---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Security System Administrator
Location: New York CIty, New York, United States
Type: Permanent F/T
Closing Date: 2008-05-10
Our client has a challenging opportunity for a Windows Information Security
Officer that will assume responsibility within Information Technology. This
position will perform a set of Information Security and risk responsibilities
to evaluate, author, monitor & report on several workstreams within the firm
alongside the Policy, Risk and Technical Security personnel. The incumbent will
mainly be responsible for assessing security vs. standards with regional and
global Windows teams to maintain a secure environment. Ensure Windows server,
O/S and application standard builds are implemented correctly. The incumbent
will coordinate and provide necessary information for compliance, legal, HR,
regulatory, IT or other business related investigations. This may include, but
is not limited to, e-mail, internet, intranet and IM searches, theft,
intellectual property, privacy, document searches and usage of company network
and resources.
· Assess risks, threats and vulnerabilities associated within
the architecture design, application, O/S and complex network infrastructure.
· Work to ensure the local and global security policies and
standards are and remain applied to the Windows server infrastructure. As such,
the ISO will undertake internal penetration tests etc., using tools such as
NESSUS, NMAP and the Symantec Enterprise Security Management system. Therefore,
experience in this arena or comparable enterprise level security tools is a
requirement.
· Provide Risk Analysis of the technical aspects of IT
applications and infrastructure to ensure adequate levels of security are
deployed. Work to identify any potential vulnerability both within an
application, impact on other applications and the infrastructure. Recommend
suitable countermeasures to mitigate such vulnerabilities.
· Ensure changes to boundary devices such as firewalls, are
configured and executed in a secure fashion highlighting any possible risks.
Work with Global IT Operations to ensure these changes are completed in line
with policy.
· Perform security testing and vulnerability analysis of new and
existing systems, working with the responsible teams to ensure vulnerabilities
are mitigated. This can include certification of servers before they move to
the production environment.
· Evaluate the impact on security of proposed new technologies
or changes to the Bank’s architecture and document configuration and
deployment standards and guidelines.
· Review Share and Directory permissions on WINTEL servers,
potentially reviewing and analysing group and individual permissions.
· Review reports generated by the security tools in place (ESM,
Nessus, etc.) and identify issues that require further investigation or warrant
other action.
· Manage information security projects in accordance with
established policies, guidelines and procedures.
· Identify security requirements, monitor, track security access
rights and system controls.
· Evaluate security infrastructure with monitoring components
for anomalous patterns and unknown behaviours.
· Assist in security awareness, technical audits and coordinate
business contingency tests.
· Identify security solutions, tools and monitor security trends
in the Financial industry.
· Liaise with vendors and evaluate their products/services in
line with the Bank’s requirements contrasting them with competitor’s
offerings.
· Review, analyze, and closure of open audit findings.
· Report the results of all of the above to management
appropriately.
JOB REQUIREMENTS
---------------------------------------------------
· Bachelor’s degree in Information Systems or related field
· Strong knowledge of Windows operating system with proven
skills and experience in Microsoft Information Security issues
· Technical Windows certifications
· Firewall configuration and monitoring experience (perform
firewall audits and rule reviews)
· Experience performing security audits and risk assessments in
IT
· CISSP preferred; GIAC and CCNE welcomed
· Prior experience with Symantec ESM and ITA
· Financial Services industry experience preferred
· Familiar with Compliance, Regulatory requirements and
Information Security standards
· Demonstrate four years of information security experience;
preferably within Investment Banking
· UNIX/LINUX exposure is desirable
· Demonstrate capability to assess, understand, communicate,
document and resolve information security issues
· Demonstrate aptitude for critical thinking and creative
solutions
CONTACT
---------------------------------------------------
ProStar Partners, Inc.
Leon Rofer
Managing Partner
leon@prostarpartners.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
