Vacancy expired!
Resp & Qualifications
PRINCIPAL ACCOUNTABILITIES:Under the supervision of the Manager, Information Security, the incumbent’s accountabilities include, but are not limited to the following:1.- Execute security governance and compliance leadership through the design and implementation of security policies, procedures, guidelines, and standards to maintain the confidentiality, integrity and availability of information systems and data.
- Represent Information Security from Security Governance and Compliance perspective.
- Design, implement, and integrate security solutions to address enterprise risks and exposures.
- Develop and maintain Information Security Metrics supported by KPIs and KRIs.
- Provide support and guidance to a team of technically diverse personnel of senior level security specialists and junior level security specialists.
- Provide appropriate training to other security specialists and external customers on developed policies standards, procedures, and guidelines.
- Implement necessary enhancements/updates/upgrades to existing security products.
- Serve as lead technical information security coordinator/project lead and as a contributor to cross functional teams for deployment and support of security specific projects and infrastructure to provide information security to the enterprise.
- Apply technology and processes to ensure the enterprise is protected and secured in the following areas:
- Identity and access management.
- Data protection (through the use of technologies such as whole disk encryption, end-to-end e-mail security, public and private key management, data leakage prevention, web application and source code security, database security, etc.)
- Network devices and infrastructure, desktop/mobile devices and remote access to the network,
- Information governance to ensure data is managed based on its sensitivity, information security policies, guidelines, and standards.
- Information governance through performing day-to-day maintenance and addressing issues and problems associated with security tools.
- Provide general support to the Information Security department in carrying out its’ assigned functions and responsibilities.
- Provide ad hoc off-hours support and problem resolution as directed by departmental requirements, service level agreements and internal support procedures.
- Provide assistance with audit issues and recommendations for remediation from an Information Security perspective.
- Interact with other IT Operations teams to develop tactical and strategic programs to address processes, controls, organization and infrastructure to manage information security related concerns and satisfy directives.
- Properly interpret business and technical requirements into security solutions and designs that are consistent with the current information security architecture.
- Implement and assist in enforcement of company security policies.
- Document results of system and application reviews including corrective action taken and security related documentation.
- Assist with reviews of current and new CareFirst systems and applications, including changes to existing applications/systems, to assure compliance with Information Security policies and standards.
- Apply creative thinking in problem solving and identifying opportunities for improvements in security.
- Provide Information Security related recommendations regarding CareFirst infrastructure components (communications network, physical security, data access, computer hardware/software and data confidentiality, integrity, and availability).
- Work with intra/interdepartmental technical and business personnel in a dynamic and varying environment.
- Collaborate with other Information Security specialists, designers, developers, and architects.
- Work with other technical teams in the organization such as IT Operations and IT Applications.
- Share ideas, discuss alternatives, and seek input.
- Maintain familiarity with state-of-the-art concepts, procedures, software, and techniques in Information Security in order to be able to effectively assess the needs for and further develop the CareFirst Information Security environment.
- Ability to identify and resolve complex issues and develop security solutions to meet CareFirst’s business and technology goals.
- Strong written documentation skills and technical writing are required.
- Excellent presentation and verbal communication skills.
- Ability to effectively lead/complete tasks with a minimal level of supervision.
- Strong computer skills, including knowledge of Microsoft Windows, e-mail systems (Microsoft Exchange)
- Possess broad understanding of the following systems/skill sets:
- System hardening concepts and techniques to support technical standards
- Network and remote access controls
- Unix, Linux, Web application servers
- Virtualization technologies
- Encryption technologies and key management
- Familiarity with access control methodologies (MAC, DAC, RBAC)
- Professional certification such as CISSP, CRISC, CISA, or CISM (lead level only).
- Proven ability to translate technical requirements to the business.
- Proficiency in the creation/modification, ratification, and socialization ofsecurity policies, technical standards, procedures, and guidelines.
- Proficiency with security controls for cloud environments (Azure and AWS).
- Proficiency with control implementation and monitoring in addition to information security metrics, dashboards, and reporting.
- Experience working with Information Security tools in a large, complex, multi-platform environment.
- Knowledge of Microsoft security and compliance tools/technologies such as Microsoft Information Protection, DLP and MCAS.
- Proficiency in DLP/DRM tools and methodologies in order to lead an enterprise-wide deployment.
- Proficiency in data classification/data governance methodologies and approaches to ensure data is managed based on its sensitivity, information security policies, guidelines, and standards.
- Project management skills to lead information security projects including project planning/reporting, requirements gathering, stakeholder engagement and tracking deliverables to completion.
- Experience in Audit responses and tracking from an Information Security standpoint to further mature control coverage and monitoring.
- Proficiency with the HIPAA Security Rule and compliance requirements.
Vacancy expired!