Program Manager Security & Compliance will be responsible for the IT Information Security & Compliance programs and internal controls related to regulatory requirements. This position will work closely with other IT and business partners to ensure and facilitate continuous compliance with enterprise information security policies, standards, and procedures. This position will ensure the confidentiality, integrity, and availability of information assets. Program Manager Security & Compliance will provide technical leadership in support of architecting, implementing, maintaining, monitoring and troubleshooting a broad range of security & network infrastructure and will serve as the technical information security & network subject matter expert to assist teams in the development and implementation of secure business solutions. This position will provide technical direction and support to others who require security & network expertise.
Essential Functions and Key Responsibilities:
Security & Compliance Management / Strategic Duties:
- Establish a strategic security & network architecture vision, including standards and frameworks that are aligned with overall business strategy.
- Serve as information security & network subject matter expert; provide advisory and consulting services as needed to the organization.
- Understand current as well as emerging security threats and design security architecture to mitigate threats where possible.
- Development of processes and procedures to improve incident response times, analysis of incidents, and overall S&C functions.
- Review threat and security events which may affect the organization, and develop safeguards to protect the organization from those events. Report out to management.
- Stay abreast of new security technologies and integrate into security architecture design when appropriate.
- Achieve security compliance on requirements, including: Payment Card Industry standards, global and financial/personal data privacy requirements, R&D trade secrets compliance, as well as state and federal regulations.
- Complete self-risk assessments with recommendations for remediation and socialize with management.
- Partner with Internal Audit team to complete annual and other audits
- Lead the Incident Response Team for both proactive/training sessions as well as actual events.
- Partner with IT Management to develop a cross functional IT Security Steering committee.
- Develop and maintain an ongoing security awareness program for both corporate and store locations.
- Management of IT security vendors.
Security & Compliance Tactical Responsibilities:
- Responsible for monitoring, analyzing, and interpreting security/system logs for events, operational irregularities, and potential incidents and escalating issues as appropriate.
- Responsible for overseeing administration and operational support of all security monitoring and management systems both internal and through outsourced services.
- Responsible for monitoring all network traffic and performing network intrusion detection/ prevention monitoring
- Responsible for secure network device management/configuration; periodic review of firewall rules and access control lists
- Recommends appropriate measures to remediate vulnerabilities such as patching; implementing controls to mitigate risk; and ensuring secure configuration of systems.
- Performs periodic port scanning to search for remotely accessible network ports and services that are vulnerable to exploitation and identifying any new unauthorized listening network ports.
- Ensuring and implementing secure configuration, security hardening, and policy compliance of all assets
- Administration of wireless administration appliances/applications to identify unauthorized wireless devices or configurations when they are within range of the organization's systems or connected to its networks.
- Responsible for secure configuration of authorized hardened wireless clients, wireless access points, IPS sensors, and handheld devices.
- Ownership of organization-wide compliance training.
Knowledge and Skills Requirements:
- Excellent written, oral, and interpersonal communication skills
- Strong technical knowledge of networking principles and network traffic analysis (hardware, protocols, and standards, firewall, LAN/WAN technologies; wireless technologies)
- Strong technical knowledge of operating systems (Windows, Linux, Unix); databases (Oracle, SQL server, SQL queries)
- Experience with performing proactive vulnerability scans
- Required: Security Log Management and Monitoring
Education, Work Experience, and Professional Certifications:
- Bachelors Degree (preferably in Computer Science) and 7-10 years of experience; or 12+ years of relevant work experience
- Minimum 5 years related work experience in IT Security
- Minimum 5 years work experience managing Enterprise Networks
- Minimum 3 years of experience managing/overseeing IT Security program
- Minimum 3 years related work experience in Regulatory Compliance or IT Auditing
- CISSP or CISA certification preferred.
- Experience with PCI
Work Environment / Physical Requirements:
- Normal office conditions
- Ability to work extended hours as needed
- Office environment, consistent computer usage
- Light physical effort equal to frequent lifting or moving of lightweight materials
by via developer jobs - Stack Overflow
No comments:
Post a Comment