POSITION SUMMARY

The IT Security Administrator works closely with the IT Infrastructure and Operations, Application, IT Management as well as Enterprise Security Office to ensure that all systems are built, maintained and protected in accordance with industry best practice standards. They will assist with developing and implementing the desired end state of the Information Security and Risk Management programs. The IT Security Administrator has the responsibility to maintain information systems security access to prevent unauthorized access to, modification, and/or disclosure of information. The Information Security Administrator will provide information security technical operations, as well as assist in audit and other administrative control areas.

ESSENTIAL FUNCTIONS

Reasonable Accommodations Statement

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable Accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.

Essential Functions

• Responsible for development and technical implementation of IT security programs, including incident management and response plans.
• Assist in the review, development, and documentation of IT security policies, processes, and practices.
• Responsible for implementation and development of technical controls for regulatory compliance programs such as Sarbanes-Oxley, PCI DSS, CMMC and others
• Works with IT Teams to grow and implement organizational on premise and cloud security standards.
• Assist in the design, implementation, and support of a diverse security infrastructure including Cloud, firewalls, IDS/IPS, endpoint security, vulnerability scanners, SIEM, and DLP
• Deploys and integrates system monitoring and detections for malicious activity for on premise and cloud environments with existing SIEM solution.
• Perform vulnerability scans, analyze results, document findings, and track corrective actions or remediation strategy for on premise and cloud-based systems and applications.
• Perform security audits, threat hunting, incident response exercises and other activities to improve security posture.
• Identify security incidents, provide supporting information to the appropriate Teams, and provide guidance through containment and remediation.
• Conduct activities to raise corporate awareness of cyber security policies, activities, and threat.
• Performs security reviews of on premise and cloud-based network and account configuration deployments to identify security gaps or vulnerabilities and recommend and prioritize remediation actions.
• Participates in on premise and cloud architecture reviews and management, as well as provides guidance on security best practices and recommendations.
• Research and recommend emerging security technologies and tools to address current and future threats
• Perform other duties not specified on this job description, as assigned.

POSITION QUALIFICATIONS

Competency Statement(s)

• Execution Discipline - Ability to make and meet commitments critical to the organization’s success, including routine administrative tasks.
• Personal leadership - Demonstrate personal leadership in all aspects of work, lead by example, and demonstrate strong personal accountability and ownership. Staying focused on the end game - and managing all dials to get to the desired outcomes.
• Business and Process Leadership - Understanding of business processes: a keen understanding of the sales process and associated metrics and measurement. A keen understanding of key telco processes (sales/service, ordering/service delivery, billing, customer support) and the ability to map processes and understand inter-linkages to each other and to the systems that support the processes.
• Project Coordination Skills - Must process strong organization, planning, analytical and problem solving skills.
• Accountability - Ability to plan, organize, measure and coordinate multiple tasks to deliver against a capital and operating expense budget.
• Communication Skills Written & Oral - Must have excellent oral and written communications skills. Able to succinctly describe status of business.
• Customer Focus - Take overall accountability for customer relationships. Ability to communicate with customers effectively, on a proactive basis, and manage the communication process.

MINIMUM QUALIFICATIONS

Bachelor’s degree in Computer Science, Information Technology, or related field. Equivalent education, experience, and training may be substituted for the degree requirement on a year-for-year basis plus four (4) years of experience managing and implementing enterprise systems/networks. Two (2) years of direct experience in an Information Security role including incident response activities.

Additional Requirements

• One of the following industry security certifications is required:
  • Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or equivalent industry recognized Security Professional certification such as Global Information Assurance Certification (GIAC) required.
• Experience and knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
• Technical proficiency with security-related systems and applications, especially Cloud (AWS, Azure or GCP based technologies), Firewalls, IDS/IPS, Vulnerability Assessment tools, Endpoint solutions, Proxy servers, Security Incident and Event Management Systems, Data Loss Prevention, Active Directory, Identity and Access Management and Permissions Management desired.
• Experience in developing, documenting, and maintaining security policies and procedures.
• Ability to work well under minimal supervision.

Technical Skills:

• Proficient with the standard security tools such as
  • Nessus
  • Nikto
  • Nmap
  • MetaSploit
  • Nexpose
• In depth knowledge of Windows and Linux operating systems and internals
• Familiar with digital forensics tools and principles
• Proficient with firewalls such as Cisco, and Juniper
• Ability to produce clear, professional technical diagrams using Microsoft Visio, or equivalent
• Proficient with SIEM solutions, such as Rapid7
• Proficient with Intrusion Detection / Intrusion Prevention Systems (IDS/IPS)
• Proficient with file integrity monitoring tools
• Proficient with file Cloud security tools
• Proficient with Microsoft PKI and integrations with Network technologies

Computer/ Other Skills:

• Demonstrated proficiency working with the Microsoft Office suite, to include Word, Excel, PowerPoint, and Outlook.
• Strong Knowledge of Security Frameworks (ISO 27002, NIST 800-53, COBIT, HITRUST)
• Knowledge of security regulations and standards (HIPAA, HITECH, PCI, FISMA, CMMC, SOX etc.)

Other Requirements: The successful candidate will have excellent oral and written communications skills and experience in presenting technical issues to a wide variety of audiences. In addition, the candidate must possess broad technical knowledge of current and emerging technologies used both within the corporate infrastructure