Information Systems Security Manager (ISSM) @ Syntech

Syntech is seeking an Information System Security Manager (ISSM) who will be responsible for Syntech’s overall Cybersecurity posture.

ESSENTIAL FUNCTIONS:

  • Serves as the principal advisor to information system owners and process owners.
  • Analyze the Enterprise and implement a mature governance, risk, and compliance (GRC) program within the organization.
  • Maintains knowledge of organization’s enterprise information technology (IT) goals and objectives.
  • Oversees and approves Syntech’s Information Security Program, ensuring an appropriate level of protection.
  • Identifies protection goals, objectives, and metrics consistent with Syntech’s strategic plan.
  • Ensures appropriate procedures are in place for Information Resources; monitors, evaluates, and reports to Senior Management.
  • Assists with compliance reviews and other reporting requirements.
  • Monitors and evaluates status of Syntech’s PCI DSS posture by performing annual compliance reviews of PCI DSS Information Security Policy and system controls:
    • Review of security plans, risk assessments, security testing processes; Coordination of PCI security audit tasks, and coordination with PCI Accredited Security Auditors, and others as required.
  • Provides security related guidance and technical assistance to all operating units.
  • Responsible for Incident Response, Monitoring and analyzing security alerts, information distribution to information system and business management.
  • Keeps security staff and management updated on all security related issues.
  • Maintains liaison efforts with external organizations on security related issues.
  • Identifies resource requirements needed to manage the Information Security Program.
  • Performs reviews ensuring personnel are following security policies and operational procedures:
    • Firewall rule-set reviews;
    • Apply configuration standards to new systems;
    • Respond to security alerts; and
    • Change management processes;
  • Maintains documentation of quarterly review process to include:
    • Documenting results of the reviews; and
    • Review and sign-off of results by personnel assigned responsibility for the PCI DSS compliance program.

REQUIREMENTS:

  • BS in Management Information Systems, Information Technology, Computer Science or other related discipline; will consider relevant years’ experience in lieu of degree.
  • 3 years’ experience in Information Security type role.
  • Experience with NIST, PCI DSS, SOC 2 compliance frameworks.
  • Solid experience creating policies that reflect system security objectives.
  • Thorough understanding and working knowledge of the following:
    • Disaster Recovery;
    • Intrusion detection methodologies and techniques for detecting host and network-based intrusions;
    • Controls related to the use, processing, storage, and transmission of data;
    • Encryption algorithms;
    • Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth);
    • Measures or indicators of system performance and availability;
    • Applicable laws, statutes, and/or administrative/criminal legal guidelines and procedures;
    • Laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures;
    • Network traffic analysis methods;
    • Network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools;
    • Server and client operating systems;
    • Information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures;
    • New and emerging information technology (IT) and cybersecurity technologies;
    • Current and emerging threats/threat vectors;
    • Vulnerability information dissemination sources;
    • Network attack and its relationship to both threats and vulnerabilities;
    • Penetration testing principles, tools, and techniques.

Interested? Apply here.