Information Security Officer - 3 months contract

Description

The Information Security Officer ensures the security of electronic company information. Designs and implements security policies to control access to systems. Assesses the impact on the business caused by theft, destruction, alteration, or denial of access to information. Develop and promote risk managed, consistent controls and processes for IT Risk Management, Security, Privacy, and Compliance as priorities and initiatives dictate.

Key Responsibilities:

• Provide gap analysis between security policies/standards/regulations and practices, processes, and solutions; recommend actions to the BU.
• Assist BU in establishing, documenting, and managing processes and supporting tools used to accomplish IT compliance with regulatory and best practice security and compliance frameworks (eg ISO 27001, SOX, etc.).
• Work with business and IT owners to establish priorities for process improvements to remediate or mitigate risk.
• Execute problem determination and resolution for security gaps.
• Assist Business Unit and Corporate functions in the event of incidents or breaches.
• Train and assist security administration functions when necessary.
• Interact with other IT Staff/Business Leads in meetings to enhance the understanding security issues and discuss solutions.
• Help with IT asset security control coverage and metrics reporting regarding security and compliance data using RSA Archer Governance Risk & Compliance (GRC) and other tools as appropriate.
• Assist with threat & vulnerability management process and tools.
• Prepare automated and ad hoc reports and/or interpret data from various security sources (eg McAfee ePO, RSA enVision Security & Information Event Management (SIEM), Tenable Nessus vulnerability and configuration scanner, WebInspect, data loss prevention (DLP), etc.).
• Assist with application meta-data inventory, mapping, and development of data flow process documentation.
• Facilitate and execute response to Request for Proposals (RFP), Customer Questionnaires, Audits, and Remediation Plans.
• Assist in monitoring critical vendors.
• Support training and awareness efforts in the BUs.
• Monitor and provide support for business unit implementation of security technology initiatives and remediation measures.
• Assess and consult on data protection methods (eg access controls, encryption, vulnerability management, etc.).
• Develop and maintain disaster recovery documentation and ensure associated processes meet business requirements.