Planning and Processes:
Research and stay informed of potential information security threats, industry trends, emerging technologies, and response alternatives. Keep abreast of current global security risks.
Conduct research and provide insight to identify, assess, and deploy security technology solutions and partners including but not limited to encryption, firewalls, authorization, authentication, intrusion detection, and gateway security controls.
Engage in regular assessment of the current IT security environment to identify cybersecurity gaps in systems, processes and controls and evaluate the potential risk exposure. Work with IT management to develop opportunities for improvement.
Leads or has primary responsibility for the development, implementation, and monitoring of IT security policies, standards, procedures and guidelines.
Monitor and proactively recommend solutions for correcting issues related to security technology performance and capabilities of vendors.
Collaborate on critical technology projects to ensure that security issues are addressed throughout the project life cycle.
Develop and implement recommendations for security technology solutions, which may include technology for encryption, firewalls, authorization, authentication, intrusion, detection, and gateway security controls.
Work in an advisory role in application development or acquisition projects to assess security requirements and implement controls as planned.
Investigate, analyze, coordinate and report on and resolve all security events, incidents and intrusions; track incidents through analysis, diagnosis, correction and resolution.
Ensure that network devices and PCs are maintained via upgrades, patches, and updates with appropriate security controls.
Maintain, manage and monitor compliance with security control frameworks such as the NIST Cybersecurity Framework (NIST CSF) and Payment Card Industry (PCI DSS).
Serve as a technical subject matter resource providing expertise in the security domain and provide technical direction to lead appropriate work on security related projects.
Ensures the integrity of data and systems, security of confidential information, and protection of physical property.
Lead, facilitate, analyze, execute, govern and represent plans or identified approaches for contracted security assessments, driving remediation through partnering with internal and external business and IT.
Perform day-to-day security log review and analysis in adherence with company requirements and industry security best practices. The log reviews include: operating systems, databases, applications, networks and security applications.
Work with auditors to demonstrate processes and ensure appropriate levels of access are applied throughout the information lifecycle.
Lead the design, development, and delivery of security training programs and individual classes.
24x7 on-call availability as required.
Knowledge, Skills and Abilities:
Knowledge of trends and developments in technology relating to security and risk management.
Strong understanding of information security controls, risks and threats.
Strong knowledge of enterprise security technologies, e.g., Virtual Private Network (VPN), Encryption, Firewalls, Intrusion Detection/Prevention, and Anti-Virus. Experience with Fortinet preferred.
Working knowledge of Microsoft Windows Server and Windows 10 environments, VMWare Server, Oracle OVM, Microsoft IIS and other enterprise-wide applications.
Knowledge of information security standards, data privacy laws, computer crime laws, and federal data protection laws, etc.
Knowledge of information security audit and assessment methodologies, policies, standards, procedures and best practices.
Ability to conduct risk management assessments; provide assistance in identification, prioritization and remediation of information systems vulnerabilities.
Strong technical depth and passion for security.
Ability to understand the companys general business functions, and have a conceptual understanding of each divisions/departments activities.
Experience working with 3rd party vendors and service providers.
Excellent listening, verbal and written communication skills. Ability to convey technology concepts in a way that is easy for non-technical people to understand.
Strong learning, problem-solving and analytical skills.
Consistently demonstrates a high level of integrity and professionalism.
Ability to manage multiple priorities and meet deadlines.
Bachelors degree in Information Technology, CyberSecurity or related field.
4 years of experience in an IT Security role.
Equivalent combination of education and experience will be considered.
Security specific industry certification; preference for CISSP or GIAC (any certification).
Prior experience with a Business or Financial Services firm is preferred.
CISSP NIST Cybersecurity
Digital Intelligence Systems, LLC