Responsible for the maturing of IT security programs to meet security requirements related to function, protection, assurance, risk management, and compliance. This individual will be responsible for documenting, testing and maturing a comprehensive information security program to protect all aspects of business and application assets across the organization.
Essential Job Functions
• Assist the ISO in documenting and testing the tactical plans for information security.
• Facilitate architecture, design, implementation, deployment, and operational discussions to ensure HIPAA and PCI compliant technology solutions.
• Validate current security standards against industry best practices and provide recommendations for improvements.
• Use vulnerability management tools to identify and prioritize risks across the enterprise.
• Research, evaluate, design, test, recommend and plan the implementation of new or updated information security technologies.
• Document and validate business procedures against published policies.
• Define security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
• Play an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned. Complete remediation activities and initiate actions to ensure that compliance and security gaps are successfully addressed.
• Research and assess new threats and security alerts and recommend remedial actions.
• Develop plans for security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices
• Interface with the Project Management teams to ensure security services are met in all phases of the SDLC.
• Business continuity and disaster recovery validation against SLA definitions.
• Support compliance and financial audit requests.
• Bachelor's degree in computer science, computer engineering, electrical engineering, systems analysis or a related field of study, or equivalent experience.
• 7 to 10 years of experience in IT, with a minimum of two years in security architecture.
• Experience conducting disaster recovery, business continuity, incident response exercises.
• In-depth experience implementing security solutions.
• Knowledgeable in the design and implementation of security architectures that enable well-integrated transactional, collaborative and analytical systems.
• In depth knowledge of information security regulations such as, FISMA, HIPAA, HITECH, PSQIA, Gramm-Leach-Bliley, SOX.
• In depth knowledge NIST and ISO 27001 standards.
• Familiar with top web application threats and remedies. Tenable Nessus experience a plus.
• Knowledge of code scanning tools and other defensive protection approaches.
• Experience with threat detection tools and techniques.
• Exceptional interpersonal skills, including teamwork, facilitation and negotiation.
• Must be able to work independently with minimal supervision.
• Security, system and application log event analysis.
• Ability to rapidly comprehend the functions and capabilities of new technologies.
• MBA preferred
• Certifications: CISSP, CISA preferred
• CBCP or equivalent certification a plus
• Varonis Datadvantage experience greatly desired.
• Must be able to adhere to confidentiality standards and professional boundaries at all times
• Attention to detail
• Time Management
• Ability to remain calm and professional in stressful situations
• Strong commitment to excellence
• Quick-thinking and astute decision making skills
• Effective problem-solving and conflict resolution
• Excellent organization and communication skills
• Must be able to speak, write, read and understand English
• Occasional lifting, carrying, pushing and pulling of 25 pounds
• Prolonged walking, sitting, standing, bending, kneeling, reaching, twisting
• Must be able to sit and climb stairs
• Must have visual and hearing acuity
• Must have strong sense of smell and touch
• Performs duties in an office environment during agency operating hours
• Must be able to function in a wide variety of environments which may involve exposure to allergens and other various conditions
• Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
Federal Information Security Management Act