Individual contributor providing the highest level of leadership in directing, evaluating, developing, implementing, communicating, operating, monitoring and maintaining information security technologies, security policies and procedures. Provides state-of-the-art technical expertise and support to in-house developers to apply appropriate information security procedures and products pertaining to Data Loss Prevention.
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
- Provides technical expertise and support to clients, IT management and staff in risk assessments and the implementation and operation of appropriate information security procedures and products in general, and Data Loss Prevention in specific.
- Designs, evaluates, tests and implements appropriate security methods and control techniques such as DLP, firewalls, intrusion detection software, data encryption, data backup and recovery.
- Maintains an awareness of existing and proposed security standard setting groups, State and Federal legislation and regulations pertaining to information security and data privacy.
- Identifies regulatory changes that will affect information security policy, standards and procedures and recommends appropriate changes.
- Acts as an expert technical resource to client and development management and staff in all phases of the development and implementation process.
- Develops and implements security standards, procedures and guidelines for multiple platforms and diverse systems environments (e.g., firm-wide, distributed, client server systems, and e-applications).
- Identifies emergent vulnerabilities and evaluates associated risks and threats.
- Develops communications and related campaigns for information security awareness among all staff.
- Reviews the development, testing and implementation of security plans, products and control techniques.
- Investigates and recommends appropriate corrective actions for information security incidents.
May perform additional duties as assigned.
Typically Director or above
Skills, Knowledge & Abilities
1. Excellent understanding of security policy construction and publication.
2. Excellent knowledge of regulations (i.e., SOX, privacy, etc.) and internal controls as they apply to IT.
3. Ability to influence change in corporate understanding and adoption of information security concepts.
4. Advanced analytical and problem solving skills.
5. Excellent communications and interpersonal skills and the ability to work effectively with peers, IT management and staff, and internal/external business partners/clients.
6. Ability to manage various technical projects to completion.
7. Advanced computer skills including Microsoft Office suite and other business related software systems. Other technologies will apply dependent on business area supported.
8. Preferred insurance industry knowledge.
Education & Experience
1. Bachelor's degree in Computer Science, or related discipline, or equivalent work experience.
2. Typically a minimum of eight years of technical experience in the security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination.