Share this Job

Information Security Manager

Date: May 4, 2022

Location: Portland, OR, United States

Company: Oregon Tool

As part of our ongoing commitment to providing a safe and healthy work environment for all our Team Members, Oregon Tool is requiring that all new hires have started their vaccination process or are already fully vaccinated against COVID-19 prior to their first day of work. 

At Oregon Tool, it is our goal to create, cultivate and sustain a global, inclusive culture, where differences drive innovative solutions to meet the needs of our employees and customers. Oregon Tool invites and encourages applications from all skilled individuals, including from groups that are traditionally underrepresented, not just because it’s the right thing to do, but because it makes our company #SharperTogether. 

The Information Security Manager (ISM) is responsible for establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected. This position includes assessing and managing the information security environment, implementing new technologies, and serving as a communication liaison with the senior leadership team and department managers in the organization.  The ISM will proactively work with business units to implement practices that meet defined policies and standards for information security. This position will also oversee a variety of IT-related risk management activities.



Location:        Portland


Reports to:     Director IT Infrastructure, Operations & Security



Primary Duties and Responsibilities, other duties maybe assigned as business needs determine:


  • Primary Task (40%) – Strategic Support and Management
    • Create and manage security strategies, technology and capability roadmap, policies, and processes
    • Continuous assessment of current technology architecture for vulnerabilities, weaknesses and for possible upgrades or improvements
    • Oversee information security audits performed internally by the organization or third-party personnel
    • Manage security Team Members and all other information security personnel
    • Serve as a focal point of contact for the information security team and the customer or organization
    • Communicate information security goals and new programs effectively to gain alignment with Senior Leadership team
  • Second Task (30%) – Operational Support
    • Manage Team Member cybersecurity awareness training program
    • Coordinate measure and report on the technical aspects of security management
    • Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements
    • Manage and coordinate operational components of incident management, including detection, response and reporting
    • Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk
    • Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements
    • Design, coordinate and oversee security-testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified vulnerabilities.
  • Third Task (30%) – Security Liaison/Architecture Support
    • Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required
    • Liaise with external agencies as necessary, to ensure that the organization maintains a strong security posture
    • Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software
    • Assess security impact of technology upgrades, improvements, and other major changes to the information security environment
    • Recommend and coordinate the implementation of technical controls to support and enforce defined security policies
    • Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools
    • Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements


  • Communication and Documentation
    • Maintain open communication through conversation and both formal and informal documents


Education: High school diploma required

  • A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred
  • One or more Information Security Certifications (i.e. CISSP, CISA, CISM, CBCP, or GIAC)


Knowledge & Experience:

  • A minimum of seven years of IT experience, with five years in an information security role and at least two years in a supervisory capacity
  • Knowledge and understanding of relevant legal and regulatory requirements, such as National Information Assurance Policy, Cloud Security Policy, etc.
  • A strong understanding of the business impact of security tools, technologies and policies


  • Managerial leadership, analytical skills, and high-level problem-solving skills that allow for effective and efficient resolution to many complex information security issues
  • Able to complete responsibilities in a timely, professional, and quality manner
  • Project management skills: financial/budget management, scheduling and resource management
  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals. Effective written and oral communication skills; able to express oneself clearly and in technical and non-technical terms
  • Creative thinker
  • Collaborative and effective team player and able to work with teams who are globally dispersed
  • Set a good example of personal integrity
  • Demonstrate ability and willingness to learn; seek out development activities to improve skills and increase knowledge; learn from other team members and own mistakes
  • Take initiative, seek and act on opportunities to improve organization performance
  • Ability to translate specific goals into action and follow through to achieve goals
  • Proficiency in Microsoft Office suite (Outlook, Word, Excel) and data management software (SAP preferred)



  • Available to work on site as required by job; eligible for domestic and international travel several times per year up to two weeks’ duration.


Featured Benefits:  

  • Medical, Dental, and Vision Benefits available on day one (no waiting period)  

  • One paid Community Involvement Day available per calendar year  

  • Tuition reimbursement  

  • Earn up to 120 hours vacation during your first year of service

  • Global company with small company feel  

  • Casual work attire  

  • Onsite Fitness center 

  • Public Transit access 

  • $100 Amazon Gift Card for COVID-19 vaccinated team members 

  • 401k matching (100% of first 3%, 50% of next 3% = 4.5% match on 6% contribution)  

  • Summer hours 

About Oregon Tool   

At Oregon Tool, we are a passionate group of people dedicated to a spirit of innovation and outside the box thinking to create the world’s most efficient cutting tools and products. We believe in inspiring, listening, learning, and rolling up our sleeves to “get to work” together. Our purpose goes beyond the products we make. We are devoted to positively impacting people, communities, and landscapes around the world. We are committed to building and maintaining a diverse and inclusive work environment and implementing sustainable practices to help reverse the impacts of the global climate crisis. We are built on a pioneering spirit and believe in leading with humility, global stewardship, and owning it day in and day out. We know what it takes to get the job done, and we know our people is the way it happens.  

Come grow with us and help us be #SharperTogether   

At Oregon Tool it is our responsibility to help maintain the health and safety of our team members and the communities we operate within. We’re taking a people first approach to the COVID-19 pandemic, and by following best practice guidelines we’re in the process of thoughtfully operating each of our locations.  

Oregon Tool will only employ those who are legally authorized to work. Any offer of employment is contingent on the successful completion of a background investigation and drug screen. It is the policy of Oregon Tool to provide equal employment to all qualified persons without discrimination based on sex, race, color, religion, age, marital status, national origin, citizenship, disability, veteran status or any other status protected under law.  

During the application process we will not ask for or collect any confidential, proprietary or sensitive personally identifiable information (e.g., date of birth; driver’s license number; or credit card, bank account or other financial information) (collectively, “Sensitive Information”). If you submit any Sensitive Information, you do so at your own risk, and we will not be liable to you or responsible for consequences of your submission. This notice should not be construed as an offer of employment or creating any terms of employment.