The Information Security Officer will support day-to-day security operations, event/incident investigation, security control assessment, data analysis and reporting, and other infosec-related activities. The analyst will work with the Project team as well as Helpdesk Support team to communicate risks and vulnerabilities, recommended changes which will remediate issues and/or improve security, and create documentation or reports regarding infosec activity and incidents.
Essential Duties and Responsibilities
- Create policies to ensure our customers’ infrastructure and information assets are protected with BCS365 security offerings: including Sophos Anti-virus and Malware Protection, Sophos Intercept-X, Encryption, Netwrix and Saint Penetration.
- Audit analyze, plan, execute, and manage multi-faceted projects related to the BCS365 security offerings for our customers including onboarding.
- Review customers IT Systems platforms to determine the current role of the system and seek out vulnerabilities
- Develop and driving security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to our customers and lead all change efforts with the review of the customer Change Advisory Board (CAB).
- Communicate and educate IT and the Helpdesk departments about new or updated security policies and industry standards and provide solutions for security issues.
- Responsible for ensuring BCS365 Security offering has the necessary monitoring of the computing environment required to alert Helpdesk Support through the ticketing system.
- Consistently conduct in-depth test of customer’s systems of the current and newly implemented infrastructure for IT Security to ensure policies and settings are applied correctly.
- Analyze system generated information and trends in the data and develop improvements to increase a system’s performance.
- Assess the customers IT system for perceived or actual threats and respond to any issues that are presented and/or escalate where necessary.
- Enforce security policies and procedures, they monitor data security profiles on all platforms by reviewing security violation reports and investigating security exceptions.
- Responsible for reviewing and improving/developing response plans to any potential threat opportunities until the problem is mitigated completely.
- Develops and generates reports for management, customers, and other departments around the managed BCS365 security service/tools offerings.
- Review existing accounts and data access permission requests against documented authorizations to ensure system access rights are appropriately given to these BCS365 security tools; both internal and external users.
- Keep Project and Helpdesk team abreast of security trends and stay current with security technology evolution.
- Works on IT risk and security initiatives/issues for one or more IT functional area (e.g., applications, systems, network and/or Web) across the enterprise.
- Works on multiple projects as a team member and leads systems related security components.
- This role will monitor compliance with security policies, standards, guidelines and procedures while ensuring security compliance with legal and regulatory standards.
- Follows up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
- Responds to security incidents (Helpdesk Support), conducts forensic investigations and targets reviews of suspect areas as well as develop action plans to address root causes of security-related problems.
- Collaborates on projects to ensure that security issues are addressed throughout the project life cycle.
- Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
- Provides responsive support for problems found during normal working hours as well as outside normal working hours as needed.
Competencies, Skills, and Attributes:
- 2-3+ years of security experience working with Endpoint Security, Intrusion Prevention, and Firewall security
- Proven work experience as a system security engineer or information security engineer
- Experience in building and maintaining security systems
- Detailed technical knowledge of database and operating system security
- Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc
- Experience with network security and networking technologies and with system, security, and network monitoring tools
- Thorough understanding of the latest security principles, techniques, and protocols
- Problem solving skills and ability to work under pressure
- BS degree in Computer Science or related field
- Ethical Hacker - Required
- Associate of (ISC)² - Required
- CISSP (Certified Information Systems Security Professional) – Preferred
- CCNP Security – Preferred
*Must be able to lift up to 30 pounds.