Easter Seals Jobs

Summary :

IT Security and Risk Manager works in the Information Technology Department and is primarily responsible for working with IT, business units, users, and vendors to ensure the confidentiality, integrity, and availability of data, systems, information, and associated assets according to the GLBA, FFIEC Handbook, and industry accepted information security and data standards.

Principal Accountabilities :

• Perform risk assessments and impact analyses to identify vulnerable areas within the company’s security program. The risk assessment process includes identifying threats and risks, identifying technical, logical, and operational controls that are in place to mitigate the threats, and analyzing and reporting the observations found during the risk assessment process. Managing risks that were identified through Risk Assessments with detail action plans and agreed upon timelines for mitigation.

• Will identify information security monitoring standards and define the correlating rules required from Security Information and Event Management (SIEM) solution. Responsibility could also include the writing and managing of the SIEM solution.

• Coordinate all security reviews and tests including, but not limited to, firewall rule review, social engineering tests, penetration tests, and vulnerability assessments. Conduct regular compliance reviews and assessments outlined above.

• Manage the Information Security related tasks associated with the enterprise vendor management program. This includes coordinating the vendor due diligence, the vendor oversight, perform vendor security reviews, and managing vendor contracts.

• Will assist in defining security controls and security baselines for systems being implemented. Need to understand NIST control frameworks.

• Inform and train staff members, both inside and outside the IT department, on their responsibilities concerning IT security as it relates to Company systems.

• Assess need for security reconfigurations (minor or significant) and either execute them or coordinate the execution of them.

• Assist in internal audit or external audits as necessary. This may include responding to audit requests, preparing audit documentation, or acting as liaison between IT and the audit entity.

• Participate in the IT budget and expense management process. This may include the preparing of cost analyses for IT purchases, investigating IT expenses, identifying possible cost saving opportunities, and assist in all or part of the IT budgeting process.

• Develop and maintain comprehensive security policies, procedures, and guidelines as necessary.

• Remain informed on trends and issues in the security industry, including current and emerging technologies. Keep team managers apprised of findings.

• Be highly knowledgeable of the Organization’s overall security policies, and recommend changes and enhancement.

• Monitor and interpret regulatory changes and keep current with emerging security standards, alerts and issues. (FFIEC Security Handbook, ISO, etc).

• Other duties as assigned.

• Regular attendance is required, working at the worksite during regular business hours and/or assigned hours.

Education/Experience:

• Education – Minimum of 4 years of experience related specifically to IT Security. A B.S. degree in a Computer-related field is also preferred.

• Certifications – Requires any of following security entry-level certifications: Security+, Network+ and/or GIAC Security Essentials.

• CCNA, MCSE, CEH, CISSP, or CISA, is preferred.

• CBCP (Certified Business Continuity Professional), CTPRP (Certified Third-party Risk Professional) or CRVPM (Certified Regulatory Vendor Program Manager) would be beneficial.

• Training - Continuing professional education will be provided to maintain a certification in good standing.

• Specialized training will be provided as needed. Training will be dependent on infrastructure and business strategies.

Personal Attributes:

• Must have ability to work independently and be able to manage multiple projects simultaneously.

• Excellent analytical, mathematical, and creative problem-solving skills.

• Excellent written and oral communications skills; communicate in terms to both technical and business associates.

• Possess leadership skills and be self-motivated and self-directed.

• Must be able