Assists in the development, maintenance, and implementation of information security and control policies, procedures, and standards. Participates in new system development and implementations to ensure that development efforts follow appropriate guidelines and controls are adequately incorporated into the systems. Conducts periodic risk assessments of systems, applications and networks to identify control weaknesses and ensure the effectiveness of internal controls in reducing information systems control. Involved in a wide range of security issues including architectures, incident response, and business continuity.
1. Provides security capability, vulnerability, and risk assessments of the information systems.
2. Provides and maintains technical expertise on security aspects of systems, applications, and networks; and assists in assuring that specific information security plans/goals are consistent with organizational plans/goals.
3. Provides metrics and indicators for information security and assurance.
4. Provides and develops awareness and training of information security.
5. Provides guidance and suggested practices to enable continued availability of reliable and critical information.
6. Coordinates security objectives with incident response and continuity teams.
7. Works with auditors regarding their role in information security policies, procedures and audit compliance.
8. Assists in the documentation of system security plans and reporting for executive management.
9. Use and maintain risk management, vulnerability assessment, and tracking systems.
Requires a Bachelor’s degree (or equivalent work experience) or 4 years experience in a similar role.
1+ yrs experience with IDS/IPS event monitoring required.
1+ yrs experience with incident and threat management required.
1+ yrs experience creating policy/procedural documentation required.
1+ yrs experience with IDS/IPS rule writing preferred.
Analytical ability necessary to identify and make recommendations concerning security vulnerabilities; complete and implement project plans; and resolve security issues.
Strong knowledge of multiple areas within the information technology discipline. One or more advanced certifications in information security.