Daily management of operational information security in a 24×7 live production environment.
Assist in providing support for the design, deployment and use of security related reporting tools and management systems.
Assist with information security risk assessments and reports to identify, assess, measure, and monitor information security risks.
Liaise with internal employees throughout the organization (Engineering, HR, Management and Support) and external costumers as necessary, on information security matters such as emerging security risks and control technologies.
Enforce and adapt information security policies, standards, procedures and guidelines, in partnerships with the business.
Supporting the incident response, investigation and architecture review processes.
Assist, support and maintain the vulnerability management process.
Assist with handling the security questionnaire process.
Assist with infrastructure framework, perimeter and internal security improvement projects.
Independently or as part of a team, analyze business, technical and functional requirements and develop work tasks and complex project plans to meet project objectives.
Successfully lead small to midsize projects utilizing external resources and service providers.
Effectively communicate with business and IT leadership to insure project success.
Define and implement processes and technical solutions to enhance automated monitoring and management.
Support the development and deployment of information security processes.
Participate in on-call and off-hours support activities which are typical for the role and industry.
Support the development, documentation and delivery of training and user guidance to ensure consistent and effective implementation of information security objectives.
Receives functional guidance directly from Information Security Manager and supplemental guidance from other team members on general business objectives.
Will be self-directing and act as project leader on small to large projects; nurture effective working relationships; will coordinate with internal and external resources in performing the duties of this position.
Assist with ISO 27001 and NIST certifications – domestic and international.
Assist with Client Due Diligence as requested.
Essential Skills
Knowledge of information security industry standards and frameworks (e.g. PCI DSS, NIST, ISO 27001) desirable.
Knowledge of operational security areas preferred.
Deep understanding of process and information technology related controls.
Familiarity with industry standard tools and applications including Nessus, Palo Alto, Kaspersky, Varonis, etc.
Excellent oral and written communication skills.
Excellent analytical, research, and problem solving skills with a keen attention to detail.
Strong project management, communication and organizational skills.
Ability to work on multiple projects, with strong ability to adapt to dynamic work environment and to prioritize tasks accordingly.
Proficiency in Microsoft Office suite, including PowerPoint, Excel, Visio, Word.
Qualifications
Bachelor’s Degree in Business, Computer Science or equivalent experience, or equivalent Military background in relevant disciplines required.
Minimum of 2 years Information Security experience or equivalent experience in Information Risk Management.
CISSP, CISM, CRISC, CISA, or similar industry certification(s) preferred.
Must possess a solid understanding of Information Technology, Information Security, and Risk Management.
Self-motivated, able to work independently and as part of a team.
Experience with technical and policy writing.
Strong experience with internet and network security products and platforms, including intrusion detection/prevention, incident response and investigation, vulnerability management, data loss prevention and penetration testing.
Experience in risk assessment methodology is required.
Experience with Change Management Processes.
Policy development and implementation experience.
Experience in policy and compliance auditing is preferred.