Manage and continuously improve a Cyber Security Compliance program. This would include conducting security business and infrastructure compliance reviews, security risk assessments for internal/external information assets. Perform Incident response and forensics responsibilities for Connecticut Children's Medical Hospital to ensure the confidentiality, integrity and availability of enterprise information resources. Provide recommendations to balance cyber risks and enable the business in a secure manner. Improve the overall security posture to meet the expanding and changing business needs of the organization.
These duties are not meant to be all-inclusive and other duties may be assigned.
- Experienced in performing security business application and infrastructure compliance reviews, risk analysis, forensics and penetration testing
- Actively monitor systems and networks for potential intrusions
- Lead, conduct and maintain security risk assessments, identify security vulnerabilities, develop recommendations, document findings and remediation plans
- Manage remediation plans toward closure
- Define security standards & incident response plans to detect, respond and recover from security incidents using a risk based methodology
- Develop and document security policies and procedures, training and awareness
- Serve as a security expert reviewing and recommending security controls for network, application designs, operating systems, endpoint protection, mobile device implementations of new/updated applications and services
- Ensure business and technical requirements are aligned to security policies and are implemented within regulatory and corporate compliance.
- Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; related to forensics and incident response
- Excellent written communication and presentation skills with the ability to present complex security issues to a variety of audiences, including senior executives
- Must be self-directed, able to manage individual projects or act as part of a larger team.
Education and Experience
Bachelor's degree in Information Systems or equivalent
Minimum of six (6) years of enterprise security related work experience. Minimum of four (4) years incident response/forensics experience. Previous 24 x 7 operations experience
Licenses and Certifications
Certified Information Systems Security Professional (CISSP) minimum upon hire or related certification: CISM, PCI QSA, GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA)