The Information Security Officer will work closely with Systems, Networking, Software Development and other teams to ensure information security is at the forefront of the enterprise, while working closely with Compliance for activities relating to the availability, integrity and confidentiality of data and compliance with PCI, HIPAA, GDPR, NYDFS and SOC2.
Essential Duties and Responsibilities
Develop a comprehensive enterprise information security and risk management program
Manage team member performance; train and advocate for a team of security engineers
Provide guidance to the organization on the appropriate information security services, mechanisms and technologies
Monitor daily emerging security threats and news, assess company's risk exposure to them, implement mitigating measures, and communicate this information to key stakeholders on a timely basis
Participate in risk assessments to ensure compliance with PCI, HIPAA, GDPR, NYDFS, SOX, ISO 27001 and SOC 2
Conduct regular reviews and provide exception/exposure reporting and remediation plans to leadership
Develop security-related training programs, awareness campaigns, metrics and skills for the organization
Implement enterprise wide security controls to ensure the confidentiality of data across multiple geographically separated data centers and endpoints
Manage and mature security appliances and software including Data Loss Prevention (DLP) Anomalous detection appliances, intrusion detection systems, file integrity monitoring software, 24/7 managed SOC, advanced endpoint protection, vulnerability scanners, source code review, vendor security assessments and internal security
Responding to security questioner, managing the security audits and on-site assessments and provide the roadmap to fix the gap.
Extensive knowledge of security controls and technologies including SIEM, DLP, WAF, IPS and firewall
Exposure to Antivirus products, malware detection and curing
Develop, deliver and monitor the hardening standard for servers and environments. Review the hardening standard on periodic basis and update them to meet the security requirement.
Leading the Corporate SIEM and WAF team and develop effective incident detection rules and the proactive monitoring
Lead evaluations and implement new technologies related to information security
Familiar on VTA, AppScan, OWASP standard, Penetration testing and guide the team to remediate the findings.
Serve as senior information security leader in the organization
Coordinates with operational groups and business units to identify and implement measures to prevent or detect security incidents or breaches.
Ability to communicate and collaborate cross-functionally, with various levels above and below, internally and externally, and to technical and non-technical audiences
Solid understanding with TCP/IP, Windows and Linux servers, along with an ability to implement and configure security applications and hardware
Strong technology background on access control, IDS/IPS, vulnerabilities, WAF, DLP, email and protections
Proven ability to lead and apply information security, risk management and privacy practices
Demonstrated ability to manage in a way that results in highly-engaged teams
Demonstrated understanding of PCI-DSS, SSAE-16, SOC reporting framework, HIPAA, GDPR, NYDFS regulations, along with various state, federal and other international requirements
Proven abilities in incident management and response
Ability to lead and manage technical security-related projects