Division: Information Technology Division
Department: IT Security Department
Duties & Responsibilities:
• Design, build and implement enterprise-class security systems for a production environment
• Align standards, frameworks and security with overall business and technology strategy
• Identify and communicate current and emerging security threats
• Design security architecture elements to mitigate threats as they emerge
• Create solutions that balance business requirements with information and cyber security requirements
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
• Use current programming language and technologies to writes code, complete programming and performs testing and debugging of applications
• Train users in implementation or conversion of systems
Experience & Technical Skills Required:
• Minimum 10 years experience in related field
• Education requirements can vary, but most require a BA or BS in information security, engineering, mathematics, or related area.
• Security architecture, demonstrating solutions delivery, principles and emerging technologies – Designing and implementing security solutions. This includes continuous monitoring and making improvements to those solutions, working with an information security team.
• Consulting and engineering in the development and design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.
• Privilege Access Management and Identity and access management (IAM) – the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources.
• Security project management –using agile manifesto
General Skills Required:
• Exceptional communication skills with diverse audiences – Strong critical thinking and analytical skills
• Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments
• Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
• The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Information Systems Security Architecture Professional (ISSAP)
• Information Systems Security Engineering Professional (ISSEP)
• SANS-related certifications