Information Security Specialist
We have an exciting opportunity for an articulate, creative and enthusiastic team player to join our team as an Information Security Specialist. The ideal candidate will have prior experience working in an enterprise helpdesk environment, possess technical experience in client/server hardware/software, excel in the area of customer service, and operate as a valued team member in this customer-centric position. The ability to build rapport with potential and existing customers is vital.
- Provide guidance and expertise in the field of risk management regarding the protection and security of data.
- Capture / document organization's security posture through risk assessments.
- Propose technical solutions to management and senior IT staff to address security weaknesses and coordinate with relevant stakeholders to implement.
- Present findings in a professional manner, recommending mitigations either via new technology, alternative compensating controls, or policy modifications for improving overall security posture.
- Design / develop information securityarchitectures that support control implementation within existing architectures.
- Support business stakeholders at the highest levels in the implementation, remediation, monitoring, and maintenance of security policies, standards, controls, and security corrective actions across the organization, leveraging sound technical knowledge and security concepts.
- Minimize securitythreats by examining governance, technologyinfrastructure, and facilities to identify security deficiencies, using risk analysis and follow up with corrective action plan.
- Manage incident handling processes which include implementation of containment, protection, and remediation activities.
- Supportsecurity training and awareness by providing ideas and content to the training team as well as conducting presentations on hot security topics for stakeholders, as needed.
- Develop / maintain the documentation for Information Security Policies, Standards, and Procedures. Design / implement / perform internal security reviews.
- Perform project management of security initiatives from concept to implementation. Stay knowledgeable of company and industry security standards.
- Travel to offsite datacenters / branch locations as required.
- Work overtime / weekends as required, including on callsupport during off-hours.
- Enterprise Domain experiencerequired. Knowledge of Active Directory, DNS, DHCP, GPO, PKI.
- Understanding of networking concepts and configurations.
- Understanding of networking protocols (TCP, UDP, SSH, SSL, etc.).
- General knowledge of Endpoint protection solutions.
- General knowledge of mainstream operating systems (Microsoft Windows, UNIX and Linux) and a wide range of securitytechnologies.
- General knowledge of Databasetechnologies and queries (Microsoft SQL, MySQL, Oracle, etc.).
- Strong understanding of information technology tools and concepts.
- Strong knowledge of Information Security principles/processes and experience writing/maintaining information security policies, standards, and guidelines.
- Strong knowledge of common security frameworks (ISO, NIST, HiTrust)
- Strong knowledge of varying industry data standards (PCI, HIPAA, etc.)
- Strong knowledge of industry standard security guidelines.
- Experience in risk assessments and vulnerability management.
- Experience in developing or administering an information security program preferred. Familiar with information sharing specifications, as pertains to Information Security. Well versed in project management procedures and concepts.
- Strong analytical and problem solving skills.
- Strong focus on customer service required.
- Excellent verbal and written communication skills required.
- Ability to maintain productive working relationships with peers required.
Certification(s) in Information Security areas such as CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor) are preferred. Bachelors of Science degree in Computer Science, Engineering, Computer Security, Information Systems, or related field - or an equivalent combination of education and experience.