Our Senior Information Security Analyst provides team and project leadership, provides subject matter expertise for a broad range of Information Security disciplines and are both generalists and specialists; performs programming, support and maintenance for complex security systems, software programs and hardware devices which are used to provide security for Navient systems and applications; guides junior staff working under your supervision. Responsibilities also include researching, testing, developing and implementing new technical security solutions, interface programs, customized utilities and hardware devices in support of the corporate information security mission; develops security project plans, leads project teams and participate on large scale enterprise projects in order to design, modify and implement technical, procedural and administrative security solutions to help ensure the protection of Navient information systems and resources.
The successful candidate will have:
- Well developed understanding of Information Security concepts, principals and industry "Best Practices"
- Well developed interpersonal communication and writing skills
- Experience writing policies, procedures, guidelines and technical documentation
- Project management experience and the ability to lead project teams
- Technical expertise in at least three of the following areas:
- Mainframe Security (MVS, TSO, RACF, IDMS, CICS, DB2)
- NetworkSecurity (firewalls, IDS, routers, crypto, PKI, VPN, anti-virus software, Internet services)
- System Security (Microsoft NT/2000/AD, Netware/NDS, LDAP, Unix, workstation platforms, mail servers)
- DatabaseSecurity (Microsoft SQL Server, Oracle, Sybase, DB2)
- Internet Security (Microsoft IIS, Apache, web services and applications, CGI, Java, SSL, XML, Soap)
Information Security Technical Support
- Provide direct support and supervise junior staff who support, administer and maintain the security systems, hardware devices, control facilities, applications, servers, etc. to ensure availability and optimum performance.
- Work closely with senior staff members from Applications Development, Infrastructure, Network Services, Business Solutions and Operations to develop interfaces, utility programs, special reports or other tools.
- Research, test, develop and implement technical security solutions to support critical security systems, applications and control facilities. Help to evolve and refine the securityinfrastructure so that it continues to meet the changing needs of the corporation by incorporating new technologies and solutions.
- Develop and maintain detailed technical support documentation and procedures regarding the securityinfrastructure, systems and processes used to protect corporate resources.
- Provide ownership and direction for assigned technologies or areas of responsibility.
SecurityArchitecture and Strategic Planning
- Analyze the existing securityinfrastructure, software controls and transactional processes utilized throughout the organization to find identify weaknesses and areas of improvement. Provide detailed recommendations as appropriate.
- Develop and define the appropriate architecture and technical requirements necessary to address information security needs for the organization.
- Develop and define technical security requirements necessary for new products, services and technologies.
- Conducts research, monitors new product developments and makes recommendations regarding technologies which may benefit Information Security.
Information Security Project Management
- Develop detailed project plans in support of assigned projects. Commit to and meet deadlines in both quality and time.
- Provide project team leadership for security initiatives and work as part of a project team with other IT areas to ensure the necessary security tools, technologies and solutions are in place to meet the Information Security mission.
- Develop detailed system security documentation, process flows and administration manuals for computer security systems, servers, applications and utilities.
Security Assessments, Risk Evaluations and Compliance Support
- Develop, oversee and complete security product and vendor assessments and evaluations, make recommendations and coordinate product implementations.
- Develop security acceptance test plans and conduct security acceptance testing.
- Conduct audits, risk assessments and reviews of third party service providers, subsidiaries and partners who wish to connect to the corporate network.
- Assess and quickly resolve technical security problems related to areas of assigned responsibility while understanding the risk and exposure to the business.
- Provides technical direction, consultation and training for information security staff and emergency after hours support as required in support of the business.
- Be part of a team that provides after hour and weekend support on a rotational basis in order to respond to priority issues that occur outside of the normal business day.
- Assist in developing training and security awareness programs.
- Provide support for internal and external audit reviews and examinations.
- Conduct liaison with external security groups and information security professionals of other local businesses, industry groups and other organizations.
- Provide support for Navient sponsored initiatives, such as ElmNet and Meteor, help develop standards and participate on committees in order to improve security.
- Bachelor's degree or equivalent years of experience is required. High School diploma, GED or equivalent is required.
- Mininum of 8 years progressive experience working in Information Technology, with a minimum of 6years of Information Securityexperience.
- Must be familiar with security software products and audit tools used in both a mainframe or distributed computing environment.
- Knowledge of IBM MVS, RACF, TSO/ISPF/JCL, Novell Netware/NDS, Microsoft Windows NT/Active Directory, LDAP, Internet security and networksecuritytechnologies (TCP/IP, firewalls, IDS, Anti-Virus products, etc.) and third party security or audit tools is required
- Understanding how to implement application level security controls and mechanisms.
- Must have some familiarity with SDLC as it applies to Information Security, understand information security concepts, protocols, "industry best practices" and strategies.
- Must have 4 or more years experience working with business units or non-IT departments helping to develop or implement security strategies and solutions.
- The ability to obtain government clearance is required.
Job ID 4678860