Job Overview

Assist in performing procedures and provides technical solutions that serve to provide appropriate access to and protect systems from unauthorized users.

Essential Functions

• Carry out procedures to ensure that all systems, products and services meet organization security standards.
• Research information security trends to understand the latest vulnerabilities and threats.
• Conduct risk and vulnerability assessments of information systems to identity vulnerabilities, risk, and protection needs.
• Assist with providing artifacts to Governance Risk & Compliance in relation to internal & external audits.
• Work with business units to achieve security objectives and identifies, reports, and resolves security risks and violations.
• Mentor non-security teams regarding risk management, information security controls, incident analysis, incident response, monitoring, and other operational tasks (tools, techniques, procedures) in support of technologies managed by the Office of Information Security (OIS).
• Assist with the formation of information security strategies for the protection of sensitive data.
• Involved in the full security systems life cycle which includes, designing, coding, testing, implementing, maintaining, and supporting software, quality assurance, testing and deployment.
• Develop technical documentation (designs, specifications, processes, workflows) and communications.
• Advocate and provide information security consultation on UC projects initiative within the business and development of systems.
• Assist with and manages cyber investigations through forensic fact gathering with a focus on e-discovery.
• Analyze high volumes of logs, network data, and other attack artifacts in support of incident investigations.
• Develop and present information security training and awareness programs.
• Serve as seasoned and proficient professional.
• Perform related duties based on departmental need. This job description can be changed at any time.

Required Education

• Bachelor's Degree in Computer Science, Information Technology, Computer Engineering, or related field.
• Four (4) years of relevant work experience and/or other specialized training can be used in lieu of education requirement.

Required Experience

Possess a thorough understanding of all aspects of computer and network security, including such areas as firewall administration, encryption technologies and network protocols and contributes through experience, collaboration and problem resolution.

Additional Qualifications Considered

• Possess at least one of the following certifications: CISSP, CISA, CISM, CRISC, CGEIT, GSEC, CCSP, CCSK.
• Two or more years of experience in Enterprise or Security risk or IT audit with management experience and the ability to independently identify and assess IT risk, severity, communicate risk results, and influence others.
• Experience in policy and procedure development, vendor risk management, penetration testing, security awareness training, and security metrics and reporting.
• Working knowledge and understanding of security and audit frameworks by NIST, CIS and ISACA (i.e., NIST Cybersecurity Framework, CIS Critical Security Controls, COBIT 5 Ensure Systems Security).
• Working knowledge of technology processes (i.e., change management, vulnerability management, data loss prevention), SDLC, network infrastructure (firewalls, proxies) and technology systems (i.e., Azure, Okta, Active Directory, Windows, SQL).
• Excellent interpersonal skills, both verbal and written, necessary to interact effectively with various stakeholders, management, and external contacts.
• Ability to work independently, motivated, owns initiatives and goals, and manages time effectively to meet deadlines.
• Must be able to manage people and multiple workloads simultaneously from start to completion.
• Extensive working experience with Microsoft Office, especially Word, Excel and PowerPoint.
• Experience in facilitating meetings with technology and business stakeholders.

Physical Requirements/Work Environment