The Information Security Officer performs several core functions for the enterprise. The first is overseeing the operations of the enterprise’s security solutions through management of the organization’s security analysts. The second is establishing an enterprise security stance through policy, architecture and training processes. The third is developing and perform on going testing of the company’s Disaster Recovery and Business Continuity plans. The fourth is developing and maintaining the company’s PCI compliance plan to ensure full PCI compliance. Secondary tasks will include the selection of appropriate security solutions, and oversight of any vulnerability audits and assessments. The Information Security Officer is expected to interface with peers in the Applications, Systems and Network departments as well as with the leaders of the business units to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and co-operation
· In depth understanding of the components present with and enterprise network (Firewall/Switch/Load Balancer/IPS).
· Knowledge of modern server hardware.
· Knowledge of IBM AS/400.
· Broad expertise in Information Security.
· Experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists.
· Experience working with internet, web, application and network security techniques.
· Experience working with Windows operating system security.
· Experience working with leading firewall, network scanning and intrusion detection products and authentication technologies.
· Extensive experience in enterprise security architecture design.
· Extensive experience in enterprise security document creation.
· Experience in designing and delivering employee security awareness training.
· Experience in developing Business Continuity Plans and Disaster Recovery Plans.
· Experience with PCI DSS a must.
· Certifications such as CISSP, CBCP, GPEN, GSNA preferred.
· Knowledge of CIS Benchmarks and NIST standards a preferred.
· Knowledge of ISO 27000