---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Information Assurance Analyst
Location: Mississauga, Ontario, CA
Type: Permanent F/T
Closing Date: 02/18/2005
INTERMEDIATE INFORMATION SECURITY SPECIALIST
Region: Central
Location: Corporate Office, Mississauga
Position Title: Intermediate Information Security Specialist
Purpose:
· Liaise with vendor and client staff on information security
controls
· Liaise with Technology Services Application Development and
Support Teams
· Perform information security compliance assessment on all
platforms and systems
· Implement and maintain information security solutions in
accordance with security standards and practices
· Perform ongoing compliance monitoring and assessment of network
environment
· Provide second and third level support for information security
solutions
Main Responsibilities:
· Provide information security-related consulting services to all
areas of the company.
· Work with Technology Services application development and
support teams to ensure compliance with security in application and systems
design, testing and implementation
· Test and evaluate security solutions, including hardware and
software components
· Complete formal information security reviews for critical
systems components and document findings and requirement
· Ensure that all solutions are implemented in accordance with
security standards
· Monitor for security vulnerabilities within information assets,
information processing systems and networking environment.
· Utilize available monitoring and reporting tools to ensure
complaince with established security standards
· Ensure regular review of audit logs and systems access lists
· Verify implementation of relevent security fixes related to
industry security alerts
· Escalate as required to senior information security team members
· Perform periodic inspections and testing of platforms for
potential intrusion and data compromise risks.
· Verify conformance with established policies, standards and
architectures
· Assist with investigations of information security incidents
and, as required, co-ordinate with other parties e.g. Corporate Security,
Audit, Human Resources
· Assit internal and external auditors with completion of their
financial and technology reviews, e.g. Section 5900s
· Develop and maintain DRP/BCP documentation, support and testing
capabilities for information security.
· Develop information security plans for technology and business
recovery support
· Review testing plans and results and implement improvements
· Ensure that information security DRP/BCP readiness is always
current and up-to-date
· Assist with installation and maintenance of hardware and
software security solutions within the information security architecture and
strategy.
· Co-ordintate, test and document standards, practices and
guidelines
· Prepare and present training to users
· Coordinate information security implementation for major
application rollouts.
· Conduct information gathering across all regions
· Work with clients and vendors to identify their security
requirements
· Develop information security support processes
· Incorporate client information security requirements
· Ensure that security administration and monitoring are
performed to established standards and, where applicable, to client standards
· Develop and maintain security administration standards and
practices across all computing and network platforms
· Oversee and support regional and technology staff with security
administration roles
· Liaise with client security staff to establish service deliver
requirements
· Direct administration over critical access points, e.g. remote
access (VPN, dial-up), encryption key management system (Crypto Hardware, PKI)
and key network access device points (firewalls)
· Develop and present information security awareness programs
· Provide second and third level support for information security
products and services.
· Support information security problems through to resolution
· Escalate issues that can not be resolved within acceptable time
frame
· Provide direction and guidance to other security specialists in
the design and implementation of security hardware and software solutions.
JOB REQUIREMENTS
---------------------------------------------------
Requirements - Experience:
· Good understanding of computing and networking platforms such
as IBM mainframes, Unix (AIX, Solaris), LAN servers and workstations (NT/2000,
OS/2, Novell, Win9x), Cisco routers, Oracle and DB/2 DBMS’s.
· Understanding of security and audit related standards and
guidelines, e.g. ISO17799, GASSP, Section 5900.
· Sound knowledge of standards Network Security tools, methods
and practices
· Extensive knowledge of the security environment across multiple
platforms (system, application, database and resource access validation methods
logging, monitoring and reporting facilities), both native system solutions
and add-on products.
· Good understanding of standard information security concepts
around risks and vulnerabilities (product weaknesses, process deficiencies,
denial of service attacks, viruses, etc.) and appropriate countermeasures.
· Excellent understanding of information security principles and
methods related to confidentiality, integrity, authentication, non-repudiation,
privacy and administration.
· In-depth knowledge of standard tools, solutions and utilities
for security administration (e.g. RACF, ACF2, Aelita, Norton Anti-virus,
Intrusion Detection Systems, Cisco PIX, VPN, MS Active Directory)
Requirements - Qualifications:
· University education in Computer Science or Engineering.
· Completion or progressing towards recognized certification in
information security or audit (CISSP, CISA, SSCP or equivalent designation).
· At least three years of information security and/or IT Auditing
experience.
· Good knowledge of security threats and demonstrated ability to
stay abreast of new developments and available solutions.
· Familiarity with security monitoring, reporting and auditing
tools across main computing and networking platforms.
· Good communication skills, including presentation of technical
issues in non-technical terms.
· Good analytical and organizational skills.
· Excellent problem solving and troubleshooting skills.
· Team player, self-motivated, able to work independently with
minimal supervision.
· Strong negotiation and relationship building skills.
CONTACT
---------------------------------------------------
To apply for this position please go to the following link:
http://www.symcor.com/careers.aspx?id=106
or submit Cover Letter and Resume to:
Sebanti Chadha
Human Resources -IT Recruiter
Symcor Inc.
schadha@symcor.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
