Monitor and implement information security safeguards for Hertz information systems and components
Manage and report on IT securitycompliance. Maintain and improve the compliance processes for Hertz computing resources to allow reasonable and acceptable level of protection. Identify and mitigate possible security breaches (internal and external). Perform security assessments of critical computing resources.
Key Result Areas
- Conduct regular vulnerability and independent assessments.
- Conduct reviews of critical computing resources.
- Manage independent assessment efforts.
- Gather and analyze information from Hertz computing resources to identify possible security breaches including intrusions from outside (attacks) and inside (misuse) of the systems.
- Coordinate the efforts internal and external resources required to resolve computer incidents as required.
- Maintain and improve log consolidation and event correlation system.
- Identify internal control risks, and suggest practical cost-effective solutions to eliminate or compensate for the risk in all areas.
- Conduct control reviews for operating systems, applications, and systems infrastructure.
- Develop techniques to automate and expand periodic reviews for areas of high-risk exposure.
- Track and report on the status of corrective actions for completed internal and external audits/assessments.
- Maintain an awareness of control issues in emerging technologies.
- Interface with internal and external auditors.
- Determine the need for policies, procedures, standards, and ensure ongoing compliance.
- Conduct special projects/analysis where objectivity and independence is required.
- Coordinate, gather and input Audit findings/responses
- Other duties as assigned
- Bachelors degree in MIS, Computer Science, Business Management or other equivalent degree or experience
- 3 years experience with IT risk assessments, COBIT methodology, PCI and SOX related projects.
- 1 year of auditexperience with multi-platform technology (compliance tests with MIS policies, procedures, and standards).
- At least 1 year of IT and/or Information Security experience
- Working knowledge of MS Office (MS Word, Excel, Access, PowerPoint, etc.)
- Good collaboration, problem solving, and project management skills
- Ability to prioritize and multi-task
- Excellent written and verbal communication skills.
- Ability to work independently; work without day to day supervision
- Experience in managing multiple projects simultaneously
- Three years of systems securityexperience with multi-platform technology
- IT Security certification (CISSP/CISA/CISM)
- Previous hands-on experience as an IS Analyst or possess auditing credentials with an emphasis on IT auditing
- Enterprise security monitoring activities
- Experience in incident management and/or computer forensics