Description
Job Description:
The Division Director for Information Security is looking for candidates with 5-10 years of administrative and compliance focused experience. Deep technical or management level experience will not be required.
The Security Administrator assists the Information Security Team by supporting the company's Security staff in their compliance and administration efforts. This position will be responsible for developing and maturing projects around policy revisions, security awareness, disaster recovery/business continuity and access review.
Minimum Experience:
- Bachelor's Degree in Information Systems, Technology or related field
- Minimum of five (5) years of progressively responsible, professional level compliance and administration experience in a large scale Information Technology environment
- Two years (2) of information security and compliance experience working on HIPAA, SOX, PCI DSS, or other compliance driven projects that contain information security requirements
- Two years (2) of experience working with NIST standards to manage risk and enhance security and compliance
- Experience managing a security awareness program
- Managing contracts and vendor relationships
- Managing multi-projects which require the ability to handle multiple tasks under tight deadlines
Roles and Responsibilities:
- Assist with security compliance program activities as specified by the Security Director to develop, maintain and enforce the company's policies, standards and procedures to ensure compliance with internal standards and regulatory requirements.
- Research best practices and create an Information Security awareness and training program
- Work with other departments and system owners to implement an Access Review program
- Research and identify software solutions to track risk and security governance initiatives
- Coordinate with management to develop and evaluate disaster recovery and business continuity planning exercises to validate the viability and effectiveness of business continuity plans and other recovery testing activities.
- Document disaster recovery testing scenarios and results; develop and maintain disaster recovery policy and procedures.
- Coordinate with internal and external auditors and ensure that compliance assessments (ie HIPPA, PCI DSS) are completed on a regular basis.
- Track security deficiencies identified through vulnerability scans and penetration tests, documentation of findings, monitoring follow through of the remediation, and validate closure to increase the maturity of the program and reduce overall risk.
- Provide project management, facilitation and analytical support for security-focused projects and initiatives