Job Description
Reporting to the VP the Security manager provides security consulting support for general IT & Information Assurance specific projects as well as operational support on defensive systems.
Key Responsibilities
1. Hands-on security systems operation for IDS, SIM, Security Auditing / Vulnerability Scanning,
2. Develops and coordinates the development of security policies, standards, and procedures; collaborates with other divisions, data owners and division managers in the development of policies to ensure proper security safeguards are achieved.
3. Develops and implements an ongoing risk assessment program, including recommending methods and overseeing vulnerability detection and testing.
4. Develops security awareness training and training materials on information security for employees and other authorized users; collaborates with SLU training staff to establish a standardized information security awareness and training program.
5. Develops and implements incident reporting and incident response processes and procedures to address a security incident/breach, violation of policy or complaint; serves as a point of contact for information security inquiries and audits; performs other duties as assigned.
Secondary Responsibilities
1. Managing audit issue remediation efforts.
2. Hands-on and coordination (where appropriate) of remedial measures for security events, incident and vulnerabilities.
3. Co-ordinate technical resources to support network security incident handling for virus outbreaks, etc.
4. Generate regular and ad hoc reports on network security posture: event aggregation, detection statistics, access violations, remedial actions.
5. Assist in IT security governance development and gap analysis.
6. Keep abreast of industry security trends and current network threat profiles.
7. Support / coordinate vulnerability management services for the organization.
Required Skills
1. Knowledge and experience in Windows, Linux/Unix, VMWare administration
2. Understanding of security/virus incident response.
3. Ability to communicate both written and oral; and interpret technical information relating to information resources technology in a non-technical manner
4. Understanding of security event reporting and analysis processes/technologies
5. Understanding of information security risk assessment processes
6. Undergraduate degree in Computer Science, Computer Engineering or similar field, Graduate degree preferred.
7. CCSP, CISSP MCSE 2003+ (if not, must be willing to attain with 12 – 24 months)
8. McAfee TOPS Advanced / IntruShield / Foundstone Scanner / ePO, Fortify 360, Firewalls, Citrix, Cisco VPN / Secure, Netilla, Tufin, Envision, BlueCoat, ProofPoint, Voltage, Active Directory, & Radius
9. 5-8+ years of related experience
Required Experience
1. Familiarity with financial services regulations and control documentation requirements.
2. Broad understanding of current information security technologies, security industry trends, etc.
3. Quick Learner, adaptable, flexible, and team player
4. Any of the following certifications: CEH, CCNP, CISA, CCE (or other computer forensic certification), Security+, ITIL, GIAC, PMP, CISA, CISM, CISSP