---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Compliance Officer
Location: London, , GB
Type: Permanent F/T
Closing Date: 03/24/2005
Job Description
The Information Security Compliance Officer (ISCO) is responsible for assessing
the Firm’s internal IT infrastructures, applications and services to
ensure that they are compliant with global Baseline Information Security
Standards.
In addition to reviewing the IT infrastructure components for compliance with
the Firm’s standards, the ISCO will be responsible for performing
compliance testing of mission-critical web applications in order to comply with
privacy acts and HIPAA regulations. The ISCO will also conduct compliance
reviews for legacy applications after they have been subjected to a detailed
security risk analysis.
The role necessitates an ability to communicate effectively and influence IT
leadership, staff and other stakeholders, firm-wide, to implement security
recommendations. The ISCO will also engage with the business on a range of
information security areas including security policies and standards, security
awareness and formal compliance audits.
This role requires the ability to establish and develop effective, trusting
relationships with internal customers, together with a proven knowledge of
methods to assess information security within a large organisation.
Responsibilities
Conducting security audits of the Firm’s IT infrastructure, applications
and services, with the territory (or territories), to evaluate compliance with
the
Firm’s IT security policies and standards.
Reporting findings in a clear, structured format and communicating the results
effectively to the relevant stakeholders.
Developing and maintaining good working relationships with relevant
stakeholders and promoting the IT Security Group to both business and IT
groups.
Providing support to the Regional CISOs for the provision of security
compliance assessments, both in the forward planning as well as post-assessment
knowledge harvesting.
Promoting and raising awareness about the IT Security group and its role and
objectives to business and IT leadership where appropriate.
Responding effectively and efficiently to enquiries regarding general
information security and information risk management issues where appropriate.
Acting as the IT Security Group focal point for all information security
queries for nominated groups of territories within the region.
Provide advice on the risk and security implications of technology projects
where appropriate within the context of any compliance undertaking, to ensure
that systems of whatever nature are implemented with appropriate approved
security controls consummate with the business risk.
Providing reports to Regional CISO and Global CISO as required.
Requirements
At least two years audit and compliance review experience in infrastructure
components including network, operating systems and physical security controls
as well as application reviews.
Strong technical background in the area of network security controls including
firewall and router security configuration controls, and at least two years
experience with operating system security for the any of the following
platforms: Mainframe, Windows NT/2000/2003, UNIX, Netware, Middleware and
Oracle/SQL databases.
Conversant with ISO 17799 information security standard.
Knowledge of any the following review tools : WebInspect, ISS, CyberCop,
Nessus, PhoneSweep, CIS Benchmark, Appdetective
Knowledge of application security packages within Oracle, SAP and/or PeopleSoft
is desirable.
Essential Certification:
CISSP qualified.
Additional, Desirable Certification:
CISA Certified Information Systems Auditor (ISACA).
CISM Certified Information Security Manager (ISACA).
CCNE Cisco Certified Network Engineer
The Individual
Excellent written communication skills to provide detailed reports to our
customers as well as verbally communication during meetings.
Strong analytical skills in order to resolve complex security vulnerability and
develop compensating controls.
Strong personal discipline and effective time management.
Excellent project management skills in order to manage multiple security
assessments and changing priorities, simultaneously.
Personal Circumstances
This role might entail 50% travel.
JOB REQUIREMENTS
---------------------------------------------------
CONTACT
---------------------------------------------------
Dan Hathaway
Mr
Tardis
dan.hathaway@tardis-group.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
