| Specialization: |
Information Technology |
| Qualifications: |
- BA or BS in Computer Science, Engineering or equivalent/related courses
- Working knowledge and experience with application security, including related components (i.e. web, database, and application layers)
- Working knowledge of information security, information assurance and quality assurance
- Experience in security risk assessments, audits, vulnerability scanning, problem evaluation and resolution
- Possess strong planning skills and excellent verbal and written communication skills
- Work effectively and collaboratively with other departments/divisions
- Ability to install, configure and utilize security tools to support monitoring and auditing of system/application vulnerabilities
- Ability to work under general direction and across other divisions/departments
- Ability and willingness to share knowledge formally and informally
- Ability to work independently
- Experience with intrusion detection and prevention
- Experience with one or more of the following: Linux, Windows Servers as well as SQL Server, MySQL, PL/SQL, stored procedures, database packages and web platforms such as Apache, IIS, Tomcat
- Must posses any of the following certifications:
- CISSP - Certified Information Systems Security Professional
- CISA - Certified Information Systems Auditor
- CEH - Certified Ethical Hacker
- CIA - Certified Internal Auditor
|
| Job Description: |
- Establishment of the organization's computer security and risk management program and its overall program goals, objectives, and priorities in order to support the mission of the organization
- Maintenance and approval of information security policies and procedures
- Conduct of periodic security assessments to ensure compliance to established security policies
- Daily review of server, router, firewall, anti-virus, and web filtering software logs
- Incident management including incident identification, recording, response and resolution. Incident management may include the conduct of forensic exercise, as needed
- Patch management including monitoring of latest available patch, testing and timely deployment
- Liaising with the IT organization, the office of the Chief Risk Officer, Internal Audit Department and End-user Departments to coordinate the planning and execution of security programs
- Conduct of security awareness training for all employees
- Functioning, and decide how this will affect the organization
|
