PURPOSE OF POSITION:
The Sr. IT Security Advisor for Security Operations will be responsible for the identification, coordination, and day-to-day management of core global information security operational functions and tasks. Representative responsibilities include the maintenance and deployment of security baseline configurations (firewalls, routers, servers, desktops/laptops, mobile devices, etc.), daily management of anti-virus and anti-malware identification and remediation efforts, vulnerability scanning, Security Event and Incident Management (SEIM), and multi-layer reporting of World Vision's global security posture. This individual would also be responsible for vendor management in the event World Vision outsources some daily security operational functions to a third party. KEY RESPONSIBILITIES:
Operations Solutions:
- Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
- Defines and validates baseline security configurations for operating systems, applications, networking and telecommunications equipment.
Business Requirements:
- Engages directly with the business to gather a full understanding of project scope and business requirements.
- Assesses business needs against security concerns and articulates issues and potential risks to management.
- Consults with other business and technical staff on potential business impacts of proposed changes to the security environment.
- Provides security-related guidance on business process.
Security Solutions:
- Works closely with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls.
Policies, Procedures & Standards:
- Acts as primary support contact for the development of secure applications and processes.
- Maintains an up-to-date understanding of industry best practices.
- Develops, enhances and implements enterprise-wide security policies, procedures and standards across multiple platform and application environments.
- Monitors the legal and regulatory environment for developments.
- Recommends manages implementation of required changes to IT policies and procedures.
- Monitors compliance with security policies, standards, guidelines and procedures.
- Ensures security compliance with legal and regulatory standards.
Security Audits:
- Performs security audits.
- Participates in security investigations and compliance reviews as requested by external auditors.
- Consults with clients on security violations.
- Acts as liaison between internal audit and IT to ensure commitments are met and controls are properly implemented.
Security Support:
- Assists security operations team in troubleshooting and resolving level-3 escalated security related issues.
- Authors environmental and support documentation and diagrams.
Business Continuity/Disaster Recovery:
- Develops impact analysis.
- Assists business partners with the determination of critical business processes and systems.
- Identifies and coordinates resolution of recovery issues.
KNOWLEDGE, SKILLS & ABILITIES:
Required:
- Bachelor's Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
- Requires in-depth knowledge and operational expertise deploying and maintaining various security-related technologies such as firewalls, routers, VPN's, vulnerability scanning technologies, IDS/IPS, and all core operational security functions.
- Typically requires 7-10 years of combined IT and security work experience with a broad range of exposure to security operation technologies.
- Typically requires 3-5 years of work experience running a Security Operations Center (SOC).
- Recommended Security Certification (i.e., Certified Information Systems Security Professional (CISSP), Certified Information Security Manage (CISM), or Global Information Assurance Certification (GIAC).
No comments:
Post a Comment