Identifies, develops and deploys global cyber security controls across the enterprise, leveraging Owens & Minor's assets, network and data to identify threats. Collaborates with IT Infrastructure Teams, supporting the end-to-end secure deployment of cyber security technologies and disciplines (antivirus, DLP, web filter and ATP, etc.).
ESSENTIAL JOB FUNCTIONS:
- Through review, analysis and documentation of current baselines, develops target cyber security and technology postures.
- Performs gap analysis of the current baseline against the target architecture.
- Evaluates, develops and applies appropriate tools to capture, analyze and model various viewpoints of the domain architecture.
- Defines metrics and methodologies to measure domain performance of applying new technologies.
- Reviews, designs and re-engineers domain processes with new technologies to improve domain performance.
- Defines cyber security control requirements for the network technologies.
- Provides centralized IT security services to the organization, developing processes and policies to reduce associated costs
- Operates as a first line of defense to ensure compliance with IT requirements, including Data Loss Prevention.
- Provides consultation and subject matter expertise to the organization on cyber security issues
- Researches, engages, and manages third party vendors where relevant to support functional objectives.
- Provides thought leadership to the function and broader cyber security organization, driving transformational change and capability uplift across the enterprise.
- Collaborates with various layers of management across cyber security and other IT teams to develop solutions that protect the organization.
- Designs and drives the implementation of service offerings, capability uplifts, and process improvements to protect the bank for a continuously changing threat landscape.
- Participates in focus activities as required, including backlog reduction.
SUPPLEMENTAL JOB FUNCTIONS:
- Performs additional duties as directed.
EDUCATION & EXPERIENCE REQUIRED:
- Bachelor's Degree required; concentration in Information Systems, Computer Science, or Information Security highly preferred
- Four (4) or more years IT Security professional experience within in a corporate role or large agency
- Five (5) years as an IT Security Endpoint Engineer preferred
- Global IT security experience/exposure and/or SANS certification highly preferred
- Or any combination of education and experience to meet the above requirements
KNOWLEDGE SKILLS & ABILITIES:
- In depth knowledge of IT security, and of working in a heterogeneous environment of diverse applications, systems, databases, SaaS solutions, and on premise/Cloud-based security offering
- Strong understanding of IT security and risk mitigation strategies
- Ability to create clear and concise documentation targeted at the appropriate audience (IT executives, Internal Business Clients and technical teams)
- Expert understanding of Active Directory / Federation Model, Multi-factor authentication, SSO, SAML, OAUTH, SSL Certificates, etc Experience with Citrix Products, VMware Products, Microsoft App-V and Microsoft Windows Registry / User Profiles
- Demonstrated knowledge of common adversary tactics, techniques, and procedures (TTPs)
- Intimate knowledge of the Cyber Kill Chain and other relevant network defense and intelligence frameworks
- Experience with collecting, analyzing, and interpreting technical data from multiple sources, documenting the results and providing meaningful analysis products
- Ability to deliver assertive, quality verbal and written communication
- Must be capable of creating architecture and related documents for pre-existing solutions and implementations
- Must be capable of collaborating with others regarding critical security decisions and policy and have others feel their input is being considered when decisions affect multiple teams and/or the business