Title: Information Systems Security Officer

Nouria Energy is looking for an experienced Information Systems Security Officer to develop and maintain a strong enterprise security stance through the implementation of effective security policy, architecture and training. This is not a remote opportunity.

Description

The Information Systems Security Officer will be responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks. This includes the selection and implementation of appropriate security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines, and procedures, as well as conducting vulnerability audits and assessments throughout the enterprise to ensure the secure operation of all computer systems, servers, and networks.

Responsibilities- Remote work not an option

• Participate in the planning, design and maintenance of the enterprise's security architecture design.
• Develop, implement, maintain, and oversee the enforcement of policies, procedures, and plans to secure Nouria's computing network.
• Participate in defining and implementing Nouria's Business Continuity and IT Disaster Recovery and Incident Response Plans.
• Oversee the enterprise's security awareness training program. Perform regular security awareness assessments and training for all employees.
• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
• Recommend, schedule, and perform security improvements, upgrades, and/or purchases of security solutions or enhancements to existing security solutions to improve overall enterprise security.
• Interact and negotiate with vendors, outsourcers, and contractors to obtain protection services and products.
• Perform the deployment, integration, and configuration of all new security solutions and of any enhancements to existing security solutions in accordance with best operating procedures.
• Ensure the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, and other systems and in databases and other data repositories.
• Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices).
• Maintain operational configurations of all in-place security solutions as per the established baselines.
• Monitor all in-place security solutions for efficient and appropriate operations. Assess needs for any security reconfigurations (minor or significant) and execute them when required.
• Review logs and reports of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices). Interpret the implications of that activity and devise plans for appropriate resolution.
• Deploy, manage, and maintain all security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
• Design and execute vulnerability assessments, penetration tests, and security audits to identify system vulnerabilities in our current network.
• Monitoring network usage to ensure compliance with security policies. Design, implement, and report on security system and end user activity audits.
• Educate colleagues about security software and best practices for information security. Ensure enterprise-wide understanding of security goals and solicit feedback to foster co-operation.
• Monitor server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interpret activity and make recommendations for resolution.
• Recommend, schedule (where appropriate), and apply fixes, security patches, disaster recovery procedures, and any other measures required in the event of a security breach.

Download and test new security software and/or technologies.

• Work with Systems Engineer to maintain system backups and disaster response.

Respond to security threats.

Position Requirements

• Bachelor's degree in Computer Information Systems, Management Information Systems, Cybersecurity or Computer Science and a minimum of 6 years work experience developing and maintaining enterprise security systems.
• One or more of the following certifications or equivalent:GIAC Security Essentials Certification, GIAC Security Leadership Certification, ISACA CISM Certified Information Security Manager, Microsoft Certified Systems Engineer: Security, SCCP, CISSP, ISSAP, CRISC

• Extensive experience in enterprise security architecture design and implementation.
• Proven experience in developing and implementing written security policies.
• Experience designing and delivering employee security awareness training.
• Experience developing Business Continuity Plans and Disaster Recovery Plans.
• Experience conducting and assessing internal penetration tests.
• Experience evaluating, implementing, and effectively leveraging SIEM tools.
• Broad hands-on knowledge of networking hardware, firewalls, intrusion detection systems, DLP, anti-virus software, data encryption and other industry-standard techniques and practices.
• Working technical knowledge ofEnterprise Networking Hardware

Enterprise Endpoint Detection and Response Tools
Zero Trust solutions
Security Information and Events Management Tools
Wi-Fi security concepts
Microsoft 365 security concepts
Microsoft Windows Server and Desktop OS
Azure and Active Directory security concepts
Remote access technologies
MDM tools

• Strong understanding of IP, TCP/IP, and other network administration protocols with the ability to analyze network packet captures.
• Experience with security hardening guides & tools.
• Strong knowledge of various information security and risk control frameworks, especially PCI DSS.
• Knowledge of applicable practices and laws relating to data privacy and protection.
• Ability to conduct research into security issues and products and pursue appropriate learning opportunities.
• Proven problem solver with ability to provide in-depth analysis of complex problems, manage risk and provide timely and accurate decisions.
• Ability to balance multiple priorities to effectively prioritize and execute tasks in a high-pressure environment
• Highly self-motivated and directed. Requiring minimal daily supervision.
• Able to work in a team-oriented, collaborative environment.
• Strong planning and strategic management skills
• Strong organizational skills with attention to detail.
• Effective verbal, written and interpersonal communication skills.
• Ability to educate a non-technical audience about various security measures in business-friendly and user-friendly language.

Job Type: Full-time

Pay: $140,000.00 - $150,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Employee assistance program
• Flexible schedule
• Flexible spending account
• Health insurance
• Life insurance
• Paid time off
• Parental leave
• Referral program
• Tuition reimbursement
• Vision insurance

Schedule:

• 8 hour shift
• Monday to Friday

Supplemental pay types:

• Bonus pay

Ability to commute/relocate:

• Worcester, MA 01606: Reliably commute or planning to relocate before starting work (Required)

Experience:

• Information security: 6 years (Required)

License/Certification:

• CISSP (Required)
• Certified Information Systems Auditor (Preferred)

Work Location: One location

dutch-tavern.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, dutch-tavern.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, dutch-tavern.com is the ideal place to find your next job.