DescriptionCollaborate in defining and implementing strategic security goals by identifying optimal approaches and determining the necessary tools, technologies, tasks, processes, and metrics for execution
· Facilitate the implementation of operational processes and maintain continuous supervision to ensure their effectiveness.
· Recognize, gather, analyze, and respond to relevant operational metrics to enhance overall performance.
· Lead the implementation of strategies and goals in alignment with established metrics, working collaboratively with security personnel, system administrators, stakeholders, and end-users as necessary.
· Perform ongoing oversight of a range of security programs, such as privilege management, hardening and configuration management, vulnerability management, and attack-surface minimization.
· Collaborate internally to expand our ongoing security awareness program that enhances our knowledge and understanding of threats and appropriate security protocols
RequirementsQualifications:
· Candidate must have at least 4 years of practical experience in Information Security, with relevant technology and infrastructure experience.
· Bachelor’s degree · Need to have, or be willing to obtain, PCI Internal Security Assessor (ISA) certification
· CISSP (preferred)
· CompTIA Security+ Certification (preferred, or equivalent certifications)
Additional Desirable Skills:
· Broad familiarity with a wide variety of security measures, and experience in implementing Defense in Depth solutions that combine technology-centric measures with administrative and other controls.
· Familiarity with the Microsoft security ecosystem.
· Familiarity with Microsoft Azure and related security issues/opportunities
· Familiarity with Secure SDLC issues and best practices (desired)
· Experience in balancing security objectives with ROI considerations
· Ability to understand in-house developed systems and identify risks