Responsible for information security policy development and maintenance; design of security policy education, training, and awareness activities; supporting, and communicating Security related information and content company-wide.
- Monitors and advises on information security issues related to the systems and workflow at our client to ensure the internal security controls are appropriate and operating as intended.
- Supports the development and publication of Information Security policies, procedures, standards, guidelines based on knowledge of best practices and compliance requirements.
- Conducts company-wide assessment and security audits and manages remediation plans.
- Collaborates with IT management, Legal, Safety and Security, and law enforcement agencies to manage security vulnerabilities.
- Creates, manages and maintains user security awareness.
- Conducts security research in keeping abreast of latest security issues.
- Performs other related duties as assigned.
Knowledge, Skills and Abilities:
- Understanding of Security policy and applicable regulatory laws.
- Knowledge of information security standards, rules and regulations related to information security and data confidentiality (e.g., HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysisStrong analytical and problem solving skills.
- Excellent communication (oral, written, presentation), interpersonal and consultative skills.
- Strong PC skills (Microsoft Office, Word, Excel, PowerPoint, etc.).
- Travel 25%.
Required Experience Education:
- BS or higher in Computer Science, Management Information Systems, or related field.
- 5+ years experience in IT Governance, or related fields.
- 2+ years of progressive experience in computing and information security, including experience with Internet technology and security.
- Experience in the Archer egrc Enterprise Solution or related Governance support software.
- Experience in security policy development, security education, application vulnerability assessments, risk analysis and compliance testing.
- CISSP, CGEIT, or other related certifications desired.