Syntech is seeking an Information System Security Manager (ISSM) who will be responsible for Syntech’s overall Cybersecurity posture.
ESSENTIAL FUNCTIONS:
- Serves as the principal advisor to information system owners and process owners.
- Analyze the Enterprise and implement a mature governance, risk, and compliance (GRC) program within the organization.
- Maintains knowledge of organization’s enterprise information technology (IT) goals and objectives.
- Oversees and approves Syntech’s Information Security Program, ensuring an appropriate level of protection.
- Identifies protection goals, objectives, and metrics consistent with Syntech’s strategic plan.
- Ensures appropriate procedures are in place for Information Resources; monitors, evaluates, and reports to Senior Management.
- Assists with compliance reviews and other reporting requirements.
- Monitors and evaluates status of Syntech’s PCI DSS posture by performing annual compliance reviews of PCI DSS Information Security Policy and system controls:
- Review of security plans, risk assessments, security testing processes; Coordination of PCI security audit tasks, and coordination with PCI Accredited Security Auditors, and others as required.
- Provides security related guidance and technical assistance to all operating units.
- Responsible for Incident Response, Monitoring and analyzing security alerts, information distribution to information system and business management.
- Keeps security staff and management updated on all security related issues.
- Maintains liaison efforts with external organizations on security related issues.
- Identifies resource requirements needed to manage the Information Security Program.
- Performs reviews ensuring personnel are following security policies and operational procedures:
- Firewall rule-set reviews;
- Apply configuration standards to new systems;
- Respond to security alerts; and
- Change management processes;
- Maintains documentation of quarterly review process to include:
- Documenting results of the reviews; and
- Review and sign-off of results by personnel assigned responsibility for the PCI DSS compliance program.
REQUIREMENTS:
- BS in Management Information Systems, Information Technology, Computer Science or other related discipline; will consider relevant years’ experience in lieu of degree.
- 3 years’ experience in Information Security type role.
- Experience with NIST, PCI DSS, SOC 2 compliance frameworks.
- Solid experience creating policies that reflect system security objectives.
- Thorough understanding and working knowledge of the following:
- Disaster Recovery;
- Intrusion detection methodologies and techniques for detecting host and network-based intrusions;
- Controls related to the use, processing, storage, and transmission of data;
- Encryption algorithms;
- Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth);
- Measures or indicators of system performance and availability;
- Applicable laws, statutes, and/or administrative/criminal legal guidelines and procedures;
- Laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures;
- Network traffic analysis methods;
- Network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools;
- Server and client operating systems;
- Information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures;
- New and emerging information technology (IT) and cybersecurity technologies;
- Current and emerging threats/threat vectors;
- Vulnerability information dissemination sources;
- Network attack and its relationship to both threats and vulnerabilities;
- Penetration testing principles, tools, and techniques.
Interested? Apply here.