Essential Job Functions:
- Report to the Information Security Officer of USIS IT and be strategically involved in key security decision making for the Business Unit
- Assist with internal consulting, advisement and assistance for all aspects of Information Security
- Serve as subject matter expert in multiple security disciplines and security consultant for projects and troubleshooting efforts
- Work as the subject matter expert on USIS business unit IT platforms and infrastructure
- Participant in secure application and system development lifecycle activities and process assessments
- Implement threat modeling, formulate application security procedures, and resolution plans
- Provide technical support services in remediation of application security remediation efforts.
- Work with the USIS business unit IT organization to proactively identify and address security observations/findings
- Serve as subject matter expert in multiple security disciplines and security consultant for IT modernization and innovation efforts.
- Evaluate and advise on policy exceptions for the business unit
- Perform business process related securityrisk assessments
- Maintain and monitor internal observations/findings for both internal customers and third parties
- Perform advanced countermeasure design, development, implementation, and assessment in conjunction with Security Engineering
- Lead small to mid-size security related projects to increase maturity of the Information Security program
- Assist with investigation and resolution of securityevents, and assist with disciplinary and legal matters associated with such events
- Understand how to manage a securityevent and crisis
Skills and Requirements:
- Bachelor's degree or an equivalent combination of education and experiencerequired
- 6-8years of security and networking experiences
- Experiences with application security testing and related efforts
- Understand Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), SSAE-16 attestations, ISO 27001 Standards, Payment Card Industry Data Security Standard (PCI DSS), NIST Standards, standard security practices, current and emerging privacy and security regulations.
- Strong communication skills including strong verbal presentation skills. Ability to communicate security concepts to technical and non-technical audience and able to interact with all levels of the organization
- Experience working in matrix environment with globally diverse team members
- Ability to work under pressure
- CISSP, CISM or related certification is a strong plus
- Leadership in intellectual engagement, work ethic; quality of work product
- Good judgment, integrity and follow through on commitments
- Team player who actively collaborates and commits to success of others.
- Pitches in where necessary to support team success
- Exhibits self-motivation to perform to the highest standard of excellence
- Results Focused. Focuses on the critical objectives that add the most value and consistently delivers results that meet or exceed expectations
- Relentlessly seeks, shares and adopts ideas and best practices in and outside the company and embraces change introduced by others