Jobs Page
The following page shows current job opportunities that are sent to the Phoenix ISSA by it’s members for posting. Contacts for these openings are posted under each listing. Postings will remain for 90 days.
Summary
Assoc Privacy Analyst
posted: 8-31-10
Position:
Assoc Privacy Analyst (Business Analyst)
GENERAL SUMMARY The Information Risk Management/Privacy Office (IRM/PO) is responsible for ensuring the implementation, compliance and on-going activities within the company as they relate to employee and customer privacy. The IRM/PO will promote a corporate-wide privacy philosophy supporting a comprehensive and practical set of privacy policies, procedures and technologies to protect the organization from privacy-related liability.
ESSENTIAL RESPONSIBILITIES - Know, keep current, understand and ensure corporate compliance with all relevant privacy laws, regulations and standards that apply to the company. This includes the laws of any jurisdiction in which the company conducts business, including international locations. - Lead the strategy and communicate the vision for privacy and related security measures that impact customers. - Provide leadership, awareness, training and oversight for all privacy-related activities organization-wide. - Oversee, coordinate and work with Legal, Corporate Compliance, Human Resources, Business Unit Privacy Leaders (BUPLs), and other appropriate departments to create, implement and maintain procedures for receiving, documenting, tracking, investigating, and addressing complaints &/or data breaches concerning the company’s privacy policies and procedures. - Perform regular privacy impact assessments (PIAs) to identify, create and implement procedures to help prevent loss and inappropriate distribution of confidential corporate and customer information. - Participate in and review information security plans throughout the organization to ensure alignment between security and privacy practices, and act as a liaison to Business Units, Information Security and Information Technology departments. - Ensure privacy obligations are built into new systems and applications. - Ensure all business partner and associate agreements include privacy requirements and responsibilities, and address all related concerns. - Ensure procedures are implemented to track access to information protected by regulations. - Understand the organization’s technical infrastructure, and promote the use of privacy enhancing technologies. - Create and implement the organization’s privacy incidents response plan, privacy advisories, and other privacy related operational issues. - Performs other duties as required.
JOB SPECIFICATIONS - Bachelor’s degree or equivalent experience. - Strong familiarity and 1-3 years demonstrated knowledge and experience with information privacy & security laws, standards and best practices. - Previous 1-3 years knowledge and experience in the financial, government, and/or healthcare industries preferred. - Demonstrated leadership, analytical, problem-solving and independent decision-making skills. - Excellent interpersonal, consultative, organizational, and written & verbal communication skills.
Apply online at www.cvty.com
Req# 200014
Ethical Hacker
Posted: 8-6-2010
Position:
Senior Ethical Hacker / Senior Web Application Penetration Tester – Phoenix
Salary Range 75 – 90K plus benefits, depending on experience.
Job Description:
The Senior Ethical Hacker / Penetration Tester will be working individually and in teams. This individual will be performing penetration testing or vulnerability assessments of web applications, systems, databases and networks (wired and wireless) as well as code reviews in multi-protocol enterprise environments.
Job Requirements:
Consulting Skills
Independence: self-managed and motivated
Team oriented
Project Management skills: Takes responsibility for satisfaction of client assigned project
Public Speaking
Technical writing and vulnerability research
Scoping of client’s testing effort
Technical Skills
Strong web application penetration testing experience is a requirement
Experience in vulnerability identification and remediation
Linux/UNIX and Windows administration
Knowledge of the software development lifecycle in a large enterprise environment
Solid network penetration testing experience is a plus
Knowledge of 802.11x wireless services, wireless access points, wireless security evaluation, and experience performing “war-driving”, rogue detection, wireless security assessments and penetration testing,
Experience with performing code reviews, wireless and firewall assessments are a plus
Programming background (C++, Perl, Python, Shell ) for tool and exploit development
Technical knowledge in network security products, cryptographic suites and network/application firewalls are a plus
Experience with mobile application and operating system testing
Experience in evasion techniques to bypass firewalls, and intrusion detection
Operating Systems: Windows, , Linux, HP-UX, Solaris, AIX, etc.
