[mdlug] job in Midland
Dave Arbogast
mdlug3 at arb.net
Wed Jan 30 17:09:03 EST 2008
Anyone looking to work in Midland ? They asked me but I'm not moving.
-dave
Position: Information Security Specialist
Department: Data Services, Information Security
Reports to: VP Information Security, ISO
Position Overview:
Work with the ISO to research, design, develop, and implement information
security policies, plans, and other control techniques covering all
computing and telecommunications platforms. The individual in this position
is responsible for security monitoring, vulnerability analysis, and
assisting with security incident response and follow-up. Will perform risk
assessments to either confirm the adequacy of security controls or to
identify the improvements necessary to both ensure compliance with company
policies. Support Data Services in planning and implementing security
recovery actions. Effectively communicate to, and partner with appropriate
personnel to achieve security of company information systems.
Description:
. The Information Security Specialist will be responsible for ensuring
that security issues arising as part of the Banks day-to-day operations are
identified, reported to the ISO and technically resolved
. Monitors logs/reports from servers, mainframe, firewalls, intrusion
detection, network traffic, Email, Internet usage, access administration,
for unusual or suspicious activity/violations. Interprets activity,
recommends plans for resolution
. Promotes implementation of various security initiatives
. Monitors system compliance with corporate security standards
. Ensures that users understand and adhere to necessary procedures to
maintain security
. Assists and participates in technology based audits and risk
assessments
. Monitors industry trends and best practices relating to our products
and environment and recommends additional security products and tools, or
enhancements to existing tools to detect violations of network
security measures
. Monitors integrity and confidentiality of information residing in
corporate databases, workstations, servers, and other systems
. Assesses and communicates any and all security risks associated with
implementations to ISO
. Provide expertise and assistance performing Risk Assessments
. Researches better security standards and supports security policy
development
. Monitors public information sources for newly published security
vulnerabilities
. Performs audit review of security logs and user permissions through
system generated and manual reports
. Documents processes and procedures related to tasks performed
. Other duties as required
Requirements:
. Undergraduate degree or equivalent
. Strong grasp of information security concepts and methodologies, as
well as a practical understanding of security principles such as
authentication, authorization, access control, forensics, and protection
strategies
. 3 plus years of prior information technology experience with a
concentration of that experience in a technical and/or security related
capacity, or experience with business functions, systems, or in a
technical audit capacity
. Solid understanding of information security related risk,
regulatory, audit, and compliance requirements
. Policy development and implementation
. Experience with infrastructure monitoring/auditing tools such as
Bindview or Stealthbits
. Experience with Internet and Email monitoring tools such as Burstek
a plus
. Experience with LophtCrack or like tools
. Familiarity with Internet protocols, services, and languages
(TCP/IP, Telnet, FTP, HTML), MS-Windows (Win-NT, Win 2003, Win XP),
MS-Office, Citrix, SQL, Exchange 2003, AS400
. Excellent analytical and problem-solving skills
. Demonstrated ability to work well as a team and independently and,
exercise initiative to accomplish assigned responsibilities and
anticipate/solve problems with minimal supervision
. Strong oral and written communication skills including the ability
to interact and communicate with all levels of personnel in a professional
and tactful manner
. Prioritization, attention to detail, time management, and commitment
to quality and solution oriented service are required
. Must be able to pass a background check
. CISSP or other security certifications are a plus. Experience with
vulnerability assessment tools such as Qualys, is a plus
More information about the mdlug
mailing list