a. Design, analyze, and manage multiple security and/or access control models in a planned, conscious manner following defined security lifecycle. Measure and report on effectiveness of security controls to Enterprise Information Security EIS leadership, as well as to team members, IT leadership and IT staff. Work with leaders and business owners for recertification of access.
b. Serve as a senior representative of the security control structure ensure key methodologies and concepts are applied and documentation is in place to satisfy corporate, department, and internal and external auditor review.
c. Interpret information security policies, standards, and other requirements as they relate to a specific internal information system, and assist with the implementation of these and other information security requirements. Build policies within the access tracking system.
d. Design and manage security infrastructure including servers, storage array networks SAN, virtual environments, domain services, databases and applications. Provide timely updates, ensure optimal tuning performance, and ensure backups are regularly performed. Ensure routine maintenance on systems, databases, and security applications.
e. Secure EMail System Work with the EMail teams to ensure identified sensitive email is passed encrypted. Ensure secure e mail is highly available and works with multiple external customers, brokers and providers to create new direct connections TLS. Work with technical teams to ensure customer authentication is seamless.
f. Resolve complex security issues such as bypassed controls, disrupting security measures and technology changes provides a continual balance of applied security safeguards and business usability. Build security roles based on and specific criteria and business functions.
g. Offer high tier technical information security consulting services to distributed personnel who are responsible for one or more information security systems these people include Network Administrators, Systems Administrators, Database Administrators and Application Developers.
h. Evaluate information system bug reports, security exploit reports, laws and regulations, and other information security notices issued by information system vendors, government agencies, universities, professional associations, and other organizations, and as needed, makes recommendations to internal management and technical staff to take precautionary steps.
i. Serve as an active member of the Security Emergency Response Team SERT and participate in security incident response efforts. Respond to security incidents, and advise on risk remediation plans provide security reports to Enterprise Information Security management team. Act as a business consultant on information security incident investigations and forensic technical analysis.
j. Design and engineer internal information handling processes so that information is appropriately protected from a wide variety of problems including unauthorized disclosure, unauthorized use, inappropriate modification, premature deletion, and unavailability. Oversee privileged access permissions and ensure access is authorized appropriately. Manage red flags to appropriately alert in case of Segregation of Duty or violation of a dangerous combination of access.
k. Maintain uptodate detailed knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors. Research and recommend new emerging technologies, techniques and tools that will add value to the organization.
l. Ensure documentation in place to satisfy corporate, department, and internal and external auditor review.
m. Other duties as assigned.