Web Servers: IIS, Apache, Lotus Domino, Sun Java System
Middleware software: Oracle’s WebLogic, IBM’s WebSphere, Apache Tomcat
In-depth knowledge of any proxying tools such as Paros, Burp, WebScarab, Achilles “fault injection”
Experience with any open source tools such as Nesus, NMAP, netcat, Whisker, and Nikto
Understanding of various web application architectures and webServices technologies like XML, SOAP, AJAX
Siteminder SSO, Entrust getaccess, RSA Cleartrust experience is a plus
Experience using networking tools such as Solarwinds, RAT, Wireshark/Ethereal and traceroute
Understanding of server and client side application development
Experience performing any of the following:
o Tool/script evaluation
o Physical and logical security audits
o Logical protocol and network traffic audits
o Troubleshooting
o Training of client staff
o Requirements analysis and design
Engagement Management
Understanding of best-practice methodologies
Education and Certifications
Bachelors Degree in Information Technology/Computer Science or 5 years IT experience
Any of the following certifications: CISSP, GIAC, GSE, SCNP, CISA, CCSP, CEH certifications
Benefits and Training:
Above & beyond your base salary are a full suite of medical, dental, vision, 401K Matching, flex and health spending accounts; short/long term disability & life insurance; plus bonus.
Existing authorization to work in the United States is required.
Relocation support for this position is not currently available.
Equal Opportunity Employer.
Contact: Laura Barnard – Recruitment Consultant - BMS Staffing
Email: lbarnard at bmsstaffing.com
Tel. No: 602 550 1618
Security Architect
Posted: 8-6-2010
Position:
Security Architect/Senior Engineer - Phoenix
Salary 80 – 110K plus benefits, depending on experience.
Job Description:
To assist our clients with the deployment and administration of system-wide information security programs by providing technical analysis, project management and communication support.
Job Requirements:
Consulting Skills
Independence: self-managed and motivated
Team oriented
Project Management skills: Takes responsibility for satisfaction of client assigned project
Public Speaking
Technical writing and security program research
Scoping of client’s testing effort
Technical Skills:
Oversee technical deployment for information security applications implemented by clients.
Serve as a senior technical consultant to clients requiring information or security technical skills because of lack of personnel or job vacancies.
Coordinate, lead and perform technical analysis and evaluation of information technology/security software and hardware to help determine appropriateness for system-wide/enterprise adoption.
Perform technical analysis/assistance related to Infrastructure Management monitoring reports for clients.
Assist client Chief (Information) Security Officers in defining long-range strategies for their respective programs.
Coordinate and lead research teams to evaluate the soundness of IT Security programs at clients and make recommendations for improvement.
Determine gaps and program inefficiencies and make recommendations for information technology that can close the gaps and/or improve the programs.
Provide budget and security metric research/guidance to clients.
Coordinate and facilitate communications across multiple stakeholders.
Performs other related functions as assigned.
Engagement Management
Understanding of best-practice methodologies
Business Development
Opportunity Identification
Education and Certifications
Bachelors Degree in Information Technology/Computer Science or 5 years IT experience
Any of the following certifications: CISSP, GIAC, ISSAP, ISSEP, GSE, SCNA, CCSP, and CCIE+Security
Benefits and Training:
Employee-oriented company that offers a collaborative environment for consultants to work in.
Above & beyond your base salary are a full suite of medical, dental, vision, 401K Matching, flex and health spending accounts; short/long term disability & life insurance; plus bonus.
Existing authorization to work in the United States is required.
Relocation support for this position is not currently available.
Equal Opportunity Employer.
Contact: Laura Barnard – Recruitment Consultant – BMS Staffing
Tel. no. 602 550 1618
Email: lbarnard at bmsstaffing.com
ACF2 Contractor
Posted: 8-5-2010
Looking for an ACF2 contractor to provide support for a LTC RBAC project in the Midwest. Requires BU interviews, inventory, grouping, design new roles, asset assignment, admin, etc. still being defined…but must be able to start next week.
Please send your resume and requirements to BPorreca@infosecinc.com.
Principals only. No 3rd Party.
Sr Racf Consultant
Posted: 8-5-2010
Looking for a Sr RACF contractor to provide a RACF SECURITY ASSESSMENT….start IMMEDIATELY. Security assessment areas include, Started Task, PROD Batch, CICS, DB2, USS, ND Pen Tests, z/OS Integrity, Audit/Logging, Sec Admin, Sec SysMods, Sec SysPerf, Scalability, etc.
