Develops and implements standards and procedures meant to protect organizational data assets from unauthorized access, disclosure, modification, or destruction.
Job Responsibilities
Assesses and evaluates systems to identify weaknesses and assess risk; performs vulnerability testing.
Implements new or upgraded security measures or controls, and documents system or process changes.
Reviews security violation reports or logs, investigates possible security exceptions and coordinates with internal teams or external agencies as needed, including managed service providers.
Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. May advise on security controls for projects.
May advise on penetration testing and vulnerability assessments of applications, operating systems and/or networks. May conduct complex cleanup of legacy environments
Researches and evaluates cybersecurity threats and performs root cause analysis.
Assists in the creation and implementation of security solutions, which may include conducting vendor assessments to ensure vendor is complying with security contract language and WBA security requirements.
May conduct contract reviews for appropriate security language prior to a project/WBA signing
May conduct remediation management or governance and/or escalations on vendors or operations issues requiring a solution
May perform as “Level 3” support in the event Managed Service provider is unable to resolve an issue.
May review projects to ensure alignment with Security Requirements and/or represent info security on projects, when necessary. May conduct oversight of a particular area of Managed Service, when necessary
Provides information to management as required, including Producing and delivering various dashboard, metrics and other reports, as required.
Basic Qualifications
Bachelor’s Degree and at least 1 year of experience in IT security OR High School/ GED and at least 4 years of experience in IT security.
Experience working in Security Engineering, Threat Response, Security Operations, IT Operations, IT Compliance and/or IT Governance
Willing to travel up to 10% of the time for business purposes (within state and out of state).