Overall Job Summary
This position is responsible for ensuring the secure development, deployment, and operation of information systems across the Enterprise.
Essential Duties and Responsibilities (Min 5%)
- Serve as an internal information security consultant to the organization.
- Provide direct training and oversight to all employees, alliances, or other third parties, ensuring proper information security clearance in accordance with established organizational information security policies and procedures.
- Ensure all regulatory requirements are met such as PCI and SOX.
- Create and implement information security polices, standards, and procedures for the organization.
- Initiate, facilitate, and promote activities to create information security awareness within the organization.
- Manage data loss prevention technologies and monitor compliance with information security policies and procedures, referring problems to the appropriate department manager.
- Monitor the internal control systems to ensure that appropriate access levels are maintained.
- Work with internal and external auditors to perform information security risk assessments.
- Develop key metrics to measure effectiveness of the information security program.
Required Qualifications
Experience: 2-5 years of combined systems and/or security administration experience.
Education: Bachelor’s degree from an accredited college or university in Computer Science or related field preferred. Any suitable combination of education and experience will be considered.
Professional Certifications: None required
Preferred Knowledge, Skills Or Abilities
- Systems administration background on any applicable platform such as Linux/UNIX, Windows and Cisco IOS is preferred.
- Good skills with high level of proficiency in security frameworks such as ISO, NIST, and COBIT.
- Good understanding of regulatory requirements such as PCI DSS, Sarbanes Oxley and HIPAA.
- Good knowledge of firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices.
- Good technical knowledge of network, PC, and platform operating systems, including Cisco, Microsoft and Linux.
- Good knowledge of TCP/IP and network administration/protocols is preferred.
- Good ability to conduct research into security issues, standards, and products as required.
- Good ability to work on Information Security sponsored projects, which includes providing necessary documentation, establishing and meeting timelines.
- Good ability to promote Security awareness training.
- Good ability to create and/or maintain documentation including policies, procedures, security awareness tips, and compliance reports.
Working Conditions
- Normal office working conditions
Physical Requirements
- Lifting up to 10 pounds
- Sitting
- Standing (not walking)
- Walking
Disclaimer
This job description represents an overview of the responsibilities for the above referenced position. It is not intended to represent a comprehensive list of responsibilities. A team member should perform all duties as assigned by his/ her supervisor.