GENERAL STATEMENT OF DUTIES AND RESPONSIBILITIES
Provides information security subject matter expertise for the design, implementation and operation of IT infrastructure. Responsible for IT Risk Management, Training, Awareness, Policy, Information Governance and Asset Inventory, PCI Compliance. Monitor and advice on information security issues related to the systems and workflow to ensure the internal security controls for the entire system are appropriate and operating as intended. Respond to inquiries; maintain liaison with various agencies; and perform related work as required.
DETAILED STATEMENT OF DUTIES AND RESPONSIBILITIES
· Works with system owners to ensure that appropriate security controls are designed and implemented.
· Evaluates and recommends security solutions such as firewalls, anti-virus, SPAM filtering, web filtering.
· Performs virus cleanup, manages AV console
· Manages web filtering; communicates with various personnel
· Performs vulnerability scanning
· Manages end-point security and software firewall
· Conducts periodic information security risk assessments.
· Designs security standards.
· Advises departments on regulatory requirements and security best practices.
· Validates that security controls are deployed to meet PCI requirements.
· Conducts and/or manages third-party security assessments.
QUALIFICATIONS REQUIRED
· Experience should include security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing. CISSP or CISA certifications preferred.
· 3 years experience in working in a PCI-DSS credit card environment.
· Ability to analyze and determine the applicability of data, to draw conclusions and make appropriate recommendations;
· Ability to gather information by examining records and documents and by questioning individuals.
· Ability to assemble items of information in accordance with established procedures.
· Ability to determine proper format and procedure for assembling items of information.
· Ability to maintain accurate records;
· Ability to prepare and use charts, graphs and tables;
· Ability to prepare general reports.
· Ability to write concisely, to express thoughts clearly and to develop ideas in logical sequence.
· Ability to supervise, including planning and assigning work according to the nature of the job to be accomplished, the capabilities of subordinates and available resources; controlling work through periodic reviews and/or evaluations; determining subordinates' training needs and providing or arranging for such training; motivating subordinates to work effectively; determining the need for disciplinary action and either recommending or initiating disciplinary action.
· Knowledge of secure coding techniques, Active Directory, patching using SCCM etc.
· Additional IT experience as a programmer, system administrator or network engineer preferred
· McAfee EPO
· Rapid 7
· Websense
· Knowledge of the principles, practices and techniques of supervision.
· Knowledge of the laws, rules, regulations, policies, procedures, specifications, standards and guidelines governing assigned unit activities.
MINIMUM REQUIRMENTS
· BA or BS in Computer Science, Management Information Systems, or related field.
· Five years of progressive experience in computing and information security, including experience with Internet technology and security issues.