Job Requirements & Qualifications:
•Designs, put into practice, administers, and supports multiple information security platforms, systems, and applications. Supports a variety of technologies in a hands-on manner.
•Performs internal security risk assessments, security risk assessments of third party business partners, and detailed security risk assessments of various technologies. (Examples include directory services, database platforms, client and server operating systems, programming languages, web services, firewalls, remote access technologies, messaging platforms, encryption solutions, wireless technologies, internally-hosted applications, externally-hosted applications, and cloud services).
•Supports defined Company operating principles via effective, pragmatic information security controls. Analyzes, defines, implements, and administers efficient business processes related to information security programs. Represents the information security function through pragmatic consultation and participation in a defined SDLC.
•Maintains knowledge of current and up-and-coming security, compliance, and technical developments. Identifies present and prospective future vulnerabilities and collaborates with suitable leaders to identify, recommend, and develop risk remediation plans, ad to track remediation outcomes and timelines.
•Works with the information security management team to administer, maintain, and continuously improve HIPAA, PCI DSS, SOX, and internal controls compliance programs, investigate known or suspected security incidents, support internal and external audits, and assist in the development of appropriate audit response Management Action Plans.
•Promotes security best practices via awareness, example, and compliance with policies and regulatory requirements.
•Uses project management best practices to initiate, manage, and close projects, often simultaneously across a variety of projects. Creates and maintains a variety of documents related to projects and information security.
•Guide and cross-train junior department team members lead meetings construct and uphold strong partnerships with multiple departments coordinate vendor support engagements etc.
Knowledge, Skills, and Abilities
•Knowledgeable with and ability to apply time-proven, generally-accepted security management concepts, techniques, and methodologies.
•Strong understanding of pragmatic implementation of information security controls, holistic defense-in-depth strategies, protocols used to interconnect networks, and publish application resources.
•Strong, efficient written and verbal communication skills that enables effective communications to multiple audiences.
•Ability to occasionally work unscheduled shifts and in an on-call capacity and be available for occasional travel (up to 25%).
•Strong internal (security recommendations) and external (vendor support) negotiation skills.
•Ability to influence and encourage others.
•Strong understanding of PCI, HIPAA, and SOC regulatory requirements.
•Development/analysis proficiency in one or more scripting languages.
•Development/analysis proficiency in TSQL.
•Capability to learn and preserve new skills required to adapt to growing business and technical environments.
•Strong perceptive of present and emergent information security technologies and trends.
Work Experience and/or Education
•Bachelor’s and/or Master’s degree in information security or computer information systems.
•6+ years of information security generalist experience (broad and deep in data, application, system, and network security domains) with complex technical initiatives.
•Active CISA, CISSP, or CISM certification.
•Experience identifying and addressing security risks associated with host and network operating systems (e.g. Windows, Linux, AS400, PAN OS, AIX, Cisco IOS, etc.) enterprise services (e.g. directory services, email, web publishing, database, virtualization, etc.) content management, client-server, and collaboration, thin-client, and web-based applications enterprise applications (e.g. Lawson) cloud services (e.g. SaaS, IaaS, etc.) data storage, etc.
•Hands-on SME/lead experience with the design, implementation, and administration of at least 5 of the following technologies: Palo Alto Networks, IBM Tivoli Endpoint Manager (BigFix), IBM QRadar (SIEM), Qualys Vulnerability Scanning Solutions, Tenable Nessus, Juniper SSL VPN GlobalScape EFT Server Symantec Data Loss Prevention (Vontu), RSA SecurID, and CyberArk Password Management.
