In this role you would be responsible for supporting information security operations including detecting and mitigating information systems security issues, investigating security breaches and other cyber security incidents, and developing company-wide best practices for IT security. The position requires in-depth knowledge of information security concepts and will require proactive research of information technology trends and security standards. High level communication skills are essential to successfully translate requirements to business stakeholders.
- Perform security gap assessments, research security enhancements and trends, and make recommendations to Technology management.
- Design, implement, and operate security measures which protect information systems and infrastructure including such things as firewalls, antivirus, intrusion detection systems, and data encryption.
- Work with the Technology team to perform tests and detect system weaknesses. Create and implement a plan of action to mitigate risk and maintain a high security standard.
- Support new and recurring business security operations, such as associate account management activities, software installations, system troubleshooting, and incident response.
- Implement measures which enhance company-wide security education and awareness.
- Facilitate third-party risk assessments by identifying supply-chain risks and creating recommendations for risk reduction.
- Support internal audit activities by serving as a subject matter expert between auditors and the business. Create and implement a plan of action to mitigate risks.
- Create, track, and report metrics relevant to projects and recurring processes.
- Bachelor's degree in computer science or related field required.
- CISSP, CISA, or equivalent industry certification strongly preferred.
- 5 or more years of experience in IT, networking, hosting, and data in a multi operating system environment.
- 5 or more years of experience with information security including vulnerability management, user awareness, email firewall security, identity/access management, endpoint protection, firewall/IDPS security, auditing and risk assessment, incident response, data loss prevention, and policy development.
- Experience programming/scripting with PowerShell, Bash, or similar is a plus.
- Able to identify and mitigate information system vulnerabilities and explain how to avoid them.
- Able to effectively communicate requirements, technical or otherwise, to business stakeholders and third-party suppliers/services.
- Able to participate in continuous research and training in order to stay up to date on the latest threats, technologies, and business requirements.
- Able to remain accessible beyond regular business hours.