Senior Security Solution Engineer
Senior Security Solution Engineer
The Senior Security Solution Engineer will be a combination of both security administrator and advisor. The position is responsible for overseeing the security of infrastructure, applications, and information of the ISC Americas and guarding against security threats. The position requires a high level of business and technical experience related to security and information threats.
Your tasks and responsibilities
- Serve as an internal information security expert to the ISC Americas, working with compliance, risk management and audit functions.
- Direct and enhance information security by identifying risks and opportunities and developing policies and security strategies and information security organization.
- Establish processes to maintain awareness of current and emerging regulatory and legal issues
- Evaluate information security technologies; maintain knowledge of developments of security for networks, systems and hardware, etc. Incorporate new developments into the future systems of the organization whenever possible.
- Implementation of an information security management system in accordance to ISO 27001:2005.
- Design information security aspects of networks topology, access control, identity management and other security systems.
- Maintain organization's effectiveness and efficiency by defining, delivering, and supporting strategic plans for information security. Promote activities to create information security awareness within the organization.
- Periodically reviewing and evaluating the information security policies and suggesting necessary changes to management.
- Establish processes to ensure risks are properly identified, evaluated, communicated and managed
- Complete projects by coordinating resources and timetables with user departments and data center.
- Serve as the technical and communications liaison to all employees, affiliate marketing partners, alliances, or other third parties, ensuring proper information security clearance in accordance with established organizational information security policies and procedures.
- Develop an information security awareness program and execute training for all users.
- Maintain quality service by establishing and enforcing organization standards. Manage the internal control audit process and partner with business partners to improve performance.
- Establish operational, tactical and strategic metrics that monitor utilization and effectiveness of security resources; test the information security architecture to evaluate the security strengths and detect possible threats annually and implement necessary action plans.
PROBLEM SOLVING AND DECISION MAKING:
- Monitor information security violations and takes corrective action
- Involved in change management, systems development life cycle (SDLC) and project management processes.
- Establish operational, tactical and strategic metrics that monitor utilization and effectiveness of security resources
Bachelor's degree required.
Certificate Designations: CISSP, MSP
8+ years of IT security engineering with expertise in either network or application security
4+ years of Information Security experience required
KNOWLEDGE & SKILLS:
- Exceptional oral and written communication skills; ability to effectively communicate with a wide range of technical and non-technical personnel
- Proven success working with peers, technical staff, senior management and in supporting business operations directly
- Experience in IT, IT Operation, IT Security Management, IT Revision, and IT Risk Analysis
- Able to work on a high level of abstraction and should have a good analytical, conceptual and holistic intellectual capability
- Strong presentation and moderation skills
- Excellent project management skills
- Knowledge of state-of-the art information security standards and frameworks like ISO 27001 and 27002, COBIT for Information Security, The Risk IT Framework, NIST 800-53
- One or more of of the following certifications: CISA, CISM, CISSP, MSP, ISO 27001 Lead Auditor or equivalent
- Thorough conceptual understanding of following technologies:
o Intrusion detection / prevention (IDS/IPS)
o Identity and access management (IAM)
o User account administration
o Malware protection
o Spam protection
o Public key infrastructure (PKI)
o Digital signature
o Virtual private networks
o Single-sign on (SSO)
o Privacy compliance
o Remote access
o Electronic data interchange (EDI)
o Security Incident and Event Management (SIEM)
o Vulnerability management
o Penetration testing
Ability to speak, read and write fluent English
Additional foreign language is a plus
Domestic and International Travel