Dieses Jobangebot ist archiviert und steht nicht mehr zur Verfügung.
Vakante Jobangebote finden Sie unter Projekte.
Vakante Jobangebote finden Sie unter Projekte.
Information Security Specialist
Eingestellt von CompuCom
Gesuchte Skills: Support, Design
Projektbeschreibung
With a strong focus on cost-effectively meeting the Information Security needs of CompuCom business units and through them, our clients, design, implement and manage enterprise level security architecture as well as provide technical support and advice on a wide variety of information security responsibilities, issues and problems. This includes Documentation, Compliance, User Awareness, Incident Response, Security Vulnerability Management, Risk Assessment and being a Subject Matter Expert in these and other areas related to Information Security. Perform internal investigations as may be needed by the CompuCom Legal and HR Departments. Lead and/or work on committees and task forces throughout CompuCom to assist with the improvement of security of information systems, processes and procedures as well as to ensure compliance with all established policies, standards and regulations relevant to CompuCom.
Information Security Documentation
- Working with team members and business unit representatives, develop and publish information security policies, processes and procedures that support compliance with industry standards and regulations relevant to CompuCom and that otherwise reflect information security best practices
- Update existing information security policies, processes and procedures to ensure the policies remain current with industry standards and regulations
- Review security related documentation produced by other teams for accuracy and completeness; where appropriate, assist with identifying the security requirements
Compliance and Risk
- Assist with client proposals, including the review of and proposed changes to RFPs and MSAs to minimize risk to CompuCom as well as assist with the design of the solution after the contract has been signed
- Participate in the review of information security Waiver Requests, working with the requestor to find alternative solutions that could minimize the risk to CompuCom while meeting the needs of the business
- Lead activities associated with internal and external audits to ensure they have the proper scope, are completed in a timely manner and that the contacts within CompuCom interact with the Auditors cooperatively
- Lead, coordinate and/or drive remediation activities in order to reduce to an acceptable level any risk that may identified as a result of an audit
- Assess applications developed in-house or purchased from vendors as well as those services obtained from third parties to ensure they include adequate controls
User Awareness
- Working with other team members and business unit representatives, develop user awareness programs and initiatives as it relates to Information Security
- Where needed, provide specialized security training or assist in identifying and assessing sources of training outside of CompuCom
- Perform analyses of CompuCom Security User Awareness training in order to gauge utilization and effectiveness; make recommendations to improve training
- Develop innovative ways to communicate Information Security standards to end users and business leaders
Incident Response
- Lead and/or participate in incident response activities as directed and as outlined in CompuCom's Security Incident Response Procedure
- Review and update the corporate incident response documentation, process and procedures in support of continuous improvement
Security Vulnerability Management
- Monitor for vulnerabilities relevant to the CompuCom IT Environment
- Organize and conduct monthly Security Vulnerability Management Meetings
- Participate in the Security Vulnerability Management process, offering advice and recommendations in order to ensure risk from vulnerabilities is kept to a minimum
Vulnerability Scanning
- In conjunction with Security Vulnerability Management process, coordinate and schedule scans of CompuCom's internal address space for vulnerabilities using approved tools
- Ensure that approved scanning tools have at least the minimum level of access needed to identify vulnerabilities that may exist for the device environment
- Ensure that approved scanning tools are configured to perform all necessary tests in order to have an accurate and complete risk profile for the devices while at the same time not performing tests without prior approval that are known to have the potential to introduce instability or compromise a system, for example DoS attacks
- Generate and publish reports of vulnerabilities; using these reports, assess level of compliance with the Security Vulnerability Management process
Subject Matter Expert
- Keep abreast of security, compliance and privacy standards and regulations, alerts, and vulnerabilities that are relevant to CompuCom
- Develop proposals on how new and existing standards and technologies could be used to reduce risk to CompuCom and/or improve the competitive position of CompuCom
- Communicate Information Security knowledge to internal as well as external parties
Other
- Participate in the Change Management process and weekly meetings
- Active participation in Project Management, as participant or Project Manager, for any project that may require such a formal approach
- Mentoring less experienced team members
- Perform additional duties as may be deemed necessary by CompuCom management
QUALIFICATIONS
- Bachelor's Degree in Information Systems or the equivalent in the form of proven experience
- CISA Certification
- CISSP Certification
- Proven ability to develop, create and implement processes that may be complex and/or cross team and organizational boundaries
- Proven ability to create and maintain effective documentation, including policies, processes and procedures
- Excellent understanding of Information Security technologies
- Excellent understanding of Information Security controls as well as experience achieving compliance using and/or with standards and regulations such as SSAE16, AT101/TSP100, ISO27001, PCI-DSS, SOx and HIPAA
