Successful information security implementation and awareness are critical to business success. The Information Security and Compliance Administrator will be responsible for the review, implementation, and maintenance of the organization’s IT security Awareness and Compliance program, as well as provide dedicated support toward the implementation of a comprehensive information security program for Washington Corporations. They will ultimately reduce risk throughout the organization by ensuring IT Security processes are tested and employees know and understand Information Security’s policies, as well as behave with a security mindset.

This position’s area of responsibility will span administrative and technical areas of information technology. In addition, this position requires sound knowledge of compliance and training strategies and a strong working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. They will proactively work with various teams, operating companies, and ecosystem partners to implement practices that meet agreed-on policies and standards for information security. They should understand IT and must oversee a variety of security awareness and compliance activities related to IT to ensure the achievement of business outcomes. They will be responsible for assisting the IT Security Manager in the implementation and maintenance of the enterprise information security compliance and awareness program.

Duties and Responsibilities:

Plans for the Development of Effective Security Awareness Campaigns

Reviews and Iterates Security Awareness Campaigns

· Ensures security awareness trainings, communications, and marketing are engaging and influences changes in employees’ behavior

· Assesses effectiveness of each major campaign using a metrics framework and incorporates employee feedback

· Iterates and continuously improves upon existing awareness campaigns as appropriate

· Assist the Enterprise IT Security Manager in developing an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.

Operate the Function

· Monitors and audits systems and data logs to identify potential threats to the company’s networks and systems.

· Provide on-call response to remediate critical problems with networks, systems, security alerts and notifications.

· Documents changes to systems and networks that impact company security.

· Works with company data center, networking, desktop support, and engineering staff to recommend configuration and maintenance of network, systems, and information security equipment.

· Work effectively with operating companies to facilitate information security risk assessment and risk management processes and empower them to own and accept the level of risk they deem appropriate for their specific risk appetite.

· Work with the compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy.

· Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.

· Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem.

· Facilitate both the internal and externa audit and validations programs for IT security.

· Assesses risk and responds to incidents on company information systems, including data networks, telecom networks, web systems, data center systems, and other data management assets.

· Maintain up-to-date and detailed knowledge of the IT security industry.

· Consults and interfaces with network administrators, system administrators, desktop support staff, web developers, and non-ITS departments on security issues and requirements.

· Performs other duties as assigned

Requirements

· Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists

· Knowledge of common information security management frameworks such as CIS Controls, ITIL, NIST or other leading frameworks.

· An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood and actionable manner

· Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives

· An ability to effectively influence and convince others to make appropriate changes in their priorities and behaviors for the benefit of the organization

· An ability to coordinate activities on behalf of Information Security with HR, Risk Management, and Compliance functions

· Sound knowledge of information security risk management and cybersecurity technologies

· Up-to-date knowledge of methodologies and trends in IT

· Project management skills

· An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business

· An ability to communicate risks to employees outside Information Security in a way that consistently drives objective decisions about risk that optimize the trade-off between risk mitigation and business performance

· Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part

· Knowledge of monitoring and maintaining routers, switches, firewalls, and other networking devices.

· Knowledge of information security principles and practices to include, but not limited to, the following areas: Vulnerability Scanning; Security Information and Event Management; Host Based Security; Malware Prevention

· Knowledge of IPS/IDS, packet/traffic analysis and related tools

· High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity

· Poise and ability to act calmly and competently in high-pressure, high-stress situations

· Must be a critical thinker, with strong problem-solving skills

· Ability to influence entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital

· High degree of initiative, dependability, and ability to work with little supervision while being resilient to change

· Additional background investigations and reference checks may be conducted as part of hiring process

Education, Training and Previous Experience:

· Bachelor's degree in information technology, information security, or a related field and/or equivalent field experience.

· Minimum four (4) years combined IT-related work experience in the following key areas:

o Risk management

o Information Technology

o Information security

o Project management

· Demonstrable experience in technical training.

· Knowledge of Windows desktop systems.

· Functional knowledge of TCP/IP routing, DNS, DHCP, TCP and UDP, firewalls, routers, and network appliances.

We recognize the value of skills and knowledge gained outside of formal higher education and paid employment. Applicants who do not meet minimum qualifications but present other qualifications or experience equivalent to those required will be considered and are encouraged to apply. To qualify under equivalency, applicants must indicate how they qualify under equivalency by responding to the supplemental question presented during the application process.

Preferred:

· 2+ years managing a security awareness program.

· Experience with Information Security Systems including Next-Gen Firewalls, Content Management, Vulnerability Management, SIEMs, ACLs, IDS/IPS, PAM, and/or Email Filtering Products.

· Professional project management certification is desirable, such as Certified Associate in Project Management (CAPM), Project Management Professional (PMP) or other similar credentials.

· Professional Information Security certification is desirable, such as CompTIA Security+, GIAC Information Security Fundamentals (GISF), Systems Security Certified Practitioner (SSCP), or other similar credentials.

· Knowledge of CIS Controls and system hardening.

· Knowledge of CMMC

· Security Administration knowledge and education such as

o Performing risk assessments

o Designing and developing security policies and programs

o Educating others on security risks and mitigation strategies

o Basic graphic and web design skills

o Thorough understanding of PC hardware / software configuration

Job Type: Full-time

Pay: $75,000.00 - $90,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Employee assistance program
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Professional development assistance
• Retirement plan
• Vision insurance

Schedule:

• 8 hour shift
• Monday to Friday

Work Location: One location

dutch-tavern.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, dutch-tavern.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, dutch-tavern.com is the ideal place to find your next job.