FT/Perm Position - Information Technology and Security Risk Manager – Denver, CO
While reporting to the CIO – the person in this role is responsible for designing/planning and implementation of security policies/procedures, standards, etc. as well as supporting technical systems establishing our client’s Information Technology systems and data. The person filling this role will be responsible for Risk Management, Business Continuity and IT Compliance company-wide as well as the identification, reporting and monitoring of the company’s technological risks.
RESPONSIBILITIES/DUTIES:
· Remains current on information security trends, information security product offerings, information protection laws and regulations. Understands how these elements impact the business and make recommendations for incorporating them into the existing information security infrastructure as appropriate based on risk and cost to the business.
· Establish and lead an Information Security team comprised of key individuals from the IT organization and business groups, designed to identify key security strategies that meet the needs of the business, comply with regulatory and best practices and that leverage available technology.
· Monitors compliance with the organization's information security policies and procedures among all employees, contractors, alliances, and other third parties, and refers problems requiring remediation to appropriate department managers or administrators.
· Exercises awareness in regard to possible suspicious activity, money laundering or fraudulent behavior and reports any such incidents to the BSA Department and/or Internal Audit Director as appropriate.
· Serves as a liaison to the business units for technical and administrative security direction and recommendations consistent with the Information Security Program, contractual, and compliance requirements
· Serves as a consultant, team member, or individual contributor of information technology business projects. Provides technical information security leadership to projects and compliance initiatives, or as required for remediation efforts.
· Acts as an internal consultant to all areas of the organization, providing expertise and advice on the security components of information systems and emerging information technologies.
· Validates the process of granting rights to all users and groups on corporate systems. Ensures that monitoring systems are in place to detect security violations.
· Reviews, documents and evaluates system and application level internal controls in a wide range of computer environments and software packages.
· Performs job functions in compliance with all company policies and federal/state rules and regulations as applicable to the position.
· Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained.
· Performs information security risk assessments and serves as the internal auditor for information security processes.
· Assists with research and recommendations of new or upgraded network security related applications and reports.
· Oversees the network analysis and intrusion detection tools to proactively maintain the network security posture.
· Performs semi-annually enterprise security scans to audit security posture of enterprise network infrastructure.
· Initiates, facilitates and promotes activities to foster information security awareness within the organization.
· Provides direct information security training to all employees, contractors, alliances, and other third parties.
· Monitors changes in legislation and accreditation standards that affect information security and privacy.
· Ensures preparation and maintenance of the organization's disaster recovery and business continuity.
· Oversees the implementation and documentation of information security policies and procedures.
· Oversees the regular monitoring of system and application logs for security events.
· Performs risk exposure monitoring and reports all systems and applications.
· Primary responder to internal and external threats to systems security.
· Manages IT Compliance Programs to include GLBA, HIPPA and PCI.
· Creates and maintains Standard Operating Procedures (SOP).
· Assists in the completion of special projects.
· Aids in end user training.
· Other duties as assigned.
REQUIREMENTS:
· Knowledge of the full lifecycle of information security including policy and procedure implementation, risk management, remediation project management, security architecture and management of control implementation and operation initiatives.
· Minimum eight years working in the technology risk and security sector with at least four years in the financial services industry. Experience to include information security assessment, audit, security controls implementation, network design and integration.
· Demonstrated practical knowledge of relevant security standards (NIST, ISO, etc.) and ability to align them within the information risk management program.
· Ability to effectively identifies and understands an ever changing and complex risk environment, adapting control testing and governance as appropriate.
· Ability to prioritize work and handle multiple tasks, both long and short term, simultaneously in a fast paced, diverse and growth-oriented environment.
· Ability to effectively communicate verbally and in writing with personnel at all levels within the organization, as well as outside vendors/contacts.
· Ability to identify deficient processes/procedures and to develop and implement secure solutions.
· Ability to collaborate, be adaptable and flexible in approaching different audience requirements.
· Working knowledge of Sarbanes-Oxley, HIPPA, FFIEC, PCI-DSS and industry standards.
· Strong communication, presentation, client servicing and writing skills.
· Bachelor degree in Computer Science, Engineering or related field.
· Familiarity with IT Governance standards such as ITIL and CoBIT.
· Working knowledge of network topologies, protocols and systems.
· Experience with business continuity principles and practice.
· Ability to maintain a high level of confidentiality.
· Ability to work under tight deadlines.
· Ability to work flexible hours.
US CITIZENS AND/OR GREEN CARD HOLDERS ONLY CAN BE CONSIDERED FOR THIS POSITION. NO EXCEPTIONS AND NO THIRD PARTY AGENCIES.
Should you be interested in the above-listed position, please email a clean copy of your resume (Word format preferred) to jackie@sorcesolutions.com along with 3-5 available times for a telephone prescreening (30 minutes maximum). In order to ensure a response within 48 hours, please be sure to include the position title in the subject line of your response message.
Should you not be interested the above listed position but know of someone who may be - please feel free to forward this message and please let us know who referred you to ensure the referral program is paid as planned. For other positions, check out our website listings at www.sorcesolutions.com.
If you are looking for a new position and have not sent us an updated resume within the last 6 months - please do so. Having the most up to date information will allow us the opportunity to match you to new/approved positions as soon as they open!
Jacqueline M. Sorce
Owner/President - Sorce Solutions, Inc.
Follow us on Twitter @SorceSolutions
Check us out on Facebook at www.facebook.com/SorceSolutionsInc
Sign up for our mailing list and receive the latest job notifications at http://www.sorcesolutions.com/subscription.html
| Reply via web post | Reply to sender | Reply to group | Start a New Topic | Messages in this topic (1) |
