POSITION TITLE: IT Security Administrator

DEPARTMENT: Information Technology

REPORTS TO: Director of IT and Security

PURPOSE OF POSITION

Under the supervision of the Director of IT and Security, the IT Security Administrator, oversees network and application security and access for the Information Technology department.

The IT Security Administrator is a hands-on role that requires a high level of technical expertise. The person in this position is responsible for a broad range of tasks, including the day-to-day administration of cybersecurity tools and devices, as well as first-level and second-level support for security information and event management. This role also includes significant responsibilities for the security administration of a wide variety of IT systems across the enterprise

Responsibilities include recommending new and modifications to existing department and company policies and procedures concerning HIPAA, PCI, and Cyber Security compliance; conducting audits and monitoring adherence to security policies and procedures - escalating and addressing violations immediately; monitoring and ensuring department physical security measures are followed by internal and external entities; monitoring system back-ups; and organizing tests of the IT Business Continuity Plan to be prepared for catastrophic disasters within the computing environment.

ESSENTIAL DUTIES & RESPONSIBILITIES

• Maintains network security for user accounts and system access for email and file shares
• Maintains application user accounts and access to applications within all business systems
• Performs various security audits of the network to help ensure HIPAA, PCI and other Cyber Security related compliances
• Independently organizes and manages time to administer projects
• Resolves issues and communicates the root cause and resolution to Director of IT and Security, and corporate management
• Establishes, updates, and monitors IT and organizational level security policies and procedures
• Translates business requirements into specific system, application, or process designs
• Monitors department's physical access while ensuring adherence to established policies and procedures
• Helps establish and maintain the IT Business Continuity Plan (BCP) to ensure the restoration of data, network, and communications resources. Ensures timely updates are applied to the BCP components
• Provides project status reporting in both verbal and written format as required
• Provides timely problem resolution progress updates to end users and management until full resolution has occurred, escalates issues on a timely basis, follows IT problem escalation procedure
• Creates and provides necessary security training
• Performs research and documents/presents findings of products, software, or theories requested
• Continuously reviews work order system for assignments and user problems, makes assignments, responds on a timely basis, records status accordingly
• Utilizes the IT Security Request process for receiving and completing security access requests
• Ensures appropriate authorization is received and documented prior to providing access to corporate systems and information
• Ensures that company-approved methods and procedures are used for efficient and prompt handling of all change management. Participates in reviews of proposed changes, change control processes, change implementations, and post-implementation reviews
• Manages and participates in Cybersecurity, Information Security, Risk, Compliance and/or Data Privacy Programs or Projects
• Plays an active role in creation of Risk Assessments and Risk Mediation
• Works with departments, vendors, and agencies to meet regulatory and compliance criteria for the company
• Reports, as needed, on Risks, Compliance, and Disaster Recovery to the Director of IT and Security, as well as members of management

*These tasks do not meet the Americans With Disabilities Act definition of essential job functions and are usually less than 5% of time spent. However, these tasks still constitute important performance aspects of the job.

PERIODIC DUTIES

• Provide support to all the departments of WCI, and RiverStreet companies.
• Provide monthly and yearly reports.
• Work with other departments to provide service and support.
• Perform Business Impact Analysis
• Create/Maintain Business Continuity Plan (BCP), Disaster Recovery Plan, Incident Response Plan for the company
• Conduct Access Control Reviews
• Monitor Employee HIPAA and Cyber Security Training
• Perform NIST and HIPAA based risk assessments - NIST 800-53 rev 5 and remediate identified gaps
• Review CAPS/POAMS and vulnerability scanner findings and assist with remediation
• Review security exception requests and Privacy Threshold Analysis
• Participate in system reviews/audits while administering security policies, activities, and standards in accordance with Federal, State and Departmental regulations and policies
• After hours work may be assigned on occasion due to maintenance or installation to systems.
• Some overnight travel as deemed necessary by supervisor.
• Performs other duties as deemed necessary by supervisor.

EQUIPMENT OPERATED

• Computers, Servers, Printers and Network Switches
• Routers, Firewalls and Access Points
• Office Equipment, Telephones, Voicemail and Email
• Access Control Systems, Security Cameras

EDUCATION AND EXPERIENCE

Required

• Bachelor's Degree in Information Technology, IT Security, or related degree
• A minimum of 4 years of experience working with IT Security and Controls
• Advanced understanding of IT infrastructure, operating system platforms, and security-related concepts
• Good understanding of IT Security frameworks (e.g. NIST 800-53, NIST CSF, COBIT, ISO 27001)
• Must be intelligent, articulate, and influential to effectively translate and communicate written and verbal technical concepts

Preferred:

• Knowledge of IT operations, Information Security operations, Identify and Access controls, and Change Management controls across multiple platforms.
• Working knowledge of SOX, SSAE18, PCI, HIPAA frameworks of controls
• Understanding of Risk Management process, FAIR Cyber Risk model

PHYSICAL REQUIREMENTS

• Periods of sitting at a workstation
• Lifting - up to 50 lbs
• Pushing/Pulling - Moderate
• Carrying - Moderate
• Stooping, Reaching, Bending, and Climbing
• Must be able to read computer screens

AUTHORITY

• Employee acts upon direct instruction without continuous supervision.
• Work is structured to allow an employee to proceed with duties, working within company policies and practices.

WORKING CONDITIONS

• Work is in, but not limited to, a controlled office environment

REPORTING

• Time Reports are required every two weeks.
• This is a non-exempt position.
• Status reporting of projects, cybersecurity compliance, and cyber risks.

OTHER REQUIREMENTS

• Follow company policies and procedures
• Maintain safe and clean working environment
• Safety Practices must be understood and observed

The work described above includes the overall function of the job, but is not considered a detailed description of each individual duty of the employee.

This organization reserves the right to revise or change job duties as the need arises. This job description does not constitute a written or implied contract of employment.

Job Type: Full-time

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Health insurance
• Vision insurance

Experience level:

• 2 years

Shift:

• 8 hour shift

Weekly day range:

• Monday to Friday

Work setting:

• Office

Education:

• Bachelor's (Required)

Experience:

• IT Security and Controls: 4 years (Preferred)

Work Location: One location

dutch-tavern.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, dutch-tavern.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, dutch-tavern.com is the ideal place to find your next job.