Responsible for providing direction for security operations for the global security IS Infrastructure department.
-Develops and implements strategic and tactical plans to facilitate and coordinate the delivery of services and support for Security, Compliance and Privacy for the IT department including the following:
-J-SOX compliance audit support and remediation
-PCI compliance insurance and possible audit support and remediation
-Web security solution (i.e. proxy)
-Internet security, including Intrusion Detection, Firewall solution
-Application security including SAP security
-Regular Security policies and procedures review
-Review IT contracts
-Antivirus, antimalware/spyware solution
-Scanning IT infrastructure
-Internal auditing
-Provide reports on software and firmware revision levels, works with IT teams to schedule upgrades
-Creates and maintains Security, compliance and privacy documentation
-Ensures compliance with regulatory requirements related to J-SOX, PCI and internal audit findings
-Develops policies, procedures, and activities to support security, compliance and privacy
-Oversees Requests for Information (RFI) and Requests for Proposal (RFP) processes related to I.T. Security
Works with the Finance and Legal departments to negotiate vendor contract Terms and Conditions (T&C’s); Service Level Agreement (SLA), and payment structure
-Manages and directs the staff in planning, development, maintenance, and the adherence to best practices and compliance
Requirements:
-Bachelor’s degree in Computer Science or a related discipline preferred; Information security designation (CISSP, CISM or equivalent)
-10+ years’ experience in information technology with at least five years’ experience designing and managing system security
-Must have a working knowledge and strong understanding of security best practices for the following technologies: Windows Active Directory, network routing and switching, firewalls, IDS/IPS, cloud computing and cloud-based services, MDM, server and desktop virtualization, Internet-facing applications, and VoIP systems