Please send your resume and requirements to BPorreca at infosecinc.com
UAT Instructors
Posted: 8-4-2010
One full time position and 3 adjunct positions open in this area. Full time people generally are scheduled across the week in blocked normal work hours (8:30a to 8:30p) while adjuncts are normally scheduled only in the evening blocks (5:30 to 8:30p).
Available classes for Fall 2010
Title: Forensic Tools and Incident Response
Code: CFR210
Section: FA10110
Credits: 3.00
Start Date: 9/7/2010
End Date: 12/17/2010
Title: Network Forensics
Code: CFR410
Section: FA10112
Credits: 3.00
Start Date: 9/7/2010
End Date: 12/17/2010
Title: Information Security and Organizational Management
Code: NTS355
Section: FA10131
Credits: 3.00
Start Date: 9/7/2010
End Date: 12/17/2010
Title: Unix/Linux System Administration
Code: NTW342
Section: FA10180
Credits: 3.00
Start Date: 9/7/2010
End Date: 12/17/2010
Rebecca R. Whitehead
Dean of Academic Affairs
University of Advancing Technology
2625 W. Baseline Rd
Tempe, AZ 85284
602-383-8283
rebecca at uat.edu
Information Security Engineer State of Arizona
Posted: 7-28-2010
Job Summary for Information Security Engineer:
The Arizona Department of Revenue (DOR) is seeking an experienced Information Security Engineer position who will play a key role in supporting the AZDOR Information Security unit. This position will develop, administer and update key information security processes, standards and policies designed to protect Arizona state taxpayers confidential information. This position is critical in assessing security controls so the controls can be administered and maintained in an effective manner. This position works closely with other IT units in planning and implementing technologies to ensure the security of the data and systems of AZDOR. This position will lead in the daily support and monitoring of the security applications.
Major Responsibilities Include:
Providing security oversight ensuring confidentiality, integrity, and availability (CIA) for DOR information and on-going security auditing;
Evaluating IT infrastructure and applications as they relate to security architecture and design;
Making recommendations on the design, selection and modification of appropriate hardware and software to meet security requirements of network and mainframe systems and information processing needs;
Leading DOR IT forensics efforts;
Participating in projects relating to security and technical considerations and deployment activities;
Other duties include supporting IT disaster recovery documentation, testing and review; and assisting with DOR Information Security policies and standards creation and review.
Key Skills and Abilities:
Experience in reviewing information security standards, technologies, design, techniques and quality control methods for IT information systems.
Experience with LAN/WAN network topologies, protocols, file/application servers, encryption technologies, and network operating hardware and software, FTP, Active Directory, VPN technologies (such as MPLS, IPSEC, etc.) IIS, and ISA Proxy Server.
Demonstrated experience in firewalls, IDS/IPS systems, event correlation systems, content filters, SYSLOG, and SNMP.
Experience in computer forensics methodologies.
Consistently stays abreast of new technologies and industry best practices.
Work closely with IT teams to provide exceptional customer service in a fast paced dynamic environment.
Collaborate with IT and business resources to design effective security solutions.
Strong analytical and problem solving skills.
Excellent communication, presentation and facilitation skills, including the ability to communicate effectively with customers, different levels of management, and functional departments.
Education, Training, Certifications and Experience:
The ideal candidate for this position will possess a minimum of:
Bachelor’s degree in Information Technology or related field, with approximately five (5) additional years of relevant IT professional experience; OR,
Approximately 9 years of relevant IT professional experience;
Approximately 5 – 7 years of progressive Information Technology experience in physical, application and networking security policies, procedures and practices;
CISSP, CISA or equivalent security certification.
A person with a disability may request a reasonable accommodation or an alternative format by contacting the Human Resource Office (602) 716-6950, TDD/TTY 602-542-4021 or 1-800-397-0256. Requests should be made as early as possible to allow time to arrange the accommodation.
NO Agencies
NO Corp-to-Corp
NO Relocation offered
Cristy Schaan
IT, Operations and Security Administrator
AZ Department of Revenue
(602) 716-6758
cschaan at azdor.gov
IT Security Consultant
Posted: 7-21-2010
Contract for 12 months
Experience:
A minimum of 5 years of experience in providing Information Security services to financial, insurance and legal industries
5+ years experience in IT Risk and Security management
5+ years experience in Audit / Regulatory Compliance
Security Certifications are preferred (i.e. CISSP, SANS GSEC, CHFI, CEH, etc¡
Deliverables:
–Security departmental business process analysis as requested.
