Directs a team responsible for information systems security to ensure the protection of information processed, stored and transmitted. Determines user requirements, plans projects, establishes priorities and monitors progress. Develops IS security architecture/designs, plans, controls, processes, standards, policies, and procedures to ensure alignment with IS standards and overall IS security strategy. Manages the evaluation and testing of hardware, firmware and software for possible impact on systems security. Coordinates with other managers to integrate IS project components with other projects including application development, network, server, and mainframe. Evaluates/assesses the security of external vendors.
Requires bachelor’s degree in a related field and twelve years experience of which six years experience must be in a supervisory/managerial capacity. Certified Information Systems Security Professional (CISSP), Microsoft Certified Systems Engineer (MCSE) or other industry certification preferred. Must be able to prioritize assignments while working on multiple projects. Must have excellent writing and oral communication skills.
Types of systems in use:
Snort Network Intrusion Detection System (with RedHat Linux OS)
IBM Tivoli Security Operations Manager (plan to migrate to ArcSight in 2013) -- used for Security Information Event Management
HP TippingPoint Intrusion Prevention System (IPS)
Aruba Wireless Intrusion Detection System
Cisco Security Agent and Bit9 for workstation, laptop, ATM, and server anti-malware -- migrating off Cisco to Bit9 by EOY 2013
Syslog server with RedHat Linux OS
UNIX security for Solaris, AIX, and RedHat; (LDAP used for security)