- Provides recommendations for new or modified policies, standards, and/or guidance documents based on changing technologies & security climate.
- Stays abreast of existing and proposed security standard setting groups, and State and Federal legislation and regulations regarding security and governmental regulatory compliance related areas.
- Recognizes and identifies potential areas where existing data security policies and procedures and/or guidance for compliance with governmental laws and regulations require change, or where new policy or guidance needs to be developed, especially regarding future business expansion.
- Facilitates use of technology-based tools or methodologies to review, design and/or implement IT security products and services.
- Designs and supports enterprise IT security solutions that may be comprised of hardware and software components.
- Oversees security awareness programs and provides education on security policies and practices and/or provides training on guidance for compliance with governmental laws and regulations.
- Develops content for security programs and global awareness communications.
- Identifies security risks and exposures by participating in security reviews, evaluations and risk assessments.
- Perform Risk Assessment of third party service provider arrangements.
- Evaluate website vulnerabilities utilizing automated privacy or security scan tools and external vendor services scanning services
- Serve as project manager / lead within IT security for small to medium-sized projects.
- Prepare reports of key metrics for application security, information security, and/or compliance with governmental laws and regulations for presentation to management of all levels.
- Design, develop, and recommend integrated identity and access management solutions
- Provide technical systems integration services for the support of integrated identity management solution.
- Interface with HR, compliance and privacy office teams to ensure consistent user identity management processes across the enterprise.
- Designs, implements and maintains processes and procedures to ensure the security of data.
- Conducts security assessments of systems and applications using penetration tests and risk assessment / mediation methodologies to evaluate vulnerabilities.
- Develops techniques and procedures for conducting IS security risk assessments.
- Monitors and maintains security databases for enterprise identity management / user provisioning
Qualification:-
- Bachelor's degree in Computer Science, information Systems or related field, or equivalent work experience
- Minimum 4-6 years of combined IT and security, audit, compliance related work experience
- Strong analytical ability
- Ability to negotiate and influence results without direct authority
- Security, audit, or compliance certifications such as CISA, GSE, SANS, SOX or CISSP Certifications desired
