JOB SUMMARY

The Information Assurance Security Administrator is responsible for collaborating with the information assurance team to demonstrate and achieve the 24 Hour Fitness-wide Information Assurance product goal, along with metric based reporting for security implementation and compliance. This position performs system analysis techniques and procedures, including collaborating with team members, to determine hardware, software or system security specifications. This position documents, analyzes, and creates testing or modification of security systems or programs in accordance with user and/or system design specifications. This position develops methodologies to track interdependencies of critical assets with entities outside the organization and inventorying and classifying critical assets (data, hardware, and software). This position monitors an organizational security architecture plan and performs end-to-end IT security assessments and ensures discrepancies are corrected. This position administers organization level monitoring systems, and performs manual cyber-security threat discovery (i.e., threat hunting) to identify, prevent and potentially remediate cyber-security threats to the organization.

ESSENTIAL DUTIES & RESPONSIBILITIES

Policies and Procedures

• Collaborate with the Information Assurance team to produce documentation that demonstrate and/or supports the information assurance product goal using existing internal documentation, industry standards, state and federal government legislation (e.g. CIS CSC 18, NIST CSF, PCI, CCPA, etc.).
• Collaborate with the Information Assurance team to develop and maintain IT Security Systems and Infrastructure Security.
• Collaborate with the Information Assurance team to develop and maintain the enterprise-wide threat model.
• Review and maintain internal security policies and procedures.

Compliance and Enforcement

• Collaborate with the Information Assurance team to update and maintain organizational PCI compliance documentation.
• Perform, assist with, and document investigations of internal policy infractions.
• Collaborate with the Information Assurance team to identify and document cyber-security risks and develop cyber-security risk mitigation plans.

Infrastructure Support and Initiatives

• Implement and maintain IT Security Architecture documentation.
• Collaborate with the Information Assurance team to develop methodology to track interdependencies of critical assets with entities outside the primary organization.
• Research, develop, document, and implement tracking and inventory methodologies for maintaining inventory of critical assets (hardware and software).

Audit and Assessment

• Assist with internal and external assessments of 24 Hour Fitness's IT Security posture.
• Perform internal auditing procedures of organizational level IT controls and policy compliance.
• Design, implement, document, and evaluate computer security programs.

Incident Response

• Participate as a member of the Computer Security Incident Response Team (CSIRT).
• Proactively search for and identify cyber-security threats to the 24 Hour Fitness enterprise.

Security Training and Awareness

• Produce end user documentation and security awareness training materials.
• Provide in-person security awareness training.

Other duties as assigned by manager.

ORGANIZATION RELATIONSHIPS

The Information Assurance Security Administrator reports to the Information Assurance Manager. Assists with audits and investigations as directed. Participates in Information Assurance Scrum Team events as required.

REQUIRED QUALIFICATIONS

Knowledge, Skills & Abilities

• Experience working with CIS CSC 18 computer security programs.
• Familiar with Payment Card Industry (PCI) standards and assessment process.
• Experience with network and host-based intrusion detection and prevention.
• Understanding and familiarity with computer forensic analysis tools and methodologies.
• Proficient in Firewall, UNIX, Microsoft Systems, and Application security and auditing.
• Experience with writing computer security policy documentation.
• Strong verbal and written communication skills.

Minimum Educational Level/Certifications

• Associate's degree in related field, or relevant professional experience.
• Security+ or equivalent entry-level certification.

Minimum Work Experience and Qualifications

• 1+ years experience in a related field.

Physical Demands/ Environmental Conditions

• Normal day-to-day business operations including using a keyboard, walking, bending and reaching.

Travel Requirement

• Travel is not routine but may be required.

PREFERRED QUALIFICATIONS

Knowledge, Skills & Abilities

• Proficiency in Python.
• Familiarity with penetration testing techniques and tools.
• Familiarity with Agile values and principles.
• Familiarity with the Scrum pillars as well as Scrum values and principles.
• Experience with auditing and gathering evidence in support of audit findings.
• Experience writing reports of findings related to audits and tests.

Educational Level/Certifications

• CASP and/or SANS GIAC certification is strongly desired. If the candidate does not possess the CASP certification upon being hired, the candidate will be required to obtain the certification within one calendar year of being hired.

Work Experience and Qualification

• Previous experience in either a publicly traded company, or government entity.
• Experience with vulnerability scanning.
• Exposure to software security testing.
• Understanding of application and system logging and analysis.