Johns Creek, GA (USA)
Posted 60 days ago
Qualification: Bachelor Degree in Computer Science - Information Systems - Engineering or related field or equivalent experience
The Information Security Officer will work closely with Systems, Networking, Software Development and other teams to ensure information security is at the forefront of the enterprise, while working closely with Compliance for activities relating to the availability, integrity and confidentiality of data and compliance with PCI, HIPAA, GDPR, NYDFS and SOC2.
Essential Duties and Responsibilities
- Develop a comprehensive enterprise information security and risk management program
- Manage team member performance; train and advocate for a team of security engineers
- Provide guidance to the organization on the appropriate information security services, mechanisms and technologies
- Monitor daily emerging security threats and news, assess company’s risk exposure to them, implement mitigating measures, and communicate this information to key stakeholders on a timely basis
- Participate in risk assessments to ensure compliance with PCI, HIPAA, GDPR, NYDFS, SOX, ISO 27001 and SOC 2
- Conduct regular reviews and provide exception/exposure reporting and remediation plans to leadership
- Develop security-related training programs, awareness campaigns, metrics and skills for the organization
- Implement enterprise wide security controls to ensure the confidentiality of data across multiple geographically separated data centers and endpoints
- Manage and mature security appliances and software including Data Loss Prevention (DLP) Anomalous detection appliances, intrusion detection systems, file integrity monitoring software, 24/7 managed SOC, advanced endpoint protection, vulnerability scanners, source code review, vendor security assessments and internal security
- Responding to security questioner, managing the security audits and on-site assessments and provide the roadmap to fix the gap.
- Extensive knowledge of security controls and technologies including SIEM, DLP, WAF, IPS and firewall
- Exposure to Antivirus products, malware detection and curing
- Develop, deliver and monitor the hardening standard for servers and environments. Review the hardening standard on periodic basis and update them to meet the security requirement.
- Leading the Corporate SIEM and WAF team and develop effective incident detection rules and the proactive monitoring
- Lead evaluations and implement new technologies related to information security
- Familiar on VTA, AppScan, OWASP standard, Penetration testing and guide the team to remediate the findings.
- Serve as senior information security leader in the organization
- Coordinates with operational groups and business units to identify and implement measures to prevent or detect security incidents or breaches.
- Ability to communicate and collaborate cross-functionally, with various levels above and below, internally and externally, and to technical and non-technical audiences
- Solid understanding with TCP/IP, Windows and Linux servers, along with an ability to implement and configure security applications and hardware
- Strong technology background on access control, IDS/IPS, vulnerabilities, WAF, DLP, email and protections
- Proven ability to lead and apply information security, risk management and privacy practices
- Demonstrated ability to manage in a way that results in highly-engaged teams
- Demonstrated understanding of PCI-DSS, SSAE-16, SOC reporting framework, HIPAA, GDPR, NYDFS regulations, along with various state, federal and other international requirements
- Proven abilities in incident management and response
- Ability to lead and manage technical security-related projects
- Bachelor Degree in Computer Science, Information Systems, Engineering or related field (or equivalent experience)
- Certifications such as CISSP, CISA, CISM, CRISC and/or GIAC nice-to-have