Establishes, administers, and/or advises the overall strategies and procedures for the information security function. Develops and implements information security strategies, cyber awareness programs, risk mitigation strategies, incident response planning, and disaster recovery programs in accordance with organizational information security functions. Responsible for performing functions to research, develop, document, implement, train and support the computer security infrastructure, and lead in the protection of company IT assets. Leads user education and training initiatives relative to cyber security for organization, ensuring all knowledge workers are educated on company policy and procedures, current threats, and security protocols.
Essential Duties And Responsibilities
Develops and implements security strategy, security awareness programs, security architecture, and security incident response for the Enterprise.
Analyze information security systems, applications, make recommendations and develop security measures to protect information against unauthorized modification or loss
Provides strategic risk guidance for IT projects, including evaluation and recommendation of technical controls
Ensure the appropriate technological security measures, risk, and audit assessment procedures are employed to protect the information assets.
Direct the implementation and administration of the computer security measures as required
Evaluates new cybersecurity threats and IT trends and develops effective security controls. Oversees development of security awareness programs.
Develops, maintains and publishes up-to-date security policies, standards and guidelines. Oversees training and dissemination of security policies and practices. Proactively identify threats, vulnerabilities and risks to computer security
Design, apply and manage access controls using knowledge of active directory, profiles, resources and class structures for securing user and role-based access to data / system resources
Working in tandem with Infrastructure and Operations leadership, develops and oversees effective disaster recovery policies and standards to align with company business continuity management program goals. Coordinates development of implementation plans and procedures to ensure business critical services are recovered in the event of disasters or other incidents, and provides direction, support and in-house consulting in these areas.
Manage and maintain PCI compliance
Provide motivation, leadership, and direction of the security group
Report to and collaborate with the CIO on all security financial and operational requirements to ensure continued company growth
May perform other duties and responsibilities as assigned
Partner with Internal Audit function to identify and document IT General Control landscape, including access controls, segregation of duties relative to system access, and other IT processes that are part of the ITGC framework
Undergraduate degree in Computer Science or related field (highly desirable)
7+ years of experience in a security engineering role with proven experience in enterprise network architecture, management, capacity planning and monitoring
5+ years of practical working experience and knowledge of IT systems / network administration, including but not limited to Microsoft Active Directory, XP, Microsoft Server 2003/2008, Citrix, and Cisco network gear
Deep familiarity of the NIST cyber security framework and it’s practical application within a company
Certifications such as CISSP, CISA, MCSE +security are preferred
PCI, ISO27001, and Sarbanes-Oxley Section 404 compliance experience required
Solid understanding of LAN, WAN, TCP/IP, Internet, wireless, email security, OS security policies, VPN, web server security, and firewalls in a Microsoft / Citrix environment with basic understanding of other operating systems such as Linux. Capable of providing support for system / network security as it relates to system designs, upgrades and/or replacements of Intranet/Internet related technology
Experience supporting corporate Compliance Requirements (Auditors, Risk Assessment, PCI, etc.) and actively participating in compliance activities
Possess math skills sufficient to perform required duties
Or an equivalent combination of education, training or experience
Seniority level
Director
Employment type
Full-time
Job function
Information Technology
Industries
Consumer Services
Referrals increase your chances of interviewing at PODS by 2x