MAJOR RESPONSIBILITIES 

POLICIES, PROCEDURES, & STANDARDS:

Maintains an up-to-date understanding of industry best practices. Develops, enhances and implements of enterprise-wide security policies, procedures and standards. Monitors the legal and regulatory environment for developments.  Recommends required changes to IT policies and procedures. Supports service-level agreements (SLAs) to ensure that security controls are managed and maintained. Monitors compliance with security policies, standards, guidelines and procedures. Ensures security compliance with legal and regulatory standards.

BUSINESS REQUIREMENTS:

Engages directly with the business to gather a full understanding of project scope and business requirements. Works with customers to identify security requirements using methods that may include risk and business impact assessments. Consults with other business and technical staff on potential business impacts of proposed changes to the security environment. Provides security-related guidance on business processes.

RISK ASSESSMENTS AND SECURITY TESTING:

Works directly with the customers and other internal departments and organizations to facilitate IT risk analysis and risk management processes and to identify acceptable levels of residual risk. Conducts business impact analysis to ensure resources are adequately protected with proper security measures. Assesses potential items of risk and opportunities of vulnerability in the network and on information technology infrastructure and applications. Reviews risk assessments, analyzes the effectiveness of IT control activities, and reports on them with actionable recommendations. Monitors risk mitigation and coordinates policy and controls to ensure that other managers are taking effective remediation steps. Manages the oversight of technical risks assessments, such as vulnerability scanning and penetration testing. Performs data breach simulations and testing

APPLICATION SECURITY

Assesses application threats, vulnerabilities, risks and compliance Recommends the appropriate information security controls and measures for Applications. Develops and manages security measures for Applications to prevent security breaches. Manages application security documentation (compliance documentation, security plans, risk assessment, corrective action plans, etc.). Consults with clients on the application security

SECURITY AUDIT:

Performs security audits. Participates in security investigations and compliance reviews as requested by external auditors.

COMMUNICATIONS/CONSULTING:

Serves in an advisory role in application development projects to assess security requirements and controls and ensures that security controls are implemented as planned. Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle. Informs stakeholders about compliance and security-related issues and activities affecting the assigned area or project. Interfaces with business and IT leaders communicating security issues and responding to requests for assistance and information.​ Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.

VENDOR MANAGEMENT:

Works with third party vendors during problem resolutions. Interfaces with third party vendors to evaluate new security products or as part of a security assessment process.​

COACHING/MENTORING:

Provides ongoing knowledge transfer to team members and clients on security policies, products and standards. Mentors less-experienced team members.

QUALIFICATIONS:

• Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience. Requires in-depth knowledge of security issues, techniques and implications across all existing computer platforms. A high proficiency level in specific job related skills is required.
• Typically requires 5 – 7 years of combined IT and security work experience with a broad range of exposure to security testing, compliance, vulnerability management, risk management, application security, and DevSecOps. Experience designing and implementing security processes, functions, and solutions. 
• Willingness and ability to travel domestically and internationally, as necessary.

Preferred Skills, Knowledge and Experience:

• CISSP certification CISA certification
• Security Certification (i.e., Certified Information Systems Security Professional (CISSP).
• Effective in written and verbal communication in English (desired)
• Vendor Management experience Project Management experience Risk Management experience Incident Management experience Vulnerability Management experience Threat Management experience Application Security and OWASP experience Compliance Management Experience