Maintain and supports Company’s information security policies, procedures and practices to meet current and future business and regulatory needs. Ensures internal and external customer engagement with regard to information security delivery, training, and compliance. Work closely within IT Infrastructure team on the design and management of network, web, and database security solutions and insure they meet company and regulatory requirements. Lead the formulation of information security standards and policies for the organization.
- Manages the enterprise-wide definition, establishment and maintenance of information security architecture, infrastructure, applications and processes. Oversees and champions an organizational security awareness- training program.
- Develops and administers system and information ownership; information and data classification guidelines; standards and procedures.
- Develops, establishes and maintains standards, procedures and guidelines to promote the security and uninterrupted operation of computer-based application systems.
- Identifies and addresses exposures to accidental or intentional destruction, disclosure, modification, or interruption of information that may cause regulatory compliance issues or serious financial and/or information loss.
- Works with the application development team to ensure security, integrity, and availability of source code.
- Responsible for defining security frameworks for existing and new systems.
- Coordinates active penetration tests; discovers vulnerabilities in information systems and identifies and implements solutions to resolve them.
- Directs the selection, acquisition and maintenance of standard, current cost-effective and appropriate operations technology products to support the Infrastructure and Security services of the organization.
- Ensures redundancy is designed into network, database and server environments
- Approves and oversees the implementation of network and server changes and upgrades, including the configuring and installation of hardware and software components.
- Researches and documents emerging technologies and their impact on current systems.
- Provides recommendations for network, hardware and system software planning and budgeting.
- Implements office procedures and protocols in accordance with organizational policies. Determines project priorities and delegates as needed.
- Provides leadership by clearly communicating expectations for projects, builds methods to help team members report progress and evaluates results to determine if goals were achieved.
- Bachelor’s Degree in Information Technology, related field, or equivalent experience
- 10 years relevant IT experience required, 15 years Preferred
- 7 years relevant security experience required
- Ability to coordinate multiple teams with multiple and sometime conflicting priorities
- One of the following required - CISSP, CISM, SSCP, CSSLP, CCFP, HCISPP
- CCNP or CCNA a plus
- Superior technical abilities and knowledge strong understanding of the life cycle of application development
- Thorough understanding of Microsoft products and platforms (IIS, MS SQL Server, .NET Framework, SourceSafe, etc)
- Knowledge of Local and Wide Area Computer Networking
- Internet, Intranet and Web technology expertise