[Owasp-orlando] Job Recruitment

Tony Turner tony.turner at owasp.org
Tue Feb 12 20:01:50 UTC 2013


My employer (Darden) has asked that I communicate this current opening to
my security contacts in the area. I don't have an issue with this type of
communication on the list but would ask that this be limited to openings
with your employers. Recruiters are not welcome to spam the list with job
postings. Let's keep this to a strong SNR. The position below also brings
with it a 5% bonus paid in August. if you are interested please email me
offlist.


  *Title *

Security Compliance Analyst, IT

*Job Function *

IT

*Job Description *

The IT Security Compliance Analyst works in support of IT Security
compliance requirements and company risk tolerance. He/she ensures that
adequate and effective security processes and controls are followed and
aligned to deliver compliance with security policy and regulatory
requirements. The IT Security Compliance Analyst serves as a key point of
contact and technical expert supporting the security compliance program,
establishing appropriate assessments, managing and tracking risk mitigation
and remediation activities, and communicating compliance program results to
Senior Management. The IT Security Compliance Analyst works across the
enterprise with individuals multiple organizational units, bringing them
together to manifest controls that reflect workable compromises as well as
proactive responses to issues. Additionally, the IT Security Compliance
Analyst supports the development and implementation of a company-wide
security awareness and education program.

ROLES AND RESPONSIBILITIES:
-Acts as a central point of contact and technical expert for IT security
compliance processes, collaborating across the enterprise with multiple
business partners
-Performs the performance of periodic risk assessments that identify
current and future internal and external information security
vulnerabilities, provides necessary information to derive decisions about
risk acceptance and risk mitigation, and identifies strategies to reduce
information security risks
-Coordinates and directs the development, management approval,
implementation, and communication of objectives, goals, policies,
standards, guidelines, and other requirement statements needed to support
information security compliance across the enterprise
-Communicates across the enterprise by developing and disseminating action
plans, schedules, status reports and other communications related to
information security, including communications intended to track and
improve the status of information security issues (e.g., security
vulnerabilities, risk-mitigating initiatives, policy compliance status,
regulatory compliance status)
-Supports the Darden security compliance program, ensuring the
identification, tracking, prioritization, and remediation of all external
compliance requirements; also supports Internal Audit activities and
remediation requirements
-Ensures adequate and effective IT controls exist to meet current and
future security compliance requirements found in local, state, and federal
laws and regulations (e.g., SSAE 16 SOC I & II, Payment Card Industry
Security Standards, HIPAA)
-Supports and updates a centralized repository of security controls aligned
with corporate and regulatory requirements
-Coordinates selected tests of information security measures, including
targeted penetration attacks and other configurable and administrative
controls reviews
-Designs and engineers internal information handling processes so that
information is appropriately protected from a wide variety of problems
including unauthorized disclosure, unauthorized use, inappropriate
modification, premature deletion, and unavailability
-Serves as an active member incident response teams and participates in
security incident response efforts by having an in-depth knowledge of
common security exploits, vulnerabilities and countermeasures; acts as a
technical consultant on information security incident investigations and
forensic technical analyses
-Acts as a liaison and decisions-maker regarding the work of information
security consultants, contractors, temporaries, and outsourcing firms
-Supports the communication and actions supporting the Data Privacy Task
Force
-Act as member of the Darden CERT Team (Computer Emergency Response Team)
-Manages special projects related to information security that may be
needed to appropriately respond to ad-hoc or unexpected information
security compliance events
-Coordinates the information security compliance efforts of all internal
and outsourced functions that have one or more information security-related
responsibilities, to ensure that organization-wide information security
compliance efforts are consistent
-Understands the fundamental business activities performed by company, and
based on this understanding, suggests appropriate information security
solutions that adequately protect these activities
-Assists with the implementation of company-wide security awareness and
education programs that are aligned with security policy, standards,
regulatory requirements, and industry practices
-Work with other departments and vendors to oversee Darden Data Security
requirements are incorporated into the rollout of new systems

REQUIRED TECHNICAL SKILLS:
-Minimum of 3+ years of experience in an IT role focusing on information
security.
-Previous experience in handling and resolving incidents of IT security
breaches

REQUIRED EDUCATION:
Bachelor's degree in Computer Science, Electrical Engineering, Information
Technology, or a relevant field

OTHER KEY QUALIFICATIONS:
-Ability to develop, draft, and communicate policies and procedures related
to information security
-Ability to develop and facilitate training related to information security
-Ability to establish and maintain strong working relationships with
business partners across the enterprise
-Excellent relationship-building skills and cultural awareness, along with
the ability to work effectively in a matrixed environment
-Capable of delivering results through a position of influence
-Ability to maintain industry relationships and look to all sources
available to develop the best technology strategies
-Ability to multi-task in a fast-paced environment



-- 
Tony Turner
OWASP Orlando Chapter Founder/Co-Leader
tony.turner at owasp.org
https://www.owasp.org/index.php/Orlando
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-orlando/attachments/20130212/17980b8d/attachment.html>


More information about the Owasp-orlando mailing list