The Cyber Security Role is responsible for 3D Systems Information Security application systems and the protection of 3D Data and Systems. The individual will own responsibility for one or more information security platforms such Cyber Defense, Governance and Risk, Compliance, or Disaster Recovery.It will be part of the Incident Response Team and will own the on-call schedule and assignments of security engineers, analysts, and interns, and will be subject to on-call and after-hours duties on a rotating basis with others on the team. Influences and guides 3D Systems personnel on emerging information security threats and technologies and ways to mitigate those threats. Will own security solutions that meet the needs of the business as well as the over-all security program based on risk.
Security Direction and Vision
Influence and set tactical security vision and direction, collaborate on development strategies and goals.
Design, develop and implement documents and procedures that support and enforce security standards, policies, training and procedures to raise the security posture while lowering the risk.
Define and understand the current environment and the ability to detect critical security vulnerabilities and risks, then provide feedback on timely remediation of security issues or incidents to management.
Update and otherwise maintain existing security solutions (firewalls, IPS, anti-malware, anti-virus, web filtering, log collection, 2-factor authentication, anomaly detection, network access control, etc.).
Ensure compliance with all external regulatory compliance programs corporate wide.
Design, and implement IT security documentation standards for IT engineers and analyst to follow.
Assist with tier two/three responses to trouble tickets.
Provide security education to system administrators, application owners and end users.
Ensure security policies and procedures are followed.
Maintain relevant security knowledge by attending security events and conferences.
Review and validate penetration test findings for validity.
Validate implementation of recommended security configuration changes identified by penetration test findings.
Advice and Guidance
Establish guidelines for security personnel to follow when interacting with business partners.
Provide feedback and guidance to IT staff as needed.
Effectively communicate security risks to 3D Associates, Stakeholders, and Management.
Knowledge, Experience and Qualifications
Bachelor's degree in Computer Science or related field, or equivalent combination of industry related professional experience and education.
Master(s) in information security or related field.
Experience with NIST, SOX, HIPAA or other information security related frameworks or regulations.
Experience in information security for a manufacturing environment for international company highly desirable.
Experience owning and managing security tools and applications in a corporate environment.
Ability to convey technical information to all groups and individuals concisely, clearly, verbally, and in writing to individuals with limited technical expertise.
CISSP, CISM, CCSP or other information security related certification(s).
A minimum of 5 years' experience working in IT Security.
Subject Matter Expert in one or more of the following information security areas:
Governance Risk and Compliance
Information Security Tools such as SIEM, IDS/IPS, DLP, IDM, E-commerce
Threat and Vulnerability Metrics
IT Security training