Administrator, IT Security

Company Description

As the global leader in health and wellness innovation since 1935, GNC motivates people to reach their goals with the most trusted and exciting selection of products in the industry.

As #TeamGNC, we work hard to ensure that our consumers come first. We are always cultivating and collaborating on new ideas to bring innovative solutions to the forefront and testing new solutions to translate goals into action. Our team members are advocates for change and innovation.

There is no greater gift than good health and no greater satisfaction than helping others to achieve it. Be a part of helping others to Live Well!

Job Description

The Information Security Administrator is responsible for a broad range of tasks, including the day-to-day administration of information security tools and devices, provisioning and de-provisioning, support for security information and event management (SIEM), audit participation and significant responsibilities for the security administration of a wide variety of applications across the enterprise. The Information Security Administrator interacts closely with IT Operations, Application Development, Compliance, and business departments.

JOB RESPONSIBILITIES:

• Perform user and access administration on designated systems and applications

• Perform system security administration on designated platforms:

• Operating Systems

• Applications and Network Security Devices

• Standards and Procedures with industry best practices and vendor guidelines

• Perform installation and configuration management of security systems and applications: Policy Assessment, Compliance Tools, Network Security Appliances and Host-Based Security Systems

• Perform threat and vulnerability assessments, in some cases followed by appropriate remedial action, to ensure that systems are protected from known and potential threats and are free from known vulnerabilities

• Apply patches where appropriate and, at the direction of Director of Information Security, remove and mitigate known control weaknesses, such as unnecessary services, applications, or redundant user accounts

• Locate and repair security problems and failures

• Collate security incident and event data to produce monthly reports

• Perform normal and exceptional processing of user access and change requests

• Report unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes

• Assist and train junior team members in the use of security tools, the preparation of security reports and the resolution of security issues

• Develop and maintain documentation for security systems and procedures

• Research, recommend, evaluate and implement information security solutions that identify and/or protect against potential threats, and respond to security violations

• Provide guidance to junior members of the team

• Respond, resolve, or escalate reported security incidents

• Monitor system logs, SIEM tools and network traffic for unusual or suspicious activity

• Interpret activity and make recommendations for resolution

• Investigate and resolve security violations by providing postmortem analysis to illuminate the issues and possible solutions

• Monitor internal control systems to ensure that appropriate information access levels and security clearances are maintained

• Administer and maintain end-user accounts, permissions and access rights for all systems

• Interact closely with the audit group and outside Assessors

• Manage the collection of observation responses, evidence and remediation plans

• Provide oversight and coordination of audit finding remediation including tracking progress and providing status and updates to the security and remediation project team

• Support e-discovery processes to include identification, collection, preservation and processing of relevant data

• Additional duties as assigned

SUPERVISORY RESPONSIBILITIES:

• This job has no supervisory responsibilities

Qualifications

• Bachelor's Degree in Information Systems or related field; or an equivalent combination of education and experience sufficient to successfully perform the key accountabilities of the job required

• 2+ years progressive IT, Network, or Application Security experience required

• Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management

• Experience with common information security systems and tools, such as Security Information Event Management, Vulnerability Management, Intrusion Detection/Prevention, Web Content Filtering, Anti-Virus/Malware and Data Loss Prevention

• Understand PCI and SOX requirements as they related to user account provisioning

• Experienced with Active Directory and user account access management tools

• Maintain security integrity and confidentiality to information and access required to perform job duties

• Audit, compliance or governance experience preferred

• Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously

• Ability to work well under minimal supervision

• High degree of proficiency MS Office Suite, Outlook & Internet applications

• Strong analytical, prioritizing, interpersonal, problem-solving, presentation, budgeting, project management (from conception to completion), & planning skills

• Strong verbal and written communication skills (including analysis, interpretation, & reasoning)

• Solid understanding and application of mathematical concepts

• Ability to develop and maintain collaborative relationships with peers and colleagues across the organization, as well as, internal and external clients

• Ability to work well autonomously and within a team in a fast-paced and deadline-oriented environment.

• Ability to work with and influence peers and senior management

• Self-motivated with critical attention to detail, deadlines and reporting

Additional Information

All your information will be kept confidential according to EEO guidelines.

GNC Holdings LLC is an Equal Opportunity Employer