This role will assist in the development of Information Security technology and procedures including Security Operations. The role will primarily work with IT as an Information Security technical resource. Occasionally, this role will work with other areas of the business to encourage their participation in sound security practices, risk management, and compliance.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned.
- Assist in the configuration, development, and maintenance of information security systems which include, but are not limited to DLP, SIEM, Firewall, Proxies, and Malware protection solutions.
- Analyze, troubleshoot, and investigate security-related, information systems’ anomalies based on security platform reporting, network traffic, log files, and host-based and automated security alerts.
- Assist in performing technical audit remediation.
- Assist in security governance of internal/external programming efforts.
- Assist in the development of IT security architecture, controls, processes, standards, policies and procedures that are aligned with the enterprise policies.
- Advocate for compliance with security policies and associated, legal, and contractual requirements.
- Ensure compliance and information security related concerns are supported throughout the enterprise.
- Assist in measuring and reporting Information Security metrics.
- Ensure readiness for internal/external audits related to IT security and manage external information security partners.
- Stay current with Cyber Security industry, trends and risks.
- Lead small to medium projects and initiatives that support information security practices and policies.
- Test information security administrative, technical, and physical controls and report findings.
- Partake in off-hours support rotation.
REQUIRED KNOWLEDGE, SKILLS AND ABILITIES
- Strong understanding of enterprise, network, system and application level security issues.
- Understanding of enterprise computing environments (including Cloud), distributed applications, and a strong understanding of TCP/IP networks.
- Understanding of system hardening processes, tools, guidelines, and best practices.
- Fundamental or greater understanding of encryption technologies.
- Excellent verbal and written communication skills.
- Ability to manage small to medium information security projects (or initiatives) while maintaining high levels of quality and effectiveness.
- Comfortable with working through ambiguity to clarify requirements and develop effective solutions.
- Strong understanding of common technical, data, and security principles.
PREFERRED KNOWLEDGE, SKILLS AND ABILITIES
- Understanding of Cyber Security and ISO27K practices and principles.
- Certifications: CISSP, CCSP, SSCP, CSSLP, CEH, GSEC, or equivalent.
- Ability to work well with others, objective, creative, diplomatic, and exudes excellent communications skills.
- Team player
- Displays passion, positive attitude and professionalism
- An effective listener that focuses on collaboration
- Comfortable managing healthy conflict
- Can build a strong relationship with agents and/or customers
- Attentive to details
- Demonstrates a high level of curiosity and innovative thinking
- Asks questions and communicates clearly to all levels of the organization within the business and IT
- Contributes to exceptional customer experience
- Initiative to take action without being prompted
- Sound decision making
- Organized, understands prioritization and meets deadlines
- Financial and business acumen
- Ability to remain flexible
- Actively seeking professional development
EDUCATION AND/OR EXPERIENCE
- Bachelor’s degree from a four-year college or university and two years of related experience
- Foundational knowledge of other infrastructure systems/services (Wintel servers, network switching, SAN, VMware, Citrix, DNS/DHCP)
- Appropriate combination of education and experience may be acceptable
- Demonstrates proficiency in Microsoft Office productivity tools (Word, Excel, PowerPoint, etc.)