IT Security Administrator III

About The Position

Requirements

• Associate degree in Computer Science or Information Systems
• 5 years IT/Information Security experience, preferably in a financial service or similar industry
• CISSP and/or CISA certification required
• Audit and Compliance experience (PCI, ISO)
• Solid knowledge and understanding of IT Security Standards (ISO 27001) and IT Process Standards (ITIL, COBIT)
• Strong computer skills (MS Office, Visio, TCP/IP, Nmap)
• Solid understanding of the key technical and organizational concepts of Information Security-related Systems (firewalls, intrusion detection, virtualization technologies, encryption, VPN, etc.).
• Ability to develop and defend technical recommendations and budgetary plans and communicate them in non-technical “business language”
• Ability to communicate information security issues clearly and appropriately to audiences with diverse technical backgrounds, without creating unnecessary urgency

Responsibilities

• Administer and preserve G+D Security Certifications through the administration and ongoing enhancement of the Information Security Management System with a primary focus on ISO 27001, Cryptographic Key Management and PCI Logical Security requirements.  Ensure Information Security controls are relevant, properly documented and maintained for ongoing recertification and governance activities.  Part of the role is to maintain a system that fosters appropriate, demonstrable, auditable and coordinated security procedures, and practices that are compliant with related laws, regulations, policies and professional standards.
• Provide daily supervision of IT Security staff and tasks.
• Responsible for effective and comprehensive administration of the cryptographic key management program, which includes the generation, exchange, storage, use, replacement and documentation of cryptographic keys.  Possess a full understanding of key management servers, symmetric and asymmetric keys, and public key infrastructure (PKI).
• Ensure compliance with all applicable internal and external Information Security requirements through coordination of internal and external Logical Security audits.
• Maintains a system that fosters appropriate information security training and awareness.  Responsible for developing and maintaining a system that encourages the routine use of risk assessments and risk management planning related to the information security features of systems, tools and networks.
• Responsible for assessing, reporting and assisting in the remediation of IT security vulnerabilities for IT systems and applications that are part of G+D operations.
• Responsible for designing, documenting, training and testing of the corporate IT Security Incident Response Plan.
• Responsible for maintaining status information regarding the configuration files for information security appliances, software and equipment (monthly firewall rule target/configuration comparison etc.)
• Independently contribute ideas and process improvements and look for creative solutions and better ways of doing things, in order to meet goals of continuous improvement
• Identify, analyze, and address problems in order to resolve issues whenever possible in a way that minimizes the negative impact on the organization
• Work with the ISF (information security forum) materials and tools including participation in local ISF chapter meetings
• Analyze issues not only from a local point of view but should also consider the global scope of G+D operations
• Performs other duties as assigned
• Complies with all policies and standards

Benefits

• medical (PPO and HDHP with HSA)
• dental
• vision
• paid time off
• paid holidays
• 401K w/ employer match
• short/long term disability
• life insurance
• healthcare and dependent care flexible spending
• EAP
• commuter benefits
• education assistance
• pet insurance
• legal