Position Purpose and Objectives
IT Information Security Officer is responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks.
Major Duties and Essential Functions
- Coordinates the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes and procedures.
- Provide overall security program strategic direction to improve the information security posture and assurance level of the organization.
- Plan, design and audit policies and procedures which safeguard the integrity of and access to systems and electronic information in order to guard information against accidental or unauthorized modification, destruction or disclosure.
- Identifies vulnerabilities to the network, applications, and data systems.
- Develop and manage the frameworks, processes, tools and consultancy necessary for IT to properly manage risk and to make risk-based decisions related to IT activities.
- Proactive identification and mitigation of IT risks as well as responding to observations identified by third party auditors or examiners while assisting in the development of periodic reports presenting the level of controls compliance and current IT risk posture.
- Assist CTO with the audits and facilitate management response and remediation efforts. Ensure overall IT compliance with regulatory requirements through proactive planning and communication, ownership and relationships.
- Receives allegations of security incidents and conducts complex investigations; prepares written findings, recommendations and follow up evaluation; and analyzes patterns and trends.
- Coordinates CUTX information security incident response and reporting for events or exploited vulnerabilities including unauthorized system or network access, denial of service, inappropriate data access, data corruption, and/or collection of private or confidential information.
- Responsible to continuously stay up to date with developments in I.T. security standards and threats.
- Performs related duties as required or deemed appropriate to accomplish assigned responsibilities and functions of the position.
Positions directly supervised: N/A
Specific knowledge, skills, and abilities required for this position:
- Experience in risk, compliance and information security policy development.
- Demonstrated experience in, or working knowledge of, several information security and compliance related disciplines to include: Information Security, Business Continuity, disaster recovery planning and testing, risk analysis, and auditing.
- Experience with development of educational programs in the area of security awareness.
- Knowledge and experience with networking concepts, protocols, and services.
- Knowledge and experience in setup, maintenance, and security of Windows and Linux operating systems.
- Strong interpersonal skills and the ability to effectively communicate with a wide range of individuals and constituencies in a diverse community.
- Strong written and oral communication skills.
- Strong analytical skills and attention to detail.
- Ability to understand and clearly relate to other members of the organization, technical manuals, software specifications and general methods of network operations and security.
- Routine contact is required with IT managers, subject matter experts and periodic contact is required with users.
- Ability to define problems, collect data, establish facts, and draw valid conclusions.
- Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations.
- Ability to effectively present technical information and respond to questions from groups of executives, managers, end users and non-technical personnel.
- Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form.
- Ability to solve complex problems and deal with a variety of concrete and abstract variables in situations where only limited standardization exists.
- Ability to effectively present information to top management, IT personnel.
Education: Bachelor’s degree or 10 years equivalent experience. Certified Information Systems Security Professional (CISSP) or other information systems security certifications.
Experience: • 5 + years' experience operating as a security resource in an enterprise environment. Experience with Palo Alto firewalls, Salesforce, Mulesoft, Cloud Security best practices, Proofpoint, Office 365 security
Physical Activities and Requirements of this Position
Using primarily just the fingers to make small movements such as typing, picking up small objects, or pinching fingers together.
Using fingers and palm on an object.
Especially where one must frequently convey detailed or important instructions or ideas accurately, loudly, or quickly.
Movements frequently and regularly required using the wrists, hands, and/or fingers.
Able to hear average or normal conversations and receive ordinary information.
Average Visual Abilities
Average, ordinary, visual acuity necessary to prepare or inspect documents or products or operate machinery.
While performing the duties of this job, the employee will frequently talk or hear, sit, use hands to handle or feel, and reach with hands or arms. The employee will occasionally, stand and walk, climb or balance, and stoup, kneel, crouch, or crawl. The employee will occasionally lift and move up to 10 pounds.
Working Conditions of this Position
None. No hazardous or significantly unpleasant conditions.
Mental Activities and Requirements of this Position
Reasoning Ability: The ability to use common sense or logic.
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
Mathematical Ability: The level of ability required to perform math skills and operations.
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume. Ability to apply concepts of basic algebra and geometry.
Language Ability: The level of ability required to communicate and understand written and oral language.
Ability to use passive vocabulary of 7,000-9,000 words; read at a fast-paced rate; and define unfamiliar words in dictionaries for meaning, spelling, and pronunciation. Ability to write moderate to complex documents. Ability to communicate in complex sentences, using normal word order with present and past tenses and strong vocabulary. Ability to read, analyze, and interpret common scientific and technical journals, financial reports, and legal documents. Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community. Ability to write speeches and articles for publication that conform to prescribed style and format. Ability to effectively present information to top management, public groups, and/or boards of directors.