Reviews existing and proposed systems and applications to ensure that they are aligned with their objectives while creating minimal or acceptable risk to information systems, data or documents.
Actively contributes to the development and maintenance of the overall Information Risk Management architecture and program.
Additional Responsibilities include:
Participates on the Information Risk Management Task Group, develops status reports and presentation materials for business management.
Advises business management in all aspects of Information and Systems security, risk management, and information policy and practices.
Acts as the technical resource, advisor and mentor to the Information Systems department staff about the risk and control measures associated with information systems technologies.
Leads the computer incident response team that responds to various security incidents such as denial of service attacks, virus infestation, and/or internal fraud.
Performs Internal/Vendor Security Assessment, Risk Analysis, & Remediation Solutions for Information Technology in a business environment as needed; reports, recommends and implements remediation programs as assigned.
Evaluates and recommends new security technologies, processes and methodologies.
Maintains project management responsibilities for assigned Security and/or technical Projects.
Participates in related Application or Technical infrastructure projects
Develops detailed proposals, requirements and plans for new information security systems that would augment the capabilities of, or enable new capabilities for company networks or shared information.
Develops and produces monthly security related metrics.
Maintains Intrusion Detection systems and all other security related devices, systems and technologies
Monitors and oversees patch-management processes, works with internal/external audit groups on any related security activities
Assists with troubleshooting problems when they occur in production
Actively participates in IS infrastructure processes including change management, disaster recovery, problem management, etc.
Provides 2nd and 3rd level technical support for problem resolution.
Qualifications:
Bachelor’s degree in MIS, CS or related field and/or equivalent experience, minimum five (5) years IT/Information Security experience. Security Related Certifications preferred (CISSP and/or CISA and/or CISM). Knowledge of generally accepted security practices such as ISO 17799.
Demonstrated ability to work collaboratively with IT and Business unit management; ability to relate business requirements and risk to technology implementation; ability to organize and prioritize work to balance cost and risk factors and bring adequate data security measures to the information technology environment.
Excellent understanding of security / privacy legislation. Experience with systems and network security, network protocols, eCommerce and Internet. Experience with implementing and auditing security measures, working knowledge of security products and utilities
Demonstrated planning, managing small to medium size enterprise-wide projects, organization, coaching and mentoring skills. Effective verbal, written and interpersonal skills.
Availability and accessibility on a virtually 24 x 7 basis, requiring occasion travel to affiliated companies, offices and subsidiaries ( by air & ground transportation), and the ability to lead emergency response activities.