Develop Security Governance Framework & Roadmap
- Lead creation of security policies and procedures based upon NIST standards
- Manage the risk posture of the operating environment through executing risk assessments and managing the risks via risk response plans
- Develop milestones for remediation of risks and manage risk mitigation through incorporating lessons learnt and alignment with internal controls
- Ensure that security program aligns with the corporate and regulatory governance objectives
Implement System Security Standards & Training
- Monitor and support the implementation of the information security strategy and related projects
- Determine baseline security configuration standards for operating systems, network segmentation, and identity/access management
- Develop standards for data protection safeguards, including encryption and tokenization
- Develop security rulesets for network devices, including firewalls
- Develop and facilitate delivery of end user awareness training and awareness program
Management of Information Risks
- Allocate security management responsibilities and accountability mechanisms to designated functions
- Conduct security assessments of internal systems against leading practices and industry standards
- Conduct vulnerability assessments of systems
- Document sensitive data flows and determine level of required security
- Facilitate investigation of security incidents and violations of Information Security Policies and Standards
- Document and communicate security breach response plan
- Review security and infrastructure events and logs for indicators of compromise or abnormalities
- Inventory and maintain proper documentation for all systems, infrastructure and applications for logging
- Advise for continuous improvement of enterprise security solutions
- Provide security advice for application and infrastructure projects and the development and selection of security safeguards
- Review and track changes in threat environment and incorporate reasonable controls into security strategy plans
- Evaluate contracts and statements of works to ensure adequate security protections are included pursuant to the risks relating to the services offered
- Conduct security assessments of third-parties and managed services providers
B.S. Degree in Computer Science or related field or equivalent work experience in the information security field
Security certifications such as CISSP, GIAC, Security+
3-5 years’ experience in a security support role
- Strong in-depth technical knowledge in information security frameworks, leading practices and industry standards, and information security safeguards w/emphasis on anti-virus, DLP, NAC or MDM.
- Ability to drive design and implementation of information security capabilities and in integrating those practices with operations
- Ability to work in fast paced environment being self-motivated.
- Discipline to follow established methodology while seeking ways to improve processes.
- Strong effective phone and email communication skills.
To apply for this job please visit www.mgpingredients.com.