POSITION DESCRIPTION:
This position is responsible for designing methods of efficient troubleshooting for multiple disciplines of Information Technology security including, but not limited to, access control, regulatory compliance (SOX, PCI), privacy (DPA, GAPP), network/telecommunications, cryptography, operations and application security. This entails evaluating technologies that align with defined business needs. Also assess problems impacting IT system stability due to security related issues and administers existing and new security tools according to best practices and compliance guidelines.
DUTIES AND RESPONSIBILITIES:
Design and engineer IT security solutions using a combination of tools, best practices and procedures to enhance systems security related to onboard guests, employees, crew members and corporate private and confidential data.
Test, coordinate, push and monitor security patches, anti-virus, and anti-malware to computers, laptops and servers and predefined maintenance windows.
Investigate, escalate and implement immediate corrective action for critical security incidents that render company applications inaccessible; analyze incidents and evaluate lessons learned to create educational opportunities.
Resolve incidents and troubles that impact systems and security measures. Run patch validation monthly with business units and IT disciplines for confirming system stability post security changes. Monitor and review logs monthly for meeting SOX and PCI compliance standards.
Run quarterly report and analyze results to identify and classify the location of private and sensitive information. Quarantine data in a secure location and work directly with the department head regarding the access required for team members to the quarantined data. Report findings, solutions, and timeline to the IT Manager and IT Director.
Run penetration testing quarterly for the discovery of vulnerabilities in the network and web facing applications.
Highlight and escalate to management any potential vulnerability or breach from internal and external sources.
Audit firewall rules quarterly to ensure high risk ports are blocked.
Audit virtual server environment and work with server team to reduce risk of regulatory compliance failure. Correct any vulnerability that could expose critical data to unauthorized access.
Perform other job related functions as assigned.
QUALIFICATIONS:
Bachelor’s Degree in Computer Science or related field of study; or any equivalent combination of relevant work experience and training.
Possess current CISSP, Security +, and MCSE.
Minimum 6 years experience in technical security field with in-depth network or server administration background strongly preferred.
2 years experience working with Cryptography.
Previous implementation of an identity Access Management tool preferred.
Previous experience in the virtualized server and desktop environment preferred.
Expert level knowledge of Active Directory.
Project management skills strongly preferred.
Ability to demonstrate in depth knowledge of the OSI model and how security impacts each layer.
Working level knowledge of varying privacy laws around the globe and how each impact privacy data.
Public-speaking skills to effectively report findings and solutions to groups.
Interpersonal skills to work in a team based environment.
Ability to handle confidential information and maintain professional discretion.
Within reasonable accommodation, ability to sit for long periods of time and see various colors for wiring, alerts, and security status.
Must be able to travel to international offices and to ships for security related audits, training and implementations.
Ability to work on -call on a rotational basis on weekends and evenings.
Ability to work well under pressure on multiple functions and shift priorities per business demands.
Ability to convert technical challenges and solutions into understandable common terms for presentation and notification purposes.
Good command of English and business writing skills sufficient to compose corporate emails, policies and procedures.
Ability to build and nurture positive working relationships with internal customers with the intention to exceed expectations.
