- Provides professional support to the team for major components of the company's information security program Responsible for supporting the technical analysis, design consulting and product review of security components. Assists in identifying new tools and techniques. Evaluates and assesses existing technical issues by researching and identifying innovative solutions to broad and complex information security challenges. Provides support for projects to completion, consulting with various corporate teams, both within the Information Technology and business environments to define information security solutions.
Job Duties and Responsibilities:
- Provides support in the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms in diverse system environments. Ensures that security concerns are addressed and mitigated, and appropriate standards are defined and published.
- Supports the evaluation, testing and implementation of emerging technologies, information systems security issues.
- Performs security assessments and reviews networking initiatives for security compliance. Prepares status reports and "informational" metrics on security matters; develops security risk analysis scenarios and response procedures.
- Serves as a resource regarding the security of data networks and centralized data frameworks, to include coordinating activities with the business unit, users and external networks.
- Provides input into the design, implementation, and maintenance of the information security architecture. Analyzes, reviews, and determines the technical requirements necessary to mitigate the security risk for Information Technology needs, plans, and initiatives.
- Implements and maintains required security tools. Investigates information security violations; monitors and communicates technical vulnerabilities.
- Recognizes and identifies potential areas where existing security policies and procedures require change, or where new ones need to be developed. Conducts risk assessments and security briefings; advises management of critical issues.
- Evaluates products and/or procedures to enhance productivity and effectiveness. Provides direct support to the company and Information Technology staff for security related issues. Coordinates security awareness programs and provides education on security policies and practices. Provides consultations on security issues regarding new and existing systems.
- Monitors Information Technology assets for security requirements to include procedures, software, and integrity.
- Participates in the on-call rotation that ensures 24x7 coverage of the corporate security infrastructure and network environments, assuming responsibility for resolving or escalating any network issues that arise during own on-call period
- Works to build and maintain a security sensitive mindset within the company culture.
- Supports major projects and initiatives with a management oversight
- Each team member is expected to be aware of risk within their functional area. This includes observing all policies, procedures, laws, regulations and risk limits specific to their role. Additionally, they should raise, and report known or suspected violations to the appropriate Company authority in a timely fashion.
- Performs other related duties as required
The information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Synovus is an Equal Opportunity Employer supporting diversity in the workplace.
- Bachelor's Degree in Information Technology, Business Administration, or related field.
- Six years of information security experience to include a background in a multiple information security technology (e.g. intrusion detection, penetration testing, identity and access management)
- Certified Information Systems Security Professional (CISSP), Microsoft Certified Systems Engineer (MCSE), and/or Certified Network Engineer (CNE) are preferred.
Required Knowledge, Skills, & Abilities:
- Knowledge of various information security concepts and technologies such as identity management, network security, risk assessment, application security, platform security, security monitoring
- Basic knowledge of industry standard information security practices and processes
- Advanced directory services knowledge.
- Role-based access control knowledge (How to map/implement)
- Familiarity with REST API/SOAP/Connectors and how to integrate with them.
- Application implementation/onboarding experience (working with lines of business to onboard applications accounts to CyberArk and creating service accounts/safes within CyberArk)
- Good oral and written communications skills with the ability to communicate to technical and non-technical audiences
- Strong analytical and problem-solving skills
- Strong team-oriented interpersonal and communication skills
- Ability to solve problems independently, quickly, and completely and to communicate them clearly to management
- Ability to adapt to rapidly changing technology and apply it to business needs
- Ability to assist with network and application troubleshooting; provide technical consulting support