Individual contributor provides a high level of leadership and expertise in the evaluation development implementation communication monitoring and maintenance of information technology security policies and procedures. Provides state-of-the-art technical expertise and support to in-house developers to apply appropriate information security procedures and products.
Essential Duties & Responsibilities
- Provides technical expertise and support to client IT management and staff in risk assessments implementation and operational aspects of appropriate information security procedures and products.
- Participates in the evaluation development and implementation of security standards procedures and guidelines for multiple platforms and diverse systems environments (e.g. firm-wide distributed client server systems and e-applications).
- Reviews the development testing and implementation of security plans products and control techniques. Also investigates and recommends appropriate corrective actions for information security incidents.
- Tests and implements appropriate security methods and control techniques such as firewalls data access rules tables intrusion detection software data encryption data backup and recovery.
- Performs access control and account administration of critical information resources.
- Acts as liaison to product groups and assists them in implementation of data privacy information security technologies and application security.
- Maintains an awareness of existing and proposed security standard setting groups state and federal legislation and regulations pertaining to information security.
- Identifies regulatory changes that will affect information security policy standards and procedures and recommends appropriate changes.
Typically Director or above
Skills Knowledge and Abilities
- Solid understanding of security policy construction and publication.
- In-depth knowledge of regulations (i.e. SOX privacy etc.) and internal controls as they apply to IT.
- Ability to influence change in corporate understanding and adoption of information security concepts.
- Proven solid analytical and problem solving skills.
- Excellent communications and interpersonal skills and the ability to work effectively with peers IT management and staff and internal/external business partners/clients.
- Ability to manage various technical projects to completion.
- Advanced computer skills including Microsoft Office suite and other business related software systems. Other technologies will apply dependent on business area supported.
- Preferred insurance industry knowledge.
Education and Experience
- Bachelor's degree in Computer Science or related discipline or equivalent work experience.
- Typically a minimum of seven years of technical experience in the security aspects of multiple platforms operating systems software communications and network protocols or an equivalent combination.