Assistant Information Security Officer

About The Position

Requirements

• Four years working in a senior-level information security position with experience in security analysis, incident response, and security configurations within an enterprise information technology environment.
• Or a bachelor’s degree in computer science or a related field and two years of working in a senior-level information security position.
• At least one relevant certification such as CISSP, CISM, CISA or CCSP is required or must be obtained within two years of hire date.
• Advanced level of knowledge of information security strategies and technologies used for the protection of information.
• Understanding operating system fundamentals and security aspects of operating systems.
• Understanding of identity and access management systems.
• Experience with security event management systems.
• Understanding of TCP/IP, networking fundamentals, and network security.
• Knowledge of endpoint protection applications such as antivirus, anti-spyware, and file integrity monitoring technologies.
• Experience managing firewalls and intrusion prevention systems (IPS).
• Understanding security incident analysis and response.
• Ability to research complex technical issues and solve problems.
• Ability to provide expert analysis and recommendations to prevent successful threats.
• Ability to communicate complex technical language to users in an understandable manner.
• Commitment to the team concept and ability to work effectively within a team.
• High standards and a sense of urgency.

Responsibilities

• Executing information security policies, procedures, and standards to ensure the confidentiality, integrity, and availability of KPERS information and systems.
• Monitoring and analyzing security events and alerts across networks, endpoints, and cloud infrastructure.
• Investigate, respond to, and resolve security incidents, ensuring timely detection, containment, and mitigation. Document and report security events and incidents.
• Stay informed with information security compliance requirements. Inform the CISO of new or updated requirements.
• Conduct security audits, vulnerability scans, and penetration tests to identify and address security weaknesses. Provide supporting evidence and explanation to auditors evaluating information security.
• Participate in security awareness initiatives to foster a security-first culture. Develop and implement information security awareness training sessions for employees.
• Evaluate and recommend innovative security technologies to address evolving threats.
• Work collaboratively with technical and non-technical teams, effectively communicating security risks and solutions.
• Document and update security policies & procedures, networks, systems, application diagrams, flow charts, data centers, risk register, risk assessments, and disaster recovery plans.
• Analyze projects, hardware, software and procedures for information security risks. Identify the possible impacts and mitigation strategies. Present findings and recommendations in a professional manor.
• Assessing vendor and third-party security practices and evaluation to see if they meet the information security requirements.
• Planning, developing, documenting, implementing, testing Disaster Recovery and Business Continuity strategies.
• Provide technical support for staff and other business partners.