---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Security Director
Location: Baltimore, Maryland, US
Type: Permanent F/T
Closing Date: 06/30/2005
This position directs, coordinates, plans, and organizes information technology
security activities. He or she acts as the focal point for all communications
related to information technology security, both with internal staff and third
parties. The Manager works with a wide variety of people from different
internal organizational units, bringing them together to manifest controls that
reflect workable compromise as well as proactive responses to current and
future information technology security risks.
Job Description:
·Develops and implements the controls needed to protect proprietary
information.
·Responsible for all information technology security regardless of the
form the information takes, the information-handling technology employed or the
people involved.
·Responsible for all security measures required to guard against threats
to information and information systems, but not limited to, information
unavailability, information corruption, unauthorized information destruction,
unauthorized information modification, unauthorized information usage and
unauthorized information disclosure. These threats to information and
information systems include consideration of physical security matters only if
a certain level of physical security is necessary to achieve a certain level of
information security.
·Acts as the primary point of contact for communications dealing with
information technology security problems, issues and concerns.
·Participates in annual budget development process.
·Establishes and maintains strong working relationships with the groups
involved with information security matters (Legal, Internal Audit, Physical
Security, etc.)
·Coordinates all multi-application or multi-system information security
improvement projects.
·Develops action plans, schedules, budgets, status reports, and other
top management communications intended to improve the status of information
security.
·Performs and/or oversees the performance of periodic risk assessments
that identify current and future security vulnerabilities, determines what
level of risk is acceptable to management, and identifies the best ways to
reduce information security risks to acceptable level.
·Coordinates and directs the development, management approval,
implementation, and promulgation of objectives, goals, policies, standards,
guidelines, and other requirements needed to support information technology
security as well as within business networks (i.e., extranets).
·Creates a strategic information security plan with a vision for the
future of information technology security that addresses management’s
fiduciary and legal responsibilities, customer expectations for secure modern
business practices and the competitive requirements of the marketplace.
·Coordinates internal staff in their efforts to determine technology
security obligations according to external requirements (i.e., contractual,
regulatory, legal, ethical, etc.)
·Prepares security and risk updates monthly to the CIO and quarterly to
the Technology Security Oversight Committee.
·Manages internal activities pertaining to the investigation,
correction, prosecution, and disciplinary action needed for the resolution of
information security breaches, violations, and incidents (whether actual or
alleged), including post-mortem analyses.
·Directs the preparation of information systems contingency plans and
managers worker groups (e.g., CERTs) that respond to information
security-relevant events (e.g., hacker intrusions, virus infections, denial of
service attacks, etc.).
·Manages through indirect authority and matrixed organization structures
·Manages business expectations and issue resolution.
·Maintains currency, accuracy, and relevance of information to which you
have access or for which you are responsible. This includes reporting known
errors or inconsistencies in the information.
·Diligently complies with and consistently enforces Information Security
and Confidentiality policies and procedures.
·Reports all violations or suspected violations of information security
policies to one’s manager, the IT Information Security Staff, Human
Resources or anonymously to the company through the whistle blower web site.
·Has input to decisions regarding hiring, firing, advancement, promotion
or any other change of status of direct and indirect reports.
·Creates and communicates performance reviews, goals and objectives as
well as training plans identifying skills gaps and closing them.
·Performs all other duties as assigned.
JOB REQUIREMENTS
---------------------------------------------------
·Bachelor’s degree or relevant experience required (concentration
in business or technology preferred)
·Masters degree preferred
·Minimum five years in Information Technology with 3 to 5 years in a
senior security role.
·Minimum three years of management experience.
·Completion or pursuit of computer Information Security Systems
Professional (CISSP).
·MCSE desirable.
·CCNA desirable.
·Experience with Active Directory and NT Domain administration.
·Broad knowledge of security products and utilities.
·Experience with implementing Checkpoint Firewall.
·Experience developing system and network Disaster Recovery plans.
·Ability to express complex technical concepts effectively, both
verbally and in writing
·Strong negotiation, facilitation and influencing skills
CONTACT
---------------------------------------------------
Derek Haseltine
Technical Recruiter
PPS Information Systems Staffing
DHaseltine@ppsinfo.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
