This position manages the IT related risk mitigation projects and programs for the
company and clients. The main areas of responsibility include information technology
security, regulatory compliance, and business continuity.
-Develops and implements IT security policies, standards, procedures, guidelines,
employee training, and awareness.
-Reviews the development, testing, and implementation of security plans, products,
and control techniques.
-Investigates and recommends appropriate corrective actions for data security incidents.
-Provides security consulting/project management services on highly complex information
security projects and issues.
-Identifies security risks to the organization and ensures that appropriate data security
procedures and products are implemented.
-Maintains an awareness of industry security policies and government regulations
pertaining to information security.
-Identifies regulatory changes that will affect information security policy, standards,
and procedures and recommends appropriate changes.
-Gathers and reviews data from diverse system environments including development,
testing and production systems. Identifies and assesses the risks presented by the data
gathered and documents that assessment in a security plan.
-Provides the lines of business recommendations for mitigating identified risks based on
accepted policies and practices.
-Champions the use of sound information security principles across the entire organization.
-Ensures the company is in compliance with all applicable industry regulations.
-Monitors compliance with defined internal control policies and procedures in relation to
applicable regulatory and industry requirements to which the business must conform.
-Performs internal and client audits, reviews, and assessments.
-Retains all documentation around policies, procedures, audits, and assessments.
•Business Continuity/Disaster Recovery:
-Develops, implements, and maintains the company’s comprehensive Business Continuity
and Disaster Recovery programs.
-Provides guidance and coordinates efforts of IT staff members in the development and
maintenance of disaster recovery procedures and plans for key areas of the organization.
-Reviews changes in the Disaster Recovery (DR) strategy, and in physical or personnel
resources to assure the effectiveness of the disaster recovery procedures.
-Assures documentation required for disaster recovery is properly maintained in the
Disaster Recovery Planning (DRP) software and in hard copies at designated recovery locations.
-Develops and conducts effective training programs for employees and clients.
-Facilitates the communication of issues within the areas of responsibility.
-Keeps informed on best practices, industry changes, and new security threats.
-Represents the company and is active within local, national, and global industry users
groups and communities of interest.
•Must have the skills and abilities to effectively perform the essential duties and
responsibilities laid out within this document.
•Ability to use business acumen to effectively balance the competing demands of risk
mitigation, cost, and business requirements.
•Minimum Education: BS in computer science or related field.
•Minimum Experience: 4 years in IT / 2 years in IT Security.
•Preferred Experience: 7+ years in IT / 4+ years in IT Security.
•Preferred Certifications: CISSP, CISA, SANS.
•Experience working with IP networking, networking protocols and understanding
of security related technologies including encryption, PKI, VPNs, firewalls, proxy
services, DNS, electronic mail and access-lists.
•Experience working with Internet, web, application and network security techniques.
•Experience working with relevant operating system security (Windows, Linux, etc.)
•Experience working with leading firewall, network scanning and intrusion detection
products and authentication technologies.
•Experience with PCI-DSS and PA-DSS preferred.
To apply for this job email your details to email@example.com