Under general supervision and with independent judgment defines, delivers, monitors and reports on risk management, compliance and information security programs as it relates to corporate IT Security.
Essential Duties and Responsibilities:
Related to network and mainframe based information security, systems, applications and infrastructure; its policies, procedures and compliance of same.
1.Provide information security analysis across a broad range of platforms and technologies. Respond to identified security breaches or weakness in a timely manner.
a. Research, document, and track security incidents (internal/external), utilizing incident tracking software. Make recommendation for appropriate action(s) for remediation and develop additional controls as deemed necessary.
b. Assists IT management in formulating responses to security incidents or exposures.
c. Monitor intrusion detection systems / services; recommend appropriate action(s) to mitigate risk to corporate resources.
d. Aggregate, monitor, and analyze system and network logs
2.Perform routine security assessments, penetration tests, and policy compliance reviews. Develop and maintain appropriate procedures, documentation, and recommendation for remediation of identified weaknesses.
a. Develop and perform periodic security assessments of various systems, infrastructure, and connectivity; provide reports to be used for decision-making by IT management.
b. Design, perform, and/or oversee penetration testing of assigned systems to identify potential security vulnerabilities.
c. Evaluate and recommend changes to IT infrastructure change management process to ensure controls are appropriate
d. Ensure that security infrastructure / system hardware and software inventory are updated quarterly; provide reports for management review / audit.
e. Conduct user activity security audits when requested by management.
f. Provide security recommendations or assessments as requested to various IT projects, implementations, or concept development.
3.Research, recommend, develop, implement, maintain, and audit security policies and procedures to improve and maintain a high degree of focus on information security for the company's IT assets in accordance to industry best practices and in support of company business objectives.
a. Develop and maintain IT Security Policies and Procedures.
b. Educate and inform employees specific to IT security policies & procedures as well as knowledge of latest security threats and vulnerabilities as it applies to the company.
c. Review and recommend systems / tools to maintain or improve security assessment and reporting capabilities.
d. Evaluate, assign and maintain an inventory of system risk assessments, indicating level of risk, potential exposure, and recommendations for improvement.
e. Maintain a thorough understanding of standards and compliance regulations that may directly impact the company.
4.May provide leadership to junior staff through guidance and training.
5.Perform other duties as assigned.