Purpose:
The IT Information Security Officer will oversee Information Security, cybersecurity, and IT risk management programs based on industry-accepted Information Security and risk management frameworks across. This individual will be an integral part of the Information Technology organization reporting directly to the Global Information Security Officer to help improve and communicate the maturity levels of Information Security, state of cybersecurity, and IT risk practices across the organization.
Essential Duties/Responsibilities:
60 % of the time the IT Information Security Officer will:
- Coordinates the continuous development, implementation, and updating of security and privacy policies, standards, guidelines, baselines, processes, and procedures in compliance with local, state, federal, and in-country regulations and standards for client’s information systems, applications, and data.
- Develop and manage the frameworks, processes, tools, and consultancy necessary for IT to properly manage risk and to make risk-based decisions related to IT activities.
- Proactive at identifying risk while developing recommended mitigation/compensating remediation processes, procedures, patches, and upgrades to reduce security gaps.
- Assist IT managers and staff, with customer and regulatory audits and facilitate management response and remediation efforts when and where applicable.
- Ensure overall IT compliance with regulatory requirements through proactive planning and communication, ownership, and relationships.
- When and where applicable, facilitate information systems security management education and training in regulatory and industry standards for all employees.
- Receives security incidents and conducts appropriate level of investigations; prepares written findings, recommendations, and follow-up evaluation; and analyzes patterns and trends.
- Participates when and where applicable with clients Cybersecurity incident response process and procedures. If required report any events or exploited vulnerabilities including unauthorized system or network access, denial of service, inappropriate data access, data corruption, and/or collection of private or confidential information.
- Make recommendations for improving controls and practices to reduce risks related to Information Security.
- Participate in the review and analysis of security products and services and make recommendations based on the needs of the business and IT organization.
- Use security tools such as firewall rule analyzers, vulnerability and application security scanners, and other similar tools to evaluate and communicate risk to IT and business stakeholders.
35% of Time IT Information Security Officer:
- Will be mutually determined by GISO and the ISO as needs are evaluated
5% of Time IT Information Security Officer:
- Perform other duties as assigned
Position Requirements:
- 5+ years of progressive experience in Information Security/cybersecurity.
- Bachelor’s degree in computer science, Information Systems, or other related areas.
- Possess Certified Information Systems Security Professional (CISSP) Required.
- Knowledge and understanding of best practices in governance, risk, and compliance standards.
- Knowledge and experience with networking concepts, protocols, and services.
- Knowledge of vulnerability scanning, and firewall risk analysis tools is desirable.
- Knowledge of privileged access management platforms and privacy tools is desirable.
- Knowledge of log aggregation and alerting tools such as is desirable.
- Excellent organizational, time management, and communication skills (both oral and written).
- Strong interpersonal skills and the ability to effectively communicate with various individuals and constituencies in a diverse community.
- Proven problem solver with the ability to provide in-depth analysis of complex problems, manage risk, and provide timely and accurate decisions.
- General knowledge of Information Security regulatory requirements and standards such as ISO 27001/2, SANS top 20, and NIST 800-53.
- Demonstrated abilities in meeting scheduled deliverables and commitments while juggling multiple projects and tasks.
Job Type: Full-time
Salary: $100,000.00 - $120,000.00 per year
Benefits:
- Dental insurance
- Health insurance
- Paid time off
Experience level:
- 6 years
Schedule:
- 10 hour shift
- 8 hour shift
- Monday to Friday
Experience:
- Cybersecurity: 1 year (Preferred)
Ability to Commute:
- Remote (Required)
Work Location: Remote