Information Systems Security Officer Worcester, MA

Worcester, MA

100,000 - 200,000

Job Description:

Information Systems Security Officer

Worcester, MA

Qualifications

Bachelor\'s degree in Computer Information Systems, Management Information Systems, Cybersecurity or Computer Science and a minimum of 6 years work experience developing and maintaining enterprise security systems

One or more of the following certifications or equivalent:

GIAC Security Essentials Certification, GIAC Security Leadership Certification, ISACA CISM Certified Information Security Manager, Microsoft Certified Systems Engineer: Security, SCCP, CISSP, ISSAP, CRISC

Extensive experience in enterprise security architecture design and implementation

Proven experience in developing and implementing written security policies

Experience designing and delivering employee security awareness training

Experience developing Business Continuity Plans and Disaster Recovery Plans

Experience conducting and assessing internal penetration tests

Experience evaluating, implementing, and effectively leveraging SIEM tools

Broad hands-on knowledge of networking hardware, firewalls, intrusion detection systems, DLP, anti-virus software, data encryption and other industry-standard techniques and practices

Working technical knowledge of

Enterprise Networking Hardware

Enterprise Endpoint Detection and Response Tools

Zero Trust solutions

Security Information and Events Management Tools

Wi-Fi security concepts

Microsoft 365 security concepts

Microsoft Windows Server and Desktop OS

Azure and Active Directory security concepts

Remote access technologies

MDM tools

Strong understanding of IP, TCP/IP, and other network administration protocols with the ability to analyze network packet captures

Experience with security hardening guides & tools

Strong knowledge of various information security and risk control frameworks, especially PCI DSS

Knowledge of applicable practices and laws relating to data privacy and protection

Ability to conduct research into security issues and products and pursue appropriate learning opportunities

Proven problem solver with ability to provide in-depth analysis of complex problems, manage risk and provide timely and accurate decisions

Ability to balance multiple priorities to effectively prioritise and execute tasks in a high-pressure environment

Highly self-motivated and directed

Requiring minimal daily supervision

Able to work in a team-oriented, collaborative environment

Strong planning and strategic management skills

Strong organisational skills with attention to detail

Effective verbal, written and interpersonal communication skills

Ability to educate a non-technical audience about various security measures in business-friendly and user-friendly language

Responsibilities

The Information Systems Security Officer will be responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks

This includes the selection and implementation of appropriate security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines, and procedures, as well as conducting vulnerability audits and assessments throughout the enterprise to ensure the secure operation of all computer systems, servers, and networks

Participate in the planning, design and maintenance of the enterprise\'s security architecture design

Develop, implement, maintain, and oversee the enforcement of policies, procedures, and plans to secure client's computing network

Participate in defining and implementing client's Business Continuity and IT Disaster Recovery and Incident Response Plans

Oversee the enterprise\'s security awareness training program

Perform regular security awareness assessments and training for all employees

Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors

Recommend, schedule, and perform security improvements, upgrades, and/or purchases of security solutions or enhancements to existing security solutions to improve overall enterprise security

Interact and negotiate with vendors, outsourcers, and contractors to obtain protection services and products

Perform the deployment, integration, and configuration of all new security solutions and of any enhancements to existing security solutions in accordance with best operating procedures

Ensure the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, and other systems and in databases and other data repositories

Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices)

Maintain operational configurations of all in-place security solutions as per the established baselines

Monitor all in-place security solutions for efficient and appropriate operations

Assess needs for any security reconfigurations (minor or significant) and execute them when required

Interpret the implications of that activity and devise plans for appropriate resolution

Deploy, manage, and maintain all security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software

Design and execute vulnerability assessments, penetration tests, and security audits to identify system vulnerabilities in our current network

Monitoring network usage to ensure compliance with security policies

Design, implement, and report on security system and end user activity audits

Educate colleagues about security software and best practices for information security

Ensure enterprise-wide understanding of security goals and solicit feedback to foster co-operation

Monitor server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity

Interpret activity and make recommendations for resolution

Recommend, schedule (where appropriate), and apply fixes, security patches, disaster recovery procedures, and any other measures required in the event of a security breach

Download and test new security software and/or technologies

Work with Systems Engineer to maintain system backups and disaster response

Respond to security threats


Share Profile