SiteMinder Info Security Advisor / Sr Advisor / Exec Advisor
5 - 7 years experience • Managed Care & Health Insurance
The Info Security Advisor/Sr Advisor/Exec Advisor maintains/develops/leads the development of enterprise information security policies, technical standards, guidelines, procedures, and other elements of an infrastructure necessary to support information security in compliance with established company policies, regulatory requirements, and generally accepted information security controls.
Responsible for the selection and delivery of strategic networksecurity, access control and secure transaction/messaging solutions.
Ensures security solutions involving the use of technologies are well-conceived, designed and implemented in compliance with enterprise standards.
Develops strategic and tactical plans for a comprehensive enterprise-wide information security program.
Primary duties may include, but are not limited to:
Info Security Advisor:
- Provides first level engineering design functions and trouble resolution; provides trouble resolution and serves as point of technical escalation on complex problems; leads or plans implementations for access management and networksecuritytechnologies; develops testing plans to ensure quality of implementation; leads the investigation and reporting of data securityevents and incidents; provides system and networkarchitecture support for information and networksecuritytechnologies; provides technical support to business and technologyassociates in risk assessments and implementation of appropriate information security procedures, standards and technologies; maintains security incident response plans; represents major upgrades and business system replacements in change control; oversees Enterprise mix of vendor services; recommends changes and updates to strategy; may act a key contact for setting vendor strategy; designs & engineers repetitive technical solutions based on business requirements and defined technology standards; develops support procedures and performance metrics reports; leads level 1 & 2 incident recoveries; may organize the efforts of other analysts as part of incident recovery; leads root cause analysis efforts.
Info Security Sr Advisor:
- Leads system and networkarchitecture support for information and networksecuritytechnologies;
- leads development and execution of risk assessment methodologies to fit business, regulatory, and technical environment considerations;
- leads the development of requirements, system architecture, and software design of security products and services;
- leads the development of strategies for discovery, evaluation and response to new networking attacks;
- develops security incident response plans and strategies.
- Provides trouble resolution and serves as point of technical escalation on complex problems.
- Creates presentations and seeks IT management approval and acceptance of significant replacements or reconfigurations of major security systems serving the Enterprise.
- Sets vendor strategy and direction.
- May be assigned to project teams for technical consultation to business partners and developers.
- Designs & engineers comprehensive access management and networksecurity technical solutions based on business requirements and defined technology standards; works with architecture to updatetechnology direction & strategy.
- Develops reports supporting strategy and direction for management. Capable of serving as technical merger & acquisition lead.
- Acts as a subject matter expert among peers, with manager and senior management.
Info Security Exec Advisor:
- Establishes architecture oversight and planning for information and networksecuritytechnologies; leads development of an information securityrisk management program that includes business, regulatory, industry practices and technical environment considerations; establishes strategic vendor relationships for security products and services; develops enterprise-wide security incident response plans and strategies that includes integration with business, compliance, privacy, and legal constituents and requirements; provides advanced level engineering design functions; provides trouble resolution and serves as point of technical escalation on complex problems.
- Creates presentations and seeks IT and business management approval and acceptance of significant replacements or reconfigurations of major securitytechnologies serving the Enterprise.
- Provides technical guidance and leadership to the technical engineers within the organization.
- Participates in the design of the enterprise architecture.
- Proposes opportunities to improve results based on targeted or continuous assessment.
- Researches relevant trends and activities in healthcare, business, competition and regulatory environments; recommends strategy adjustments.
- Participates in enterprise planning activity, including vendor assessment, technology platform selection & retirement, prioritization and integration.
- Capable of serving as technical merger & acquisition lead.
- Routinely acts as a subject matter expert for executive management.
All position levels require the followingqualifications:
- Must be capable of providing top-tier support for 4, 5, 6 or more of the information securitytechnology common body of knowledge skill sets: 1) Access Control, 2) Application Security, 3) Business Continuity and Disaster Recovery Planning, 4) Cryptography, 5) Information Security and Risk Management 6) Legal, Regulations, 7) Compliance and Investigations, 8) Operations Security, 9) Physical (Environmental) Security, 10) SecurityArchitecture and Design, 11) Telecommunications and NetworkSecurity.
