Job Description Job Summary:
Consults on a senior level and provides professional support for major components of the company's information security program. Responsible for supporting the technical analysis, design consulting and product review of security components. Leads the identification of new tools and techniques. Evaluates and assesses existing technical issues by researching and identifying innovative solutions to broad and complex information security challenges. Manages components of various projects to completion, consulting with various corporate teams, both within the IT and business environments to define information security solutions.
Job Duties and Responsibilities:
- Provides leadership to the development and implementation of security architecture, standards, procedures and guidelines for multiple platforms in diverse system environments. Ensures that security concerns are addressed and mitigated and that are appropriate standards are defined and published.
- Often drives the evaluation, testing and implementation of emerging technologies, information systems security issues. Presents proposed security enhancements to management for approval, funding and implementation.
- Perform security assessments and review networking initiatives for security compliance. Prepare status reports and "informational" metrics on security matters; develop security risk analysis scenarios and response procedures.
- Serve as a resource regarding the security of data networks and centralized data frameworks, to include coordinating activities with the business unit, users and external networks.
- Robust operational knowledge of the TCP/IP stack, network protocols, network topology and architecture, Windows and Unix operating systems, system logs events, anti-virus technologies, authentication systems (AD, LDAP, RADIUS, RACF), DNS, DHCP, SNMP, NetFlow, IP and application development processes/lifecycles
- Provide input into the design, implementation, and maintenance of the information security architecture. Analyze, review, and determine the technical requirements necessary to mitigate the security risk for Information Technology needs, plans, and initiatives.
- Implement and maintain required security tools. Investigate information security violations; monitor and communicate technical vulnerabilities.
- Recognize and identify potential areas where existing security policies and procedures require change, or where new ones need to be developed. Conduct risk assessments and security briefings; advise management of critical issues.
- Evaluate products and/or procedures to enhance productivity and effectiveness. Provide direct support to the company and IT staff for security related issues. Coordinate security awareness programs and provide education on security policies and practices. Provide consultations on security issues regarding new and existing systems.
- Monitor IT assets for security requirements to include procedures, software, and integrity.
- Work to build and maintain a security sensitive mindset within the company culture.
- Lead major projects and initiatives with a low level of management oversight
- Assist with the development, implementation, monitoring, maintenance and compliance of all information security standards, policies, and procedures.
- May lead the activities or work of the team. Provide leadership and direction to members of the department, performing those responsibilities in accordance with the Company's policies and applicable laws. May provide input on interviewing, hiring, planning, assigning or directing work, appraising performance, and resolving problems.
- Serve in the on-call rotation that ensures 24x7 coverage of the corporate security infrastructure and network environments, assuming responsibility for resolving or escalating any network issues that arise during own on-call period
- Generate security/network-related Management Information for regular internal reporting, including producing some high-level analysis of any emerging trends.
- Each team member is expected to be aware of risk within their functional area. This includes observing all policies, procedures, laws, regulations and risk limits specific to their role. Additionally, they should raise and report known or suspected violations to the appropriate Company authority in a timely fashion.
- Perform other related duties as required.
Additional Information Minimum Education: Bachelor's Degree in Information Technology, Business Administration, or related field.
Minimum Experience: 8 years of information security experience to include a background in a multiple information security technologies (e.g. intrusion detection, penetration testing, identity and access management).
Required Knowledge, Skills, & Abilities:
- Knowledge of various information security concepts and technologies such as identity management, network security, risk assessment, application security, platform security, security monitoring.
- Extensive knowledge of industry standard information security practices and processes. Seen as a thought leader, innovator and change agent.
- Robust information security knowledge of firewall systems, IPS systems, proxy systems, load balancers, remote access systems, packet capture procedures and applications, packet capture analysis, vulnerabilities, OWASP, and patching best practices
- Knowledge of network intrusion techniques, vulnerabilities, exploits, advanced malware, and the corresponding detective and preventative techniques
- Solid understanding of governance, compliance and audit regulations related to the financial services industry. (FDIC,OCC,FINRA,GLBA,SOX,PCI)
- Strong oral and written communications skills with the ability to communicate to technical and non-technical audiences.
- Strong analytical and problem-solving skills.
- Strong team-oriented interpersonal and communication skills.
- Solid project management skills in planning and monitoring projects in a cross-functional environment.
- Ability to solve problems independently, quickly, and completely and to communicate them clearly to management.
- Ability to adapt to rapidly changing technology and apply it to business needs.
- Ability to assist with network and application troubleshooting; provide technical consulting support.
- Ability to lead projects with very limited oversight