–Security documentation and training materials
–Security control implementations within the published application and architecture structures.
–Security risk analysis.
–Security assessments.
–Security control designs and plans.
–Third Party Assessment Summaries.
–Site Visit Reports.
–Threat and Vulnerability Assessments.
–Data Profiles.
–Business Impact Assessments.
Therese Vereen
Therese at cn-tec.com
Senior Account Manager
CN-tec
480.993.0619 x114: Local
602.332.9028: Cell
800.889.2959: Toll Free
www.CN-tec.com
Senior Security Analyst - Utah
Assumes overall responsibility for the central data security and privacy policies, architecture, and procedures. Works with operations and IT management to create, document, implement, and manage policies, procedures, and practices that ensure the availability, integrity, and privacy of information assets on centrally managed computer systems. Assists in the compliance with relevant information technology laws and policies.
PRIMARY DUTIES, RESPONSIBILITIES AND REQUIREMENTS
* Responsible for the implementation of security best practices, client requirements, external compliance requirements, and global security team defined objectives
* Align current business processes with client requirements and external security standards/obligations such as Visa PCI DSS, ISO27001 and ISO27002, HIPAA, BITS, etc
* Identifying and remedying security deficiencies and gaps with business suitable controls
* Works with global security team in the creation of policies, procedures, or guidelines to ensure the security and privacy of information and computer systems for company
* Reviews Statements of Work, Master Service Agreements, and other contracts for security obligations and identify areas of exposure
* Serves as liaison between operations and management to maximize the adoption of and support for security plans and procedures within the organization.
* Recommends physical security controls and processes
* Develops and implements the information security strategy and architecture to be used by systems developers and administrators.
* Maintains currency of expertise in security-related technologies, trends, issues, and solutions.
* Investigates security needs, and recommends; plans, implements, tests, and monitors information security improvements.
Kim Eshnaur
Technical Recruiter
Kforce Technology Staffing
1245 East Brickyard Rd. Suite 100
Salt Lake City, UT 84106
801.461.6305 office
801.300.3757 mobile
801.257.6838 fax
www.kforce.com
Enterpris Logging Policy - Contract
Posted: 7-1-2010
Contract for 2 months
“The client has requested assistance with their enterprise logging initiative for 76 business units with 454 applications to perform a gap assessment on logging requirements and to provide architecture planning and estimates for cost per event of storage. Our high level plan is to help them with a Log Management Policy, gap assessment of 454 applications against their policy through questionnaires, estimates on the event rates and to provide an architecture to help with the collection of events. We are looking for a process oriented consultant with a background in enterprise logging, information security and an understanding of a multi-business unit organization structure. We will need to produce a policy as well as a written report with the gap assessment and architecture recommendations.”
If you’re interested or have questions, please give me a call. I’m temporarily at 613-782-7134 (desk). If I don’t answer there, try 760-880-4258 (cell).
Business Analyst Risk- Scottsdale, AZ
Posted: 6-29-2010
Contract for 6 -18 months
If you are currently working with a CDI recruiter and have interest in this position, please contact them and reference #34576
Location: Scottsdale Term: 6-18mo
Rate: W2 ONLY Must be authorized to work in the U.S. without requiring visa sponsorship. Not open for Corp-to-Corp or 3rd Party
Risk register validation and maintenance for Lending Infrastructure as well as identify/document significant controls around key processes, functions and services (phased approach based on risk ranking from critical to low)
Platform and Skill Set Expertise:
Client Server Development: NT, Client Server Development : UNIX, Middleware : WebSphere, Middleware : WebLogic, Analysis Skills : Business Analysis, Analysis Skills : Financial Analysis
With Best Regards,
Alisa Zapalova, Sr. Technical Recruiter- CDI IT Solutions
tel. 602-508-6438 mob. 602-818-9013
alisa.zapalova at cdicorp.com
Information Security Analyst- Chandler, AZ
Posted: 6-21-2010
Contract for 6 months
Title: Information Security Analyst
Client: Banking Industry
Rate: W2 only (no 1099, Corp to Corp, H1B Visa, or Third Party
Candidates)
Contractor will be reviewing requests for information security risk assessments. As such the contractor must have a CISSP, excellent written and verbal communication skills, strong information security knowledge, solid technical skills, an understanding of secure coding principles, a solid understanding of application architecture, and be knowledgeable of GLBA, PCI, etc.
