Business Information Security Officer - Business Services

5 - 7 years experience  • 

Salary depends on experience
Posted on 04/11/18
Boca Raton, FL
5 - 7 years experience
Salary depends on experience
Posted on 04/11/18

The Information Security Officer will ensure that business units design and maintain products and services that comply with the organizational information security policies and programs and match or exceed industry standards, helping drive the overall information security strategies into tactical and operational goals for the specific business unit. You will be responsible for performing risk, control objectives  and compliance assessments and threat analysis where applicable by understanding the key assets and processes, identifying the threats, risks and appropriate controls, evaluating the residual risk and suggesting incremental controls, where necessary. Your role as BISO is to be engaged with the business unit, acting in a consultative way to ensure security policies are being adhered to and incorporated into their processes, procedures and applications. You will interacts daily with supervisor, peer groups, and customers. Interaction normally involves exchanges or presentation of factual information.

 The candidate will be part of the Information Security team responsible for Security platform architecture, engineering, Operation and audit for LexisNexis Risk Solutions Inc.

The candidate is expected to be the security expert for the assigned business unit and a liaison between the business and Information Security

 Qualifications:

  • Bachelor’s degree in Computer Science, MIS or IT Security or equivalent experience. A Master’s Degree is highly desirable
  • Industry certification such as CISSP, OSCP, CSSLP, CISA, SCNP, CCNA Security, and /or CEH

Technical Skills:

  • Solid understanding of vulnerability assessment, threat analysis and reporting
  • Understanding of promotion of security policies
  • Implementation of security programs
  • Dataflow diagrams and UML
  • Threat modeling and risk analysis
  • Understanding application securityrisks and controls
  • Agile and Waterfall development methodologies
  • Strong written and verbal communication skills
  • Problem solving skills
  • Knowledge of security environments
  • Installation/Troubleshooting in web-based environments

Requirements:

  • 5+ years of IT securityexperience
  • 1+ years of development experience in one or more of the following: C#, C++, Java, JavaScript, ASP.NET, or PHP
  • Hands-on experience performing application static security and penetration assessment with tools such as –  AppScan, Fortify , BurpSuite, OWASP ZAP Proxy, WebInspect, Fortify, Veracode,
  • Solid understanding of security and networkinfrastructures - switches, routers and firewalls; TCP/IPnetworking theory
  • Ability to recognize and escalate Security issues
  • Good understanding of defensive, corrective and detective controls and requirements
  • Familiarity with different types of security vulnerabilities and tools for countermeasure
  • The candidate should be well versed in Information security principles at an Intermediate level
  • Previous Analytic and troubleshootingexperience is required
  • The candidate must demonstrate an ability to work across departments
  • Understand the life cycle of information as it pertains to Security
  • Knowledge of OWASP Top 10/ SANS Top 25, identify vulnerabilities via manual and automated testing methods and how to effectively remediate vulnerabilities associated with each. Ability to recognize and escalate Security issues
  • Intermediate knowledge of SecurityAudit Process
  • Expert knowledge of Business Continuity plans/Disaster recovery
  • Work expertise in product development Security, preferably with exposure to application security testing (source code review and web/mobile application penetration tests) 
  • Familiarity with different types of security vulnerabilities and tools for countermeasure
  • Provide regular, timely reporting on the information security status across the supported business units
  • Understanding and application of information security principles
  • Computer literate esp. MS Excel, PowerPoint,  and MS outlook

Employee Attributes/Competencies

  • Strong interpersonal skills including the ability to effectively work and actively communicate with people and cross functional teams.
  • Excellent oral and written communication skills as well as strong organizational skills.
  • Strong analytical skills, with an eagerness to work hard and achieve exemplary results.

LNR006BF

Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.