The Lead Information Security Specialist is responsible for maintaining an enterprise information and systems security stance through policy, architecture and training processes. Monitoring, evaluating, and maintaining systems, procedures and policies to protect the data systems and databases from unauthorized users. Leading Information Security projects and critical initiatives. Leading collaboration with IT architects and engineers to design and implement security controls. Identifying potential threats and vulnerabilities related to information systems. Determining causes of security violations and recommends corrective actions to ensure data security. Assisting in communicating security procedures to users. Supporting compliance audit and vendor management initiatives. Promoting Information Security education and awareness. Providing leadership and working as part of a team. Working with on-premise and cloud based technology
Essential Functions
• Project management
• Track and report Information Security key performance indicators (KPIs)
• Design, implement, and monitor security measures for the protection of computer systems, networks, and information
• Identify and define computer system security requirements
• Collaborate with IT architects and engineers to design and implement security controls
• Prepare and document standard operating procedures and protocols
• Develop technical solutions and security tools to help mitigate security vulnerabilities and automating repeatable tasks
• Configure and troubleshoot security infrastructure devices
• Write comprehensive reports related to the enhancement of computer systems, networks, and Information Security
• Act as lead security technical adviser or analyst for initiatives to evaluate new technologies for program conformance
• Test solutions effectively utilizing industry standard analysis criteria involving delivery of technical reports and formal papers on test findings
• Conduct periodic infrastructure scans, penetration tests, simulations to expose weaknesses, etc. Analyzing and reporting resulting findings with recommendations to minimize risks
• Manage technical Information Security projects and initiatives
• Aid in the assessment and control of 3rd and 4th party vendor risk
Additional Essential Functions
• Ensure compliance with Northwest’s policies and procedures, and Federal/State regulations
• Navigate Microsoft Office Software, computer applications, and software specific to the department in order to maximize technology tools and gain efficiency
• Work as part of a team
• Work with on-site equipment
Additional Responsibilities
• Perform other duties as assigned
Safety and Health for those without supervisory duties
• Abide by the rules of the safety and loss prevention program
• Perform work tasks in a safe manner
• Report any and all injuries to supervisor
• Know what to do in case of an emergency
QUALIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education
Bachelor's Degree in related field Or
(5) or more years of experience or an equivalent combination of education and related work experience
Work Experience
6 - 8 years Demonstrated work experience as a system, network, or Information Security engineer
6 - 8 years Hands-on designing, implementing, or administering technical security controls including firewalls, IDS/IPS systems, anti-malware, authentication systems, SIEM log management, content filtering, behavioral analytics, network monitoring, public key infrastructure
6 - 8 years Building and maintaining Information Security systems and frameworks
6 - 8 years Designing database, network, telephony, and operating system security architecture
6 - 8 years Understanding of the latest security principles, techniques, and protocols
6 - 8 years Understanding of cloud and web-related technologies (web applications, web services, service-oriented architectures) and of network/web-related protocols
6 - 8 years Configuring authentication mechanisms, system logging, group policy objects
6 - 8 years Supporting IT audit functions
6 - 8 years Performing digital forensics and related investigations
6 - 8 years Technical project management
General Employee Knowledge, Skills, and Abilities
• Ability to establish effective working relationships among team members and participate in solving problems and making decisions
• Ability to present and express ideas and information clearly and concisely in a manner appropriate to the audience, whether oral or written
• Ability to actively listen to what others are saying to achieve understanding, sharing information with others and facilitating the open exchange of ideas and information
• Ability to establish courses of action for self to accomplish specific goals, develop and use tracking systems for monitoring own work progress, and effectively use resources such as time and information
• Ability to make right decisions based on perceptive and analytical processes, practicing good judgment in gray areas
Additional Knowledge, Skills and Abilities
Knowledge within various layers of the OSI Reference Model
Knowledge of TCP/IP communications ports and protocols
Problem solving skills and ability to work under pressure
Organization and documentation skills
Licenses and Certifications
CISP ISC2 - Certified Information Systems Security Professional (CISSP) Within 1 year
Certification from an industry recognized professional organization Upon Hire