Responsible for leading the engineering activities that evaluate cyber security risk and potential security threats to the company's ISP, Video, Voice, software and cloud systems. This position will work closely with network engineering, video engineering, product groups and technical operations staff performing cyber security risk assessment and management of existing and new business technologies and tools improve security operations, risk management processes and as security threats and vulnerabilities are detected and coordinate the response to mitigate and remediate the threat to Charter's network. Assessor will be a part of a team that conduct's the threat management and risk assessment processes for network security operations and communicate to executive leadership.
DUTIES AND RESPONSIBILITIES
- Implement, maintain and monitor threat intelligence data from various resources that is relevant to Charter's networks and systems
- Actively advises on and evaluates the impact of cyber threats.
- Recommend and implement processes and controls through risk assessment that establish appropriate governance structures for managing risk according NIST and other frameworks.
- Advise and provide consulting on security counter-measures.
- Recommend design security processes and solutions used by Network Security Operations.
- Develop security requirements for new projects and perform the security risk assessments prior to going into production.
- Perform and coordinate engagements with 3rd party service providers to perform ongoing security testing on critical assets.
- Ensure compliance with security standards, policies and procedures.
- Adhere to industry specific local, state, and federal regulations, as applicable.
BASIC / MINIMUM QUALIFICATIONS
- Bachelor's Degree in Information Security or related field and/or equivalent work experience
- Minimum of three (3) years IT/Network Engineering experience
- Minimum of three (3) years Information Security experience
ADDITIONAL JOB REQUIREMENTS
- Knowledge of network and system security vulnerabilities and exploits. Must understand what is required to prevent security exploits, how to detect security attacks and anomalies and how to respond to security incidents and intrusions.
- Proficient knowledge of related industry specifications and standards NIST, CSRIC, Firewalls, Intrusion Detection and Prevention, DNS, Routing, Ethernet, Transport technologies and protocols, network security design, network security architecture, TCP/IP protocols and topology.
- Proficient knowledge of forensic methodologies and best practices to investigate intrusions, preserve evidence and coordinate a unified security response.
- Related experience in conducting risk assessments across the organization, mission and business processes.
- Knowledge in cloud based applications, platforms and services security.
- Demonstrated leadership capabilities with the ability to work across functional boundaries, build consensus and drive results.
- Must have very strong written and verbal communication skills and should have good presentation skills.
- Must be a problem solver, able to balance competing priorities, have a strong process orientation and be able to manage through complexity and rapid change.
- Understanding of "ownership" of a project/program and the ability to execute on that with accountability
- Exhibit leadership skills working with cross-functional teams
- Subject Matter Expert (SME) with cybersecurity solutions and critical controls as you will be expected to consult and perform assessments against these items and architecture
- Have information security experience in a variety of industries and company types to show a depth and breadth of security acumen
- Excellent verbal communication and written composition skills with experience and confidence providing reports and consultation to internal clients and executive level staff
- A keen ability to discuss, consult on, and drive solutions around the Common Body of Knowledge (CBK) which is a comprehensive compilation of all the relevant subjects a security professional should be familiar with
- One or more of the following security training/certifications: CISSP, penetration testing, mobile device security, assessing/auditing networks, incident handler, or Splunk power user.
- Current security certifications, such as CISSP, ISACA, and SANS GIAC. Firewall, Intrusion Detection Systems, and/or other security technologies engineering
- Information Security Risk Management
- Cyber-security Consulting
- Cloud Security
- Security Information and Event Management (SIEM)