Becca Bloyd-Kamarad
Advantage Technical Resourcing
(800) 663-2718 Ext.1008
becca.kamarad at advantageresourcing.com
Security Space Business Analyst
Posted: 6-14-2010
Contract for 3+ months Security B/A
Job #1036-MH605
Job Title: Security Space Business Analyst
Location: Scottsdale, AZ
Immediate need for a BA Consultant with specific experience in the security space. This will be a 3 month contract that could be extended another 3-5 months. Location is Phoenix area. Must have strong Business Analyst skills. Must be able to work well with clients and be a team player.
CISSP / CISM / CISA or related information security certification
Experience with third-party security audit processes including physical and logical site review
Experience with writing and understanding security provisions in contracts; preferably third-party
Any semblance of process improvement or customer engagement experience would be a plus
Gary Graham
Tech One
1705 W. University Dr., Ste. 104
Tempe, AZ 85281
Office: (480) 449-3333
FAX: (480) 449-3339
Cell: (480) 620-7990
Email: ggraham at techoneIT.com
Info Security | Privacy Analyst
Posted: 6-5-2010
Coventry Health Care, Inc. – Info Security/Privacy Analyst
Provides support in a privacy resource role for the organization. Assists with tasks associated with the implementation of privacy policies, procedures, standards and guidelines. Ensures compliance with Federal and state regulatory requirements such as HIPAA Privacy and GLBA.
LOCATION: AZ - Scottsdale, PA - Cranberry Township
COMPANY INFORMATION: Coventry Health Care
4141 N. Scottsdale Road
Scottsdale, AZ 85251
Website: http://www.coventryhealthcare.com/
ESSENTIAL RESPONSIBILITIES:
• Assists in performing tasks associated with Privacy program implementation and management to reduce overall corporate information risk.
• Assists with the identification and analysis of possible privacy incidents and remediation follow-up with Business Unit Privacy Leaders to ensure incident closure.
• Assists in the development and implementation of privacy policies and procedures as appropriate.
• Assists with audits to ensure compliance with internal privacy standards and regulatory requirements.
• Provides basic support to business & IT departments working with the Business Unit Privacy Leaders as appropriate.
• Provides privacy training & maintains training materials.
• Performs other duties as required.
JOB SPECIFICATIONS:
• Bachelor’s degree or equivalent experience.
• Previous (3-5 years) experience in implementing and administering a privacy program.
• Strong knowledge and familiarity with applicable laws and standards (HIPAA, Gramm-Leach-Bliley, state regulations).
• Strong knowledge of privacy best practices, policies and procedures.
• Basic understanding of core business processes and ability to interpret them into privacy requirements.
• Basic skills required in critical thinking and analysis, meeting facilitation, verbal and written communications, and interpersonal interactions (e.g., partnering, conflict management, consulting, etc.).
• Ability to work effectively in a team environment.
• Understanding of the health care business and care delivery processes preferred.
HIGHEST FINISHED EDUCATION: 4yr College Degree
CONTACT: http://coventryhealthcare.com/careers Job Requisition # 137349
Manager, Access & Identity Management
Posted 6-04-2010
Location: Cincinnati, OH
MANAGER: CSO FLSA STATUS: Exempt
DIVISION: Information Technology DATE: April 2010
DEPARTMENT: Security
GENERAL FUNCTION: Manage processes, technology and people that support identity, access and privilege management for the company. Multiple platforms, systems and technologies are supported, including physical as well as logical access control and authorization systems. Configure and maintain identity and access controls tools and systems, and optimize associated processes to meet company needs in an efficient and timely manner. Lead the team to provide outstanding customer service with a focus on continual process improvement.
