The Sr. Information Security Engineer will be responsible for implementation and administration of information security policies, practices, procedures, and technologies in order to ensure the protection of networks, systems, applications, facilities and data.
As an information security expert within the organization, this role will help to ensure compliance with all security policies and standards, as well as with industry regulations and laws. This role will also be responsible for day-to-day security operations such as monitoring, analyzing, improving and troubleshooting security systems as well as performing risk assessments on security systems, evaluation of security controls, development and monitoring of policies and standards, analyzing results and providing recommendations for enhancement/improvement.
Research, recommend, and implement changes to procedures and systems to enhance data systems security and develop appropriate security controls to address vulnerabilities found during assessments.
Assist and advise users in communicating appropriate security best practices and recognizing potentials threats and risks to the organization including intrusion detection and threat mitigation.
Monitor reports; conduct analysis on internet access, connectivity and threats (virus protection, spam, etc.)
Complete firewall configuration and management; monitor, makes recommendation, review vendor’s solutions and provide best practices for firewall utilization.
Conduct technical information security assessments for networks, systems, applications and databases.
Complete internal and external auditing for regulatory and compliance and work with other business units in the organization.
Participate in audit response management and provide ongoing guidance on solutions to achieve and maintain security compliance.
Participate in Compliance programs (such as PCI) by documenting controls, examining evidence for compliance to standards.
Coordinate and conduct Risk Assessments in accordance with Client Policies and Standards including Risk Rating calculation and working with the business on remediation the risks.
The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job. Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.
Knowledge, Skills and Abilities:
Fully understand the PCI standard as well as familiar with other security standards
Must possess a solid understanding of intrusion detection systems, firewalls, vulnerability scanners, encryption technologies and antivirus software.
Knowledge of identity management processes and procedures.
Skill in project management.
Contribute to the incident response program management including development and testing.
Provide support for strategic business process/reengineering consulting as appropriate and work on multiple technically complex high profile projects.
Demonstrates an in-depth understanding of key IT operational policies, processes and methodologies applicable to governance, risk management and compliance.
Broad understanding of security fundamentals and general security technologies, including operating systems, network security (firewalls, VPNs, etc.), security event management, business continuity, physical security, identity management, directory services, etc.
Knowledge of LANs, WANs, Microsoft
Active Directory, Microsoft Windows server and desktop operating systems, DD, SQL Server
Web services : Microsoft
Knowledge of PCI DSS
Be a self-starter being able to manage and prioritize own workload and be a team player in a fast moving environment.
Demonstrates up-to-date expertise in e-commerce and applies this to the development, execution, and improvement of action plans
Excellent verbal and written communications skills.
5-7 years’ experience IT/Information Security Audit and assessment.
- Bachelor’s Degree required and/or years of experience. An emphasis in Information Systems is preferred