29 days ago
MUST HAVE: Data Loss Prevention OR DLP experience
- Execute security governance and compliance leadership through the design and implementation of security policies, procedures, guidelines, and standards to maintain the confidentiality, integrity and availability of information systems and data.
- Represent Information Security from Security Governance and Compliance perspective.
- Design, implement, and integrate security solutions to address enterprise risks and exposures.
- Develop and maintain Information Security Metrics supported by KPIs and KRIs.
- Provide appropriate training to other security specialists and external customers on developed policies standards, procedures, and guidelines.
- Implement necessary enhancements/updates/upgrades to existing security products.
- Serve as lead technical information security coordinator/project lead and as a contributor to cross functional teams for deployment and support of security specific projects and infrastructure to provide information security to the enterprise.
Serve as a key resource for the DLP program to implement solutions to protect Client data at rest, data in use and data in motion.
- Produce detailed technical design, test plans, and implementation plans.
- Identify key risks to success and help to mitigate those risks or related issues.
- Creates all project planning documentation and follows all Client Defined processes.
- Develops and ensures appropriate product-related training and documentation are developed and made available to customers.
- Provide general support to the Information Security department in carrying out its assigned functions and responsibilities.
- Provide assistance with audit issues and recommendations for remediation from an Information Security perspective.
- Interact with other IT Operations teams to develop tactical and strategic programs to address processes, controls, organization, and infrastructure to manage information security related concerns and satisfy directives.
- Apply creative thinking in problem solving and identifying opportunities for improvements in security.
- Provide Information Security related recommendations regarding CLIENT infrastructure components (communications network, physical security, data access, computer hardware/software and data confidentiality, integrity, and availability).
- Properly interpret business and technical requirements into security solutions and designs that are consistent with the current information security architecture.
Apply technology and processes to ensure the enterprise is protected and secured in the following areas:
- Data protection (through the use of technologies such as whole disk encryption, end-to-end e-mail security, public and private key management, DLP, web application and source code security, database
- Network devices and infrastructure, desktop/mobile devices and remote access to the network,
- Information governance to ensure data is managed based on its sensitivity, information security policies, guidelines, and standards.
- Information governance through performing day-to-day maintenance and addressing issues and problems associated with security tools.
- and satisfy directives.
Work with intra/interdepartmental technical and business personnel in a dynamic and varying environment.
- Collaborate with other Information Security specialists, designers, developers, and architects.
- Share ideas, discuss alternatives, and seek input.
- Maintain familiarity with state-of-the-art concepts, procedures, software, and techniques in Information Security in order to be able to effectively assess the needs for and further develop the Client Information Security environment.
Required: College Degree in an Information Security or Technology related field or equivalent experience plus 7+ years related work experience. The incumbent will possess a high level of expertise in information security concepts, information security policies and system architecture concepts and have experience in process definition, workflow design, and process mapping. In depth understanding in multiple areas of Information Security such as networking (TCP/IP, OSI model, network protocols), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, switches, routers, IPSEC, IDS/IPS, etc.), voice technologies, authentication technologies, wireless architectures, encryption key management, and mobile device technologies. Also, must have knowledge of vulnerability assessments, privacy assessments, incident response, security policy creation, enterprise security strategies, and governance.
- MS/ Azure
- Data Classification
- Information and Digital Rights Management (DRM)
- Data Loss Prevention (DLP)
- Information Governance Security Controls
- Industry Recognized Security Certifications
- Professional certification such as CISSP, CRISC, CISA, or CISM (lead level only).
- Proven ability to translate technical requirements to the business.
- Proficiency in the creation/modification, ratification, and socialization of security policies, technical standards, procedures, and guidelines.
- Proficiency with security controls for cloud environments (Azure and AWS).
- Proficiency with control implementation and monitoring in addition to information security metrics, dashboards, and reporting.
- Experience working with Information Security tools in a large, complex, multi-platform environment.
- Knowledge of MS security and compliance tools/technologies such as MS Information Protection, DLP and MDCA.
- Proficiency in DLP/DRM tools and methodologies in order to lead an enterprise-wide deployment.
- Proficiency in data classification/data governance methodologies and approaches to ensure data is managed based on its sensitivity, information security policies, guidelines, and standards.
- Project management skills to lead information security projects including project planning/reporting, requirements gathering, stakeholder engagement and tracking deliverables to completion.
- Experience in Audit responses and tracking from an Information Security standpoint to further mature control coverage and monitoring.
- Proficiency with the HIPAA Security Rule and compliance requirements.
Digital Intelligence Systems, LLC (DISYS) is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.