- Works closely with IT infrastructure to ensure security product solutions are deployed, and assesses and rolls up the metrics from the various analysis tools. Manages overall compliance functions and ensures internal audits are done on a timely basis to validate the various security controls in place.
- Completely independent. Serves as technical lead for design and delivery for medium-to-large cross-regional and/or cross-continent projects and may assist with assigning day-to-day responsibilities. Expected to own and implement continuous improvement initiatives within department. Manages vendors as needed.
- Possess an understanding of information security management principles and practices and serve as the subject matter expert for IT security, information security, and cybersecurity matters.
- Interactions with a variety of audiences, including C-Suite Executives, are ongoing, therefore, demonstrating a proactive mindset to IT Security is essential in this role.
- Plans security systems by evaluating network and security technologies; developing requirements for LANS, WANS, VPNs, routers, firewalls, and related security and network devices
- Identifies and recommends opportunities to improve information security on mobile devices through software (MDM/EMM) and education.
- Researches and evaluates security technologies and related products.
- Oversees various audits (internal and external) for SOC 1 Type II and ISO 27001:2013, and capable of planning and executing (with team support from auditors) internal audits for key vulnerability areas.
- Interfaces with user community to understand security needs and implements procedures to accommodate them. Ensures that user community understands and adheres to necessary procedures to maintain security.
- Explores and recommends opportunities for Privacy and Security education and collaboration, particularly in key areas such as phishing.
- Maintains and improves information security and assurance through innovation and research, keeping track of the threat matrix and its application to the corporate profile.
- Assists with formalizing an Information Security Management System (ISMS) tracking all security incidents with remediation status maintained.
- Implements periodic security assessments/audits partnering with internal or external organizations to cover: information security, infrastructure penetration tests, ethical hacking, process security assessment
- Assists with security and operational audits with clients; regulatory agencies; and industry leading security vendors
- Conducts data classification assessment, security audits, and manage remediation plans.
- Collaborates with IT management, Network Security, the legal department, and Internal Audit to manage security vulnerabilities.
- Participates in the evaluation of vendor proposals, conduct process analysis, reviews information security architectures and recommend modifications to the information security operation to reduce costs or improve service
- Conducts security risk assessments for technology changes as part of change management process and for technology projects as part of PMO methodology.
- Assists with enterprise-wide risk assessment processes on a yearly basis as part of company risk management standard, under the guidance of the Information Security Officer.
- Proactively identifies gaps and/or conflicts in existing security processes and work to develop solutions.
- Maintains an awareness of existing and proposed security standard setting groups, State and Federal legislation and regulations pertaining to information security and identify regulatory changes that will affect information security policy, standards and procedures, and recommend appropriate changes
- Performs other responsibilities as assigned, including overnight and international travel.
- Minimum of 3-5 years of working experience in IT security, with experience in use and adherence to a standards based security framework like ISO 27001:2013.
- Minimum of 3-5 years of experience with:
- ISO 27001:2013; Cyber Security; Risk Assessment/Mitigation; VPN/LAN/WAN/Intranet including endpoint security concepts; SOC audit support
- Active Directory, firewalls, routers preferred -- and capability to recommend automation options toward having a comprehensive security dashboard for senior management readouts.
- SIEM, managing firewall and other log files to extract key data and metrics, knowledge of AD and SSO.
- A Security Incident Event Monitoring (SIEM) tool for creating metrics and dashboards for senior management
- Design of public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.
- Familiarity with/knowledge of:
- Endpoint security techniques and products.
- Security exposures (and mitigation options) at various layers of the OSI stack.
- B.S. in Computer Science, EE, Information Technology, or an equivalent combination of education, certification and experience in related computer/security field of work
- Active CISSP (Certified Information Systems Security Professional) preferred.