- Security Certifications: CISSP or other technical security certifications.
- Provide expertise for an Enterprise Security Services infrastructure using CA SiteMinder Policy Servers, Web Agents and CA Directory Servers on Linux/ Solaris and Windows platforms.
- Provide expertise on Federated Single Sign-on Services using CA Federation Manager or equivalent tool like Ping Federation.
- Install and configure SiteMinder Web Agents with Apache, IBM HTTP, IIS and SunOne Web Servers on Linux, Solaris and Windows platforms. Install and configure Siteminder Application Server Agent on application Servers on Windows, Linux platforms.
- Support implementation of Multi Factor Authentication using SecureAuth or other equivalent tools like CA AuthMinder to help protect the organizational data and end-user identities by using two factor authentication.
- Install and configure CA SiteMinder Admin User Interface and ensure appropriate users have legitimate access.
- Implement logging and analyze using tools like Fiddler, http headers and utilize Splunk, Wily, SiteScope monitoring on SiteMinder to track and identify user activity as well as acquire intrusion reports of unauthorized attempts to access.
- Experience in multiple Authentication Methods:
- Windows Authentication, Kerberos, TLS/SSL and DTLS, NTLM, Smart Cards, Virtual Smart Card, Biometrics, Federation SSO – SAML, OAuth, Windows Authentication
The followingqualifications arepreferredfor all levels:
- Provide first response for production systems issues. Troubleshoot and revolve production issues to minimize any impact to clients.
- Implement Application Migration by coordinating and Performing Upgrade of Webagents.
- Responsible for overseeing audit compliance. Resolve application scan vulnerability issues to provide high application security.
- Implement customized methods of user provisioning for various SSO applications.
- Experience working with RSA or other equivalent tools to improve security.
- Work with upper management on feasibility of achieving requirements of client needs. Design and configure SiteMinder for performance and high availability by implementing load balancing and failover.
- Automate monthly service to increase performance. Create policies and responses to provide security for web applications.
- Work with for Active Directory to provide additional security functionalities such as user lock-out, inactive user, disabled user, forgotten password and change user password.
- Utilize CA Identity Manager and CA Service Desk. Manage the identities and access of users to internal and external applications.
- Experience working with Network teams and good understanding of F5 or Big IP
- Perform user provisioning and user management to provide appropriate access to applications and data. Track Incident Records and plan Change Records with proper approvals via CA Service Desk.
Info Security Advisor
- Requires BS/BA Degree; 5 – 8years experience in a support & operations or design & engineering role in any of the following areas: access management or networksecuritytechnologies, servers, networks, telecommunications, operating systems, middleware, disaster recovery, collaboration technologies, or hardware/software support; or any combination of education and experience, which would provide an equivalent background.
- Significant experience with multiple technical and business disciplines preferred.
- Working knowledge and understanding of industry-accepted data processing controls and concepts as applied to hardware, software, data, network communications, and people.
Info Security Sr Advisor
- Requires BS/BA in related field; 8+ years experience in systems administration and security aspects of information systems, computer networking, telecommunications, systems development and management; significant experience with multiple technical and business disciplines required.; or any combination of education and experience, which would provide an equivalent background.
- Advanced knowledge and understanding of industry-accepted data processing controls and concepts as applied to access management and networksecuritytechnologies, hardware, software, data, network communications, and people.
Info Security Exec Advisor
- Requires BS/BA in related field; 10+ years experience in systems administration and security aspects of information systems, computer networking, telecommunications, systems development and management; significant experience with multiple technical and business disciplines required; requires broad-based experience to plan and design highly complex systems; or any combination of education and experience, which would provide an equivalent background.
- Expert knowledge and understanding of industry-accepted data processing controls and concepts as applied to access management and networksecuritytechnologies, hardware, software, data, network communications, and people.