Essential Duties and Responsibilities:
Works with Chief Information Security Officer and other IT and cybersecurity team members to identify, understand, document, and advise on security requirements, impacts, and risks.
Manage the Information Security Management System (ISMS) in accordance with industry standards such as ISO 27001.
Utilizes knowledge of SiEM solutions like Splunk, Rapid7 I sight IDR etc.
Develop and implement information security policies, procedures, and standards to ensure the confidentiality, integrity, and availability of information systems and data.
Conduct risk assessments and vulnerability scans to identify and mitigate security risks.
Ensures vulnerability test and security review results are communicated, assigned, and tracked appropriately.
Installs security measures and operates software to protect systems and information infrastructure, including firewalls and data encryption programs.
Ensures compliance with relevant regulations and standards, such as GDPR, HIPAA, PCI-DSS, and SOX.
Manage the security of the organization’s networks, systems, and applications.
Develop and implement security awareness initiatives and training programs for employees.
Conduct periodic desktop exercises and drills for employees.
Monitors threat awareness information to identify vulnerabilities.
Respond to security incidents and conduct investigations, as necessary.
Assists IT staff to secure hardware, peripherals and other equipment. Ensures quality controls of new computer images periodically to verify all security standards are being met and applied.
Bachelor’s degree in Computer Science, Information Technology or related field required
Minimum 5 years in information security related experience in a professional services environment
Strong knowledge of application and infrastructure security solutions (Firewalls, Intrusion Detection/Prevention Systems, Network Security, Password Management, Data Encryption and Access Control), project management
Experience managing an Information Security Management System (ISMS) in accordance with ISO 27001
Advanced knowledge of Linux, Mac, and Windows servers
Demonstrated knowledge conducting risk assessments and vulnerability scans
Familiarity with relevant regulations and standards, such as GDPR, HIPAA, PCI-DSS, and SOX.
Familiarity with securing cloud-based applications including but not limited to Azure, AWS, O365, NetDocuments, etc.
Relevant industry certifications, such as CISSP, CISM, or CISA, are a plus
Ability to script in Bash, Python or Perl preferred
Experience and familiarity with the ITIL framework and processes preferred