|Preferred GIAC Certifications||GCIH, GPEN, GWAPT or similar|
|Contact Name||Robin Karns|
The incumbent must stay abreast of emerging threats and hacker techniques to proactively ward off potential attacks. This person will assess and research current and future technologies, provide recommendations for improvement and ensure the implementation of technologies meet the business goals and secure architecture.
Please note that candidates need to be eligible to work in the U.S. without Grinnell Mutual sponsorship.
Job Duties and Responsibilities
-Promotes security awareness and continued support by enabling business processes to occur in a secure manner.
-Provides advanced architecture and engineering support to integrate security and compliance requirements into all enterprise information systems and projects as part of the SDLC process by working closely with various other company architects.
-Acts as a liaison for management and various IT departments on the delivery of security services within Grinnell Mutual.
-Creates and maintains standards surrounding documentation related to security processes, procedure and infrastructure.
-Assesses current applications and architecture to ensure current implementations align with industry guidelines, best practices and management approved standards.
-Develops plans for remediating any findings discovered in assessments and audits.
-Evaluates new products and technologies for security best practices and perform security threat and architecture reviews prior to purchase approval. Stays abreast of emerging issues and threats as well as technology to counter.
-Architects plans for implementing management’s directives in most secure manners with least disruption.
-Assists various IT departments with design, implementation and troubleshooting of security technologies.
-Performs web and network penetration tests to further ensure the implementation of technologies best matches management’s intent.
-Collaborates with peers in other areas of the company to continually improve upon security throughout the organization.
-Participates in the secure engineering process and works with enterprise security tools to manage the security risks posed to enterprise systems.
-Provides engineering support to integrate security and compliance requirements into all enterprise information systems and projects as part of the SDLC process by working closely with various IT areas.
-Performs all other duties as assigned.
Knowledge, Skills, and Abilities:
-Bachelor’s degree from an accredited college or university in Information Technology or Information Security, six years of dedicated information security experience, and seven years of information technology administration experience or equivalent combination of work and educational experiences. Advanced degree in relevant field of study such as Business Administration, Information Security, IT, or related field preferred.
-Intermediate to advanced knowledge of security technologies and concepts.
-Demonstrated experience installing and managing firewalls, web application firewalls, routers, switches and load balancers.
-Demonstrated experience with enterprise ready technologies at a global scale like Windows, Unix, Cisco, and Palo Alto.
-Advanced experience with big data, cloud, and major virtualization technologies.
-Experience with, and knowledge of, regulatory and industry frameworks and standards (i.e. 20 critical controls, CIS, PCI-DSS, ISO 27000, NIST 800, HIPPA, etc.).
-Proven knowledge of technologies (MCSE, MCSA, GCUX, GCWN, CCIE, CCNP, F5, etc.).
-Proven knowledge of security (CISSP, CISA, CISM, GPEN, GWAPT, GCIH, other GIAC certifications, OSCP, CEH, Check Point, PCNSE, etc.)
-Intermediate to advanced understanding of Web and network penetration tools and techniques.
-Demonstrated ability to analyze and solve problems. Must be able to measure risks and identify strategies based on a broad range of internal and external factors to make decisions resulting in the best business outcome.
-Possesses sound analytical and critical thinking skills. Security solutions may be complex in nature. Must have ability to think creatively and incorporate current technical solutions into outcome with end user in mind.
-Excellent verbal and written communication skills with the ability to formulate and communicate highly technical and complex security concepts to both technical and non-technical audiences in a clear and effective manner. Ensures understanding and builds relationships.
-Ability to work well independently or with teams.
-Proven ability to build, facilitate, and engage a community of contributors around Information Security.
-Proven ability to influence key stakeholders and decision makers.
-Guidewire experience preferred.
-Must demonstrate high level of confidentiality.
Responsibility & Decision Making Authority:
-Responsible for researching and incorporating technologies, policies and practices to maintain the security and integrity of Grinnell Mutual technologies.
-Must operate within budget.
-Responsibility can vary depending on security threat to organization.
Contacts (Internal, External)
-Occasionally works with representatives from all areas of the organization.
-Occasionally works with outside vendors and professional associations.
Working Conditions and Physical Efforts
-To perform this job successfully, an individual must be able to perform each job duty and responsibility satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform job duties and responsibilities.
-The position is physically located in the office with a work environment of a typical office setting; noise level is relatively quiet. The position requires an individual to sit for long periods of time, use repetitive motion, and possess visual acuity demanded by work with computer and other LCD screen devices.
This job description is not intended to describe, in detail, the multitude of tasks that may be assigned, but rather to give the employee a general sense of the responsibilities and expectations of his/her position. As the nature of the business demands change, so too may the job duties and responsibilities.