10318 - SENIOR CONSULTANT, IT SECURITY
The Senior IT Security Consultant is a strategic role that reports directly to the Executive Principal, Infra Operations for Hyundai AutoEver America.
- Being the focal point for Major Security Incident coordination, Customer/White Hat Hacker Allegations, Global Security Events, and Security Architecture.
- Being the process owner for developing and implementing a corporate-wide information security program and ongoing activities to preserve the availability, integrity, and confidentiality of Company information resources in compliance with the organization's policies and standards.
- Defining and maintaining infrastructure architecture principles, policies and standards as well as documents and develops in-depth knowledge of the company's existing IT architecture/infrastructure, technology, and security portfolio.
- Acting as an advocate to ensure that the infrastructure and security align with the overall enterprise architecture principles, policies, and standards and serves as the infrastructure architect in the analysis, design, and planning phases of IT projects.
- Developing and implementing methods to measure and report infrastructure performance, reliability, and availability related to Key Performance Indices.
- Consulting and partnering with the Security GRC team, other technical services groups and CBU (Client Business Unit) functional groups and global security counterparts, to enforce and verify compliance of security standards throughout the environment and advise on advancements in information security technologies.
- Lead security incident response across HAEA teams and on behalf of HAEA to our Client Business Units.
- Ensure that the Incident Response Plan is periodically tested, shared with key stakeholders and kept current.
- Evaluate systems, assess risk, and assist with designing, developing, engineering, and implementing solutions for information security requirements.
- Facilitate the initiation of key strategic infrastructure initiatives, performs information security assessments, serve as an internal consultant for security issues, and recommend modifications as appropriate
- Review all application and system development plans throughout the organization from the information security perspective and provides necessary recommendations or corrections.
- Document and develop existing infrastructure architecture and technology portfolio##Prepare and manage the various forms of security reports/status.
- Create and present project decks, executive summaries, and other related documents and communications to executive management and business customers.
- Identify process improvement, prepare policy and procedure documentation
- Perform post-construction review and validation of built solution to ensure it meets architectural standards.
- Initiate, facilitate, and promote activities to foster information security awareness and training within the organization.
- Monitor compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties, and referring problems to appropriate managements of both HAEA and its clients.
- Monitor changes in federal and state regulations and accreditation standards affecting information security and recommendations on the need for policy changes.
- Assist in the preparation and management of the security budget.
- Maintain expertise in the area of architecture, security, industry trends, strategies, and products to ensure effective and efficient use of assets.
- Maintain proficiency through attending conferences and training as required.
- Perform other duties as assigned by management.
REQUIRED SKILLS, ATTRIBUTES & EDUCATION
- Bachelor's Degree or equivalent (with major course work in computer science or a related field).
- Minimum of ten (10) years of progressive experience in computing and security.
- Experience with consulting to executive management on security-related matters.
- Experience with defining, implementing, and monitoring a managed security service partner.
- Skilled in establishing and promoting Information Security strategy & policy for a multi-faceted organization supported by multi-platform environments.
- Skilled in conducting security assessments and incident response within a dynamic IT environment.
- Knowledgeable in preventive, detective, and corrective controls (Principles and techniques used in system compromise and denial of-service incidents, as well as basic tools for detecting and preventing such incidents).
- Keeps up to date on computer security issues, requirements, trends, laws and accepted industry practices.
- Deep knowledge of hardware, software and network architectures and how security policy can best be implemented.
- Ability to work independently and manage time effectively utilizing work and project plans to meet deadlines.
- Proven project planning and management experience.
- Ability to verbally communicate technology-related issues and security-related issues to various levels of the organization (end-users, IT staff, managers, vendors, contractors, etc.).
- Technical knowledge of backup solutions, Windows Server, Networking (Cisco), VOIP, Citrix, IIS, Exchange, Active Directory, SQL Server, Oracle Database, Virtualization and Disaster Recovery a plus.
- CISM (Certified Information Security Manager) is preferred.
- CISSP (Certified Information Systems Security Professional) is preferred.
- CRISC (Certified Risk and Information Systems Controls) is preferred.