Act as a subject matter expert concerning complex information security technology, topics, and issues. Perform highly technical and complex, specialized duties in the areas of security management, risk management, incident management and/or vulnerability management. Identify and direct information security program and technology implementations to remediate or mitigate security issues.
Define, evaluate, justify and drive and information security controls and technology to ensure the protection of the organization's information assets. Use a strategic approach to define current and future capability requirements. Prioritize and drive execution to that roadmap. Update and communicate it regularly with CISO and other high-level stakeholders. Use extensive cyber-security background to review current security posture across all lines of business. Conduct security project meetings to identify gaps and recommend security enhancements to ensure security requirements are integrated and implemented Lead Architecture, Infrastructure and Technology teams to review existing capabilities and recommend security enhancements Update and validate information security policies, standards and procedures to ensure they support the goals of the Information Security Program Support detailed risk analysis and risk assessment to identify, mitigate and control risks to infrastructure, information systems and data Assist in third party evaluations to ensure that their technology environment appropriately protects shared data, that contracts have the appropriate security requirements, and that those requirements are met through regular audits and assessments Document and lead automation of security incident management practices to ensure all incidents are diagnosed, logged, escalated, and closed to its final resolution. Monitor and report changes in threat dispositions, activities, tactics, capabilities, objectives, etc. as related to designated cyber operations Provide current intelligence support to critical internal/external stakeholders as appropriate Lead Threat Analysis across VSP Global Enterprise (Insurance, Retail, Health Care Provider, SaaS software solutions and Manufacturing businesses) Identify and justify automation efforts to improve security posture without increasing cost Actively hunt threats using threat intelligence and knowledge of the environment Lead Information security technical incident response Monitor changes in threat landscape, identify trends for future threat analysis to ensure security controls are in place to meet threats when they arise in the VSP business environment Bachelor's Degree in Computer Science, Electrical Engineering, or related field or equivalent experience 12 years of hands-on technical information security experience in threat and vulnerability analysis, threat hunting, and/or security incident response Minimum 4 years IT experience with a focus on systems engineering. Private and Public Cloud security experience is highly preferred Technical Security certification like SANS GIAC-type certification(s) Advanced knowledge of security principles and technologies Strong verbal and written communications skills that can be applied to all levels of an organization from the CTO to a deskside technician Proven ability to communicate using slides, documents, and spreadsheets Ability to regularly exercise discretion and independent judgment in the performance of job duties Data analysis as it relates to security event logging and monitoring with the ability to demonstrate effectiveness hunting in a complex environment
VSP Global is an equal opportunity employer and gives consideration for employment to qualified applicants without regard to age, gender, race, color, religion, sex, national origin, gender identity, sexual orientation, disability or protected veteran status. We maintain a drug-free workplace and perform pre-employment substance abuse testing.