Responsible for performing security risk assessments against information systems, safeguarding information, evaluating existing data security procedures and identifying new areas of risk. Staff are involved in patch management, anti-virus program, vulnerability detection, threat analysis & response, network intrusion & response, security incident response and escalation crisis management. Provides resolutions to an extensive range of complicated problems. Solutions are innovative, thorough, and practicable. Works under limited direction independently determines and develops approach to solutions. Work is evaluated upon completion for adequacy in satisfying objectives. Represents the Security Risk Assessment team the principal customer contact and often performs project leadership role. Interacts with senior customer personnel on significant technical matters frequently requiring coordination across organizational lines. College Degree or equivalent experience; advanced studies/degree preferred. Typically has 5 - 7 years related experience.
- Responsible for performing specific IT control processes following well documented procedures to enforce information security Standards and Polices against non-human system accounts.
- Perform analysis of the information provided by vendors and the business area to identify security issues, risks, threats, and vulnerabilities in accordance to the ISO 27002:2005 and COBIT standards.
- Perform vulnerability assessments of web applications and databases to identify software level vulnerabilities.
- Assist project teams to determine the business impact of security issues, and recommended risk mitigation strategies.
- Build, develop, and maintain relationships with internal and external customers, and vendors to formulate solutions system issues related to information security.
- Evaluate existing processes and procedures, identifying areas for improvement in accuracy and optimization.
- Own the execution of processes and provide cross training to identified team members ensuring no single points of failure.
- Service as Subject Matter Expert for multiple technologies and processes within Information Security
- Escalate issues to management in a timely fashion.
- Provide resolutions to an extensive range of complicated problems. Solutions must be innovative, thorough, and practicable.
- Sound technical knowledge covering multiple areas, such as IT security, change management, operations, software development, databases, mainframes, networks and operating systems.
- Outstanding people, organizational as well as written and oral communication skills.
- Strong analytical skills.
- Ability to write detailed reports for both technical and non-technical audiences
- Ability to relate highly technical concepts to management both orally and in written form.
- Must work well in a team-oriented environment as well as independently.
- Work under limited direction. Independently determines and develops approaches to solutions. Work is evaluated upon completion for adequacy in satisfying objectives.
- Interact with senior customer personnel on significant technical matters frequently requiring coordination across organizational lines.
- Build relationships with Information Technology business partners to assist in facilitation of key control processes.
- Act as a leader/mentor in a team of InfoSec professionals that vary in skill level.
- Knowledge of Sarbanes-Oxley and COBIT.
- Typically has 5-7 years related experience in a large company, preferably within the financial services industry.
- Advanced degree and professional certifications such as CISSP, CISM, PMP or CISA are preferred; and
- Knowledge of industry standards such as ISO, ITIL is an asset.
Indeed - 4 months ago
Stratum Security is an information security consulting company located in the Washington DC Metro area. Founded in 2005, we provide services...