ESSENTIAL DUTIES & RESPONSIBILITIES:
• Implement, configure and maintain identity management tools
• Oversee the configuration and maintenance of physical access controls for all company facilities, including the creation, modification and decommissioning of card key access badges
• Oversee the creation of temporary access credentials to company facilities for authorized visitors
• Manage the oversight of temporary logical access credentials for authorized uses of company computing facilities
• Manage monitoring and oversight of unauthorized use of credentials or access tokens
• Manage the configuration and maintenance of administrative access tools to company computing resources
• Oversee password creation and reset processes
• Manage the support for deployment and collection of strong authentication tokens companywide
• Manage the creation and support of role based access in privilege and access management tools for all platforms and locations
• Drive process improvement initiatives in team to improve customer response time and right-first-time deliveries
• Capture and report on ongoing operational efficiencies and customer satisfaction metrics
• Oversee periodic employee access reviews and re-certifications
• Oversee investigations of system activities by authorized user ID’s using privilege management facilities
SUPERVISORY RESPONSIBILITIES:
Manage team of physical and logical access control and privilege management professionals. Supervise adherence to access and control policies and procedures by local as well as remote personnel. Provide training, mentoring and coaching to team members in order to build a unified, energetic, responsive team. Manage the performance and pay of subordinates.
MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED:
• Bachelor’s Degree in Computer Science, Information Systems, or other related field or equivalent work experience.
• Five years of previous security experience, 2 years of which should have been in managing a team.
• Require strong customer support experience and excellent interpersonal skills
• Require strong technical background in identity and access management technologies
• Strongly prefer technical experience in Oracle Identity Management and Symark (BeyondTrust) Powerbroker setup and configuration
• Require good leadership with strong written and verbal communication skills
• Must be highly motivated, self-directed, team oriented, customer focused, and has the ability to reengineer business practices.
Contact: scott.mackelprang at 53.com
VP Safety and Physical Security
Posted 6-4-2010
Location:Cincinnati, OH
GENERAL FUNCTION: Senior leader responsible for the safety and protection of company employees and the physical security of company property, assets and data. Oversees the executive protection program and the company’s emergency response program. Provides tactical and strategic leadership in establishing company protections for company buildings and data centers, employees and the sensitive information entrusted to the company.
ESSENTIAL DUTIES & RESPONSIBILITIES:
• Manage physical access control infrastructure for all company facilities and oversee management of physical security of outsourced company facilities and processes
• Oversee security of card personalization facilities and processes
• Oversee management of physical access of employees and visitors to company facilities
• Oversee physical surveillance infrastructure, tools, processes, people and investigations
• Manage physical security investigations and in conjunction with HR, manage workplace violence and safety issues
• Oversee company’s physical security incident response
• Provide primary interface with senior executive management of customers and partners during physical security incidents
• Provide interface with law enforcement and company legal teams when responding to physical and safety emergencies
• Oversee physical protection of sensitive paper and electronic media while in use and during transport, storage and destruction
• Oversee physical security and safety policies and employee safety and security education and awareness efforts
• Manage the executive protection program
SUPERVISORY RESPONSIBILITIES: Manage senior personnel and team of facility security guards/engineers. As required, manage outsourced security services for local and remote locations. Provide training, mentoring and coaching to teams. Manage performance and pay of subordinates. Provide motivation and vision to develop a unified and energized security team. Develop successors and work across organizational boundaries to accomplish the company’s security objectives.
MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED:
• BS or equivalent relevant experience with 7 years of physical security experience, 3 of which in management of physical security
• Solid, professional background in best practices for physical facility security and personnel safety and security
• Demonstrated ability to manage physical security and personnel safety for a highly targeted organization
• Collaborative and solutions-oriented leader with a track record of building high performance teams and finding win-win solutions
• Strong written and verbal communication skills with demonstrated ability to interface with senior executives and law enforcement
• Ability to manage competing priorities, be self-directed and provide insightful oversight to teams
• Prefer Certified Protection Professional
Contact: scott.mackelprang at 53.com
VP Data and Systems Protection
Posted 6-4-2010
Location: Cincinnati, OH
GENERAL FUNCTION: Senior leader responsible for the security of all data and computing systems within the enterprise. Also manages the administration of the company’s cyber security applications and processes. Provides tactical and strategic leadership in defending the company against worldwide threats and in positioning the company’s security to compete and win against marketplace competitors.
