The primary purpose of this position is to provide Information Security expertise and guidance, and lead efforts to ensure that the appropriate security controls are implemented and managed across business units. This position will also provide recommendations based on audits and assessments to ensure compliance and mitigate risk and will proactively identify areas where information theft/leakage is possible and provide solutions for mitigation. This position will also provide security solutions for compliance or areas of concern to the business.
Primary Duties & Responsibilities
- Develops and leads corporate security awareness program
- Coordinates, documents, and implements corporate security certification and compliance efforts
- Oversees and leads corporate crisis communication efforts
- Develops and maintains security policies, processes, and procedures
- Provides guidance and input on compliance oversight; areas to include PCI, HIPAA, export controls, etc.
- Integrate security governance into corporate IT governance
- Develops and maintains policies and procedures to address security questionnaires
- Leads efforts for client questionnaires responses, ensuring responses are provided in a timely manner and with supporting documentation
- Configures, supports, and evaluates security tools
- Reviews IT Initiatives and architectural designs to evaluate compliance to applicable security standards
- Conducts security audits, incident investigations, and provides recommendations to mitigate risks
- Reviews, modifies, and integrates security with disaster recovery and business continuity plans and ensures representation of security in change management process
- Develops and maintains remote access policies
- Maintains and conducts tests against a Security Incident Response Plan
- Performs vulnerability assessments against systems and network devices and provides recommendations for remediation based upon the results
- Interacts and provides consultation to senior management regarding acceptable IT security practices
- Performs security assessments, creates gap analysis and develops a road map to continually improve enterprise security
- Develops information security training for employees regarding policy and procedures that help to minimize disruption and risk to the business
- Establishes metrics and KPIs to evaluate the high-level health of our security across the enterprise
- Leverages ITIL fundamentals to provide guidance and oversight for change management processes
- Bachelor's degree in Information Technology, Business Information Technology, or related field
- At least five (5) years of technical experience in IT Operations organization, to include experience with Windows server operating systems, Linux/UNIX operating systems, and Security Compliance and Auditing
Other Position Requirements -
- Demonstrated experience in public speaking and presentations.
- Ability to communicate effectively with executive leadership, highly technical employees and support personnel.
- Demonstrated knowledge of common protocols such as SNMP, HTTP, HTTPS, SMTP, NTP, LDAP, KERBEROS, RADIUS, SSH, Telnet, RDP, SCP, SFTP and FTP
- Demonstrated knowledge of MDM policies
- Demonstrated knowledge of encryption types and practical uses
- Demonstrated experience in answering RFQ or RFI from customers or business units
- Demonstrated experience in the use of security tools such as nmap or Wireshark
- Demonstrated experience in Risk Assessments
- Demonstrated experience with ITSM/ITIL best practices implementation
- Experience implementing security controls for Software Development Lifecycle (SDLC)
- 2 years experience in large enterprise with retail or sales based company
- 2 years of experience managing teams in IT Operations
- 5 years auditing experience
- CISSP, CCSP, CISA, or GIAC certifications
- ITIL certification
Data Privacy and Security:
- All Sirius employees are responsible to safeguard the information and information systems that they use or handle in the execution of their duties. Employees are obligated to know and perform their duties in accordance with Sirius policies, standards, and procedures related to security and report security violations to the appropriate Sirius authority.
- Participate at hire and annually in the Information Security Awareness training as well as other required training identified by the Human Resources department. Other data privacy and data security related regulatory training may be required based on your role or assignment.
Travel will be required to perform audits, investigations or as required by above functions
The above primary duties, responsibilities, and position requirements are not all inclusive.