|Date Posted||March 9, 2018|
Job Title: IT Security Specialist I (IT)
PLEASE NOTE: CANDIDATES MUST POSSESS A CISSP CERTIFICATION AS A PRE-REQUISITE FOR THIS POSITION (Noted Below Under Education/Experience Requirements)
· Plan, execute, and manage multi-faceted projects related to risk management, mitigation and response, compliance, control assurance, and user awareness
· They are focused on developing and driving security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization.
· These individuals provide expertise and assistance to ensure the company's infrastructure and information assets are protected.
· Information Security professionals develop security policies and procedures such as user log-on and authentication rules, security breach escalation procedures, security assessment procedures and use of firewalls and encryption routines.
· They perform security assessments and security attestations.
· To enforce security policies and procedures, they monitor data security profiles on all platforms by reviewing security violation reports and investigating security exceptions.
· They update, maintain and document security controls and provide direct support to the business and internal IT groups.
· These professionals work directly with the customers, third parties and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk.
· They also communicate and educate IT and the business about security policies and industry standards, and provide solutions for enterprise/business security issues.
- Develops and manages security for multiple IT functional areas (e.g., applications, systems, network and/or Web) across the enterprise.
- Develops and manages enterprise security services such as password auditing, network based and Web application based vulnerability scanning, virus management and intrusion detection.
- Develops security solutions for complex assignments.
- Works on multiple projects as a member or technical lead.
Departmental Responsibilities (or the top 3 skills)
- Experience working with security frameworks such as HITRUST, ISO, NIST, etc. for building an information security program to manage risk and reduce vulnerabilities. Experience in developing and implementing Information Security Policies and Procedures for ongoing management of information security controls in an enterprise environment.
- Experience working with cross functional teams - auditors, technical resources, legal and business areas - to produce responses and evidences requested in security questionnaires and audits conducted by existing customers.
- Understanding of security risks associated with the “Human Factor” of security, methods employed by hackers to steal organization’s proprietary information and social engineering awareness programs used to elevate the security competencies of the workforce to provide motivation to make better security decisions.