ESSENTIAL DUTIES & RESPONSIBILITIES:
• Oversee computer security on all computing platforms in the company
• Oversee application security for all in-house developed software and product lines
• Implement and maintain security standards for all operating systems, networks, platforms and environments used by the company
• Manage security patching and system hardening for all company computers
• Manage wireless and mobile device security
• Manage data classification standards and data protection enforcement mechanisms
• Oversee appropriate and secure use of encryption technologies at the business
• Oversee the cyber threat monitoring delivered through the company’s security infrastructure
• Manage company’s cyber security incident response
• Oversee network and system security assessment activities for the company, partners and selected vendors
• Oversee cyber investigation and computer forensic activities for company and potentially for affiliates
• Provide primary interface with senior executive management of customers and partners during cyber incident response
• Provide interface with law enforcement and company legal teams during cyber incident response
• Oversee control of malware within the company
• Consult with and support business segment leaders to enhance their security and improve their effectiveness
SUPERVISORY RESPONSIBILITIES: Manage senior technical personnel as well as the managers of senior technical personnel. Provide training, mentoring and coaching to teams. Manage performance and pay of subordinates. Provide motivation and vision to develop a unified and energized security team. Develop successors and work across organizational boundaries to accomplish the company’s security objectives.
MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED:
• BS in Computer Science or equivalent relevant experience with 7 to 12 years of security management experience
• Extensive knowledge of information security tools, processes and technologies
• Demonstrated ability to manage cyber security for a highly targeted organization that handles finances or other high value transactions
• Collaborative and solutions-oriented leader with a track record of building high performance teams, working across organizational boundaries and finding win-win solutions
• Strong written and verbal communication skills with demonstrated ability to interface with senior executives, law enforcement and customer executive management
• Ability to balance competing priorities, be self-directed and provide insightful leadership to teams
• Ability to drive operational excellence by implementing process rigor and quantitative measurements
• Prefer individual with experience working in the financial industry or other highly regulated environment
• Prefer CISSP
Contact: scott.mackelprang at 53.com
Information Security Engineer
Posted 5-26-2010
Location: Position can be located in Chandler, AZ, Minneapolis, MN, or Charlotte, NC
Duration: 6 month+ contract
Title: Information Security Engineer
Client: Banking Industry
Experience Level: 4 yr degree plus 12-15 yrs exp
Description: Develop specifications for extremely complex computer network security/protection technologies for company information and network systems/applications. Develop security solutions for the company’s networks and virtual private networks, application systems, key public infrastructures, authentication and directory services to ensure the security of the network and confidential data. Identify emergent vulnerabilities, evaluate associated risks and threats, and design network vulnerability scans to identify security vulnerabilities and provide remediation alternatives to the customer. Serve as technical lead responsible for specific areas of computer security incident response activities to include intrusion detection monitoring, scanning, cyber threat reporting, and development/implementation of vulnerability mitigation strategies. Lead security risk assessments to ensure compliance with corporate security policies and adherence to best practices. Lead the evaluation of vendor proposals, new and existing security designs, and emerging security technologies and systems. Serve as a high level technical security resource on large-scale network and/or systems/applications issues. May direct or serve as a mentor to less experienced staff.
This position will focus on providing Security Consulting and Risk Assessment services for several business lines. The successful candidate will work with these lines of business to assess risk related to their infrastructure/ applications and consult on security issues and risks as it relates to corporate and external regulations and policy/standards.
Responsibilities include but are not limited to: 1) Creation of Low, Moderate and High Complexity Security Plans that includes Discovery and Risk Identification Phases resulting in an overall comprehensive and completed Risk Assessment. 2) Consultation with client business lines to assist with risk identification and provide assistance with mitigating control solutions that result in lowering of identified risk with minimum Management Supervision and mentors other consultants. 3) May either write the entire assessment or may serve as an editor to assessments written by the line of business, manage a diverse portfolio of plans with varying degrees of complexity and timelines for completion. 4) Perform auxiliary tasks as needed. Candidate must possess the interpersonal skills to conduct the discovery, technical savvy to break down the intent of the LOB, security concept knowledge to assist in the identification of the associated risks and the ability to provide same in a clear, concise written format. Technical experience/exposure to a myriad of technical concepts such as VPN, various encryption types/methods), firewall knowledge, code/site review knowledge; security concepts such as Cryptography, Defense in Depth, C-I-A Triad, Risk vs Threat, GLBA, SOX, PCI are highly preferred as well as CISSP certification.
Becca Bloyd-Kamarad
Advantage Technical Resourcing
(800) 663-2718 Ext.1008
becca.kamarad at advantageresourcing.com
