Key member of the Computer Emergency Response Team performing incident response for security and data loss incidents Establishes policies and procedures necessary to ensure the security of information system assets and to protect them from intentional or inadvertent access, disclosure, or destruction in accordance with company policies and external requirements such as HIPAA, Sarbanes-Oxley, SAS70, DIACAP, and PCI.. Ensures that user community understands and adheres to necessary procedures to maintain security. Must be able to weigh business needs against security concerns and articulate issues and options to management. Performs risk assessments for sensitive internal and external systems. Mentors junior-level staff.
1. Perform incident analysis and response in the case of computer security incidents or breaches
2. Create maintain documentation for incident response activities
3. Review data loss incidents and determine appropriate action
4. Establishes policies and procedures necessary to ensure the security of information system assets and to protect them from intentional or inadvertent access, disclosure, or destruction
5. Directs and leads project teams in the implementation of security measures to improve the security posture of the environment and to meet corporate security policies and external regulations, e.g., Sarbanes Oxley and DIACAP
6. Tunes log sources and alerting to provide timely and accurate incident response notification
7. Performs additional duties as assigned
- 8-12 years of experience with a Bachelor's degree in computer related field, or 14-18 years of experience without
- 6-10 years of experience with a Master's degree
- 5+ years experience in information systems environment, preferably in IT Security
- Certification in information security (CISSP, CISM, or equivalent) preferred
- Incident Response/Forensic Certifications a plus
- Familiarity with external regulations, e.g., DIACAP, HIPAA, Sarbanes-Oxley
- Strong understanding of information security principles
- Familiarity with domain structures, user authentication, and digital signatures
- Understanding of data - communication networks
- Experience with security tools and systems
- Excellent organizational skills and ability to communicate with internal/external entities and executives a must
- Effective leadership skills, demonstrated ability to coordinate people and teams to project/activity completion and the ability to work in a team environment, sharing workloads and responsibilities
- Customer service-oriented
- Ability to work in a flexible environment where requirements and procedures continuously evolve
- Ability to multi-task and manage time effectively
Express Scripts is an Equal Employment Opportunity employer and does not discriminate in employment opportunities or practices on the basis of race, creed, color, religion, sex, national origin, nationality, ancestry, age, disability or status as a disabled veteran or veteran of the Vietnam era, pregnancy, affectional or sexual orientation, gender identity or expression, marital status, status with regard to public assistance, veteran status, citizenship or membership in any other legally protected class.
None of the questions in this application are intended to elicit information regarding any protected characteristics, nor imply any limitation, illegal preferences or discrimination based upon non-job-related information or protected characteristics.
Applicants must be able to pass a drug test and background investigation and, depending on position requirements, a Department of Defense background investigation. AA/EOE.
Express Scripts - 16 months ago
Express Scripts is a Fortune 25 company and is the largest pharmacy benefit manager in the U.S.