Description
Summary of position:
Transforms and maintains organization's enterprise infrastructure, information assets and security practices by assessing, executing and supporting strategic plans using standard project management techniques and proactive planning and management and monitoring of networks, systems and applications. Establishes and administers the overall strategies and procedures for the information security function. Develops and implements information security in accordance with organizational information security standards. Evaluates information risk on a regular time schedule and promotes information security awareness within the organization. Ensures that adequate and effective security processes and controls are followed and aligned to deliver compliance with security policy and regulatory requirements. Serve as a key point of contact and technical expert supporting the security program, establishing appropriate assessments, managing and tracking risk mitigation and remediation activities, and communicating security program results to Senior Management.
Duties & Responsibilities:
- Monitor and evolve Information security processes and controls and perform and/or oversee periodic risk assessments to identify current and future internal and external security vulnerabilities
- Ensure adequate and effective security controls are in place to meet current and future security compliance and regulatory requirements
- Work effectively in partnership with the Enterprise Information Technology Team to ensure the timely review and deployment of secure infrastructural solutions.
- Identify information security weaknesses and/or gaps in the current operations and work with other teams to bring information security operations up to standards
- Participate in the design and planning functions of IT projects to ensure security is considered early and often by stakeholders
- Provide hands-on technical expertise as needed
- Establish and deliver meaningful and actionable security metrics and reports as prescribed by the CIO and company's Internal Audit Function
- Identify/recommend tools, processes, software, and hardware to improve or replace current security infrastructure practices, services, or technologies to meet future requirements
- Manage and lead remediation efforts related to information security (eg, from incidents, penetration tests, vulnerability scans, internal/external audits and assessments)
- Understand business activities performed by company and suggest appropriate information security solutions that adequately protect these activities
- Promote security awareness across the enterprise via effective security education, training, and awareness programs
- Define security requirements and audit systems to determine if they have been designed and established to comply with established standards
Qualifications:
- In-depth knowledge of current security trends, threats and best practices
- Extensive experience with Firewall administration, web application security, penetration testing, intrusion detection systems, data encryption and other industry-standard techniques and practices
- Experience with implementing, monitoring and maintaining security tools such as IDS/IPS, SEIM, malware protection, email security, data loss prevention, etc.
- Solid understanding of information security principles, attack vectors and techniques
- Bachelors degree in Information Technology, Computer Science or related discipline (or an equivalent of education and experience)
- Certificates relevant to Information Security are preferred (eg, Security +, CISSP, GSEC)
- Knowledge of applicable practices and laws relating to data privacy and protection
- Ability to build and maintain strong relationships across the enterprise
- Ability to maintain confidentiality
- Ability to communicate technical concepts to non-technical audiences
- Strong organization, planning and prioritization skills
- Strong written and verbal communications skills
- Ability to effectively prioritize and execute tasks in a high-pressure environment
- Proficiency using MS Project, Office, PowerPoint, Excel