- 10 years of proven experience with Information Security in medium to large organizations
- 3 years Project Management experience
- Excellent organization skills
- Ability to prioritize workload in order to meet commitments
- Strong communications skills, both verbal and written, as well as the ability to communicate well with people in a variety of positions, roles and levels
Information Security Documentation
- Working with team members and business unit representatives, develop and publish information security policies, processes and procedures that support compliance with industry standards and regulations relevant to CompuCom and that otherwise reflect information security best practices
- Update existing information security policies, processes and procedures to ensure the policies remain current with industry standards and regulations
- Review security related documentation produced by other teams for accuracy and completeness; where appropriate, assist with identifying the security requirements
Compliance and Risk
- Assist with client proposals, including the review of and proposed changes to RFPs and MSAs to minimize risk to CompuCom as well as assist with the design of the solution after the contract has been signed
- Participate in the review of information security Waiver Requests, working with the requestor to find alternative solutions that could minimize the risk to CompuCom while meeting the needs of the business
- Lead activities associated with internal and external audits to ensure they have the proper scope, are completed in a timely manner and that the contacts within CompuCom interact with the Auditors cooperatively
- Lead, coordinate and/or drive remediation activities in order to reduce to an acceptable level any risk that may identified as a result of an audit
- Assess applications developed in-house or purchased from vendors as well as those services obtained from third parties to ensure they include adequate controls
User Awareness
- Working with other team members and business unit representatives, develop user awareness programs and initiatives as it relates to Information Security
- Where needed, provide specialized security training or assist in identifying and assessing sources of training outside of CompuCom
- Perform analyses of CompuCom Security User Awareness training in order to gauge utilization and effectiveness; make recommendations to improve training
- Develop innovative ways to communicate Information Security standards to end users and business leaders
Incident Response
- Lead and/or participate in incident response activities as directed and as outlined in CompuCom's Security Incident Response Procedure
- Review and update the corporate incident response documentation, process and procedures in support of continuous improvement
Security Vulnerability Management
- Monitor for vulnerabilities relevant to the CompuCom IT Environment
- Organize and conduct monthly Security Vulnerability Management Meetings
- Participate in the Security Vulnerability Management process, offering advice and recommendations in order to ensure risk from vulnerabilities is kept to a minimum
Vulnerability Scanning
- In conjunction with Security Vulnerability Management process, coordinate and schedule scans of CompuCom's internal address space for vulnerabilities using approved tools
- Ensure that approved scanning tools have at least the minimum level of access needed to identify vulnerabilities that may exist for the device environment
- Ensure that approved scanning tools are configured to perform all necessary tests in order to have an accurate and complete risk profile for the devices while at the same time not performing tests without prior approval that are known to have the potential to introduce instability or compromise a system, for example DoS attacks
- Generate and publish reports of vulnerabilities; using these reports, assess level of compliance with the Security Vulnerability Management process
Subject Matter Expert
- Keep abreast of security, compliance and privacy standards and regulations, alerts, and vulnerabilities that are relevant to CompuCom
- Develop proposals on how new and existing standards and technologies could be used to reduce risk to CompuCom and/or improve the competitive position of CompuCom
- Communicate Information Security knowledge to internal as well as external parties
Other
- Participate in the Change Management process and weekly meetings
- Active participation in Project Management, as participant or Project Manager, for any project that may require such a formal approach
- Mentoring less experienced team members
- Perform additional duties as may be deemed necessary by CompuCom management
QUALIFICATIONS
- Bachelor's Degree in Information Systems or the equivalent in the form of proven experience
- CISA Certification
- CISSP Certification
- Proven ability to develop, create and implement processes that may be complex and/or cross team and organizational boundaries
- Proven ability to create and maintain effective documentation, including policies, processes and procedures
- Excellent understanding of Information Security technologies
- Excellent understanding of Information Security controls as well as experience achieving compliance using and/or with standards and regulations such as SSAE16, AT101/TSP100, ISO27001, PCI-DSS, SOx and HIPAA
- 10 years of proven experience with Information Security in medium to large organizations
- 3 years Project Management experience
- Excellent organization skills
- Ability to prioritize workload in order to meet commitments
- Strong communications skills, both verbal and written, as well as the ability to communicate well with people in a variety of positions, roles and levels
Projektdetails
-
Einsatzort:
Dallas, Vereinigte Staaten
-
Projektbeginn:
asap
-
Projektdauer:
Keine Angabe
- Vertragsart:
-
Berufserfahrung:
Keine Angabe
Geforderte Qualifikationen
-
Kategorie:
Medien/Design, Sonstiges