ResponsibilitiesReporting into the Chief Information Officer (CIO) Team with a mindset and focus on Development Security Operations, imbedding security throughout the Systems Development Life Cycle (SDLC), providing advice on regulations as they apply to security in application development, expert in application security principles, risks, attacks, and resources such as Open Web Application Security Project (OWASP)Lead CIO team member responsible for tools related to dynamic scans, static source code reviews, and application penetration testing e.g.
BlackDuck, WhiteHat, Veracode, Nexpose, MetasploitAdvisor on application development architectures, platforms, methodologies, and supporting operationsAdvisor on web proxies, web application firewalls, and vulnerability assessment toolsProvide consultation services to business units, Project Management Office (PMO), and developers during the early phases to ensure secure application designPerform ongoing consultative analytical tasks in partnership with Information Technology (IT) to ensure the upmost security in in-house developed applications, mobile applications, and third-party applicationsPlan, test, and deploy security controls to augment Quality Assurance (QA) and Change Management functionsContribute to the incident response analysis including updates to related documentation i.e.
policies, standards, guidelines, procedures, and escalation processesParticipate in developing data protection controls in generalPerform additional duties and projects as assigned by managementQualificationsBachelor’s degree in Information Security or equivalent years of experience requiredMinimum three (3) years Risk Management experience required in an Information Technology environment or related discipline (Information Security, Business Continuity Management or Compliance)Certified Information Systems Security Professional (CISSP) certification preferred; SANS and other Information Security related certification a plusNetwork and Endpoint security experience required; IDS, IPS, ATP, Malware defenses and monitoring experienceDemonstrated experience with firewall and system configuration and event log monitoring requiredKnowledge and experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworksExcellent troubleshooting and analytical thinking skillsSuperb communication, interpersonal skills and collaborative skills a mustSelf-directed, self-starter, and motivated with the ability to work with minimal supervisionAvailable to work evenings and weekends as needed