vendor compliance with system access requirements.
    • Researches and develops continuous improvements of security policies, procedures, and standards and processes based on compliance requirements and industry best practices. Documents Rockler's information security requirements, processes, and procedures. Enforces information security policies and procedures by reviewing security violation reports, investigating possible security exceptions, and documenting security controls.
    • Prepares status reports on information security matters that are used for a variety of purposes - tracking and monitoring security breaches, forensic investigative activities, remediation plan management and risk management and compliance reporting. Effectively manages and prioritize ad-hoc reporting request, scorecards, and standard department reporting. Coordinate with computer operations team and external auditors to provide documentation of compliance assessments, support, and remediation activities.
    • Reviews, analyzes, and responds to security events triggered through automated security monitoring system and Security Operation Center. Validates and tracks security breaches, along with threats to the firm's logical and physical information, while still allowing for appropriate access. Coordinates responses to information security incidents.
    • Works to reduce information security risks by effectively administering the information security processes across monthly vulnerability scanning, annual penetration testing, anomaly detection, intrusion detection, security policy and forensic functions.
    • Maintains and develops knowledge of regulatory security trends, new security technologies and best practices as it relates to NIST CSF security framework. Conducts security and industry specific research to keep self and the company abreast of the latest security issues and regulatory developments that may impact existing policies, procedures, and practices. Participates in information security education, training and awareness activities for technology and business teams.
    • Enhances information results by constantly re-evaluating and defining new cost-effective solutions in delivering and supporting information systems.
    • Manages Company End-user Security Awareness program. Develops security curriculum for employee orientation, annual training, and monthly security topics.
    • Develops and maintains security incident response plan. Performs annual test of plan in confirming its accuracy.
    • Hosts weekly meetings with IT Managers to review security project activities.
    • Provides Level 4 technical support during normal and non-business hours for computer operations and third-party service providers on security related issues.
    • Defines appropriate production turnover controls for computer operations team to monitor in verifying the system's security state.
    • Ensures all production transfers are communicated and approved by IT Managers and Director of IT.
    • Annually completes company PCI Self-Assessment Questionnaire with assistance from IT team.
    • Works with Director of IT to develop a strategic plan that is aligned with company goals.
    • Assists in the preparation of Information Technology's annual IT budget and develops expense controls that ensure the budget's adherence. Consults with department heads to determine their technology needs and budgets.
    • Attendance is an essential function of this position, and we rely on all our employees to be at work during their scheduled shift.

QUALIFICATIONS:

    • Undergraduate degree in Information Security, Computer Science, or related technical field; or equivalent work experience 5+ years in similar capacity.
    • Certified in one or more of CISSP, CISM, or NIST CSF.
    • Experience in multi-channel retailing and/or supply change management a plus.
    • Displays a high degree of motivation, dedication, and team orientation.
    • Capable of managing multiple projects with a supporting staff and regularly meets all deadlines. Demonstrates willingness to go beyond the normal call of duty.
    • Excellent verbal/written communication skills with strong customer focus.
    • Adept process management, project management, problem solving, negotiation, and conflict resolution skills.
    • Microsoft platform experience required (SQL Server, Windows Servers, Terminal Server, Active Directory, O365, SharePoint, Office, etc.)
    • Cloud computing experience in outsourcing applications and datacenter functions required.
    • Displays high level of attention to detail specifically as it relates to security, system availability, and technical support service level agreements.
    • Fully understands the value of providing the highest standard of customer service.
    • Innovative thinker with a unique ability to get to the root cause of the problem and execute a workable solution who is always looking for value-added results by leveraging technology.

The Benefits and Perks:

  • Competitive pay based on experience
  • We offer competitive Health, Dental and Vision benefits for those eligible.
  • Life insurance - Employer paid basic Life Insurance, with the option to add Voluntary Life Insurance if desired.
  • 401(k) Profit Sharing Plan along with company match!
  • Paid Vacation, Sick and Float days
  • Excellent Employee Discount
  • Employee Assistance Program
  • And much more!

Rockler Companies is an Equal Opportunity Employer Committed to Inclusion and Diversity!

Rockler Companies, Inc.
  • Apply Now

  • * Fields Are Required

    What is your full name?

    How can we contact you?

  • Sign Up For Job Alerts!

  • Follow Jobs:
  • Follow Our Jobs On Facebook
  • Share This Page
  • Facebook Twitter LinkedIn Email
.
logo Help Order Status My Account Hardware Workshop Finishing Wood Power Tools Hand Tools Sale Learn Store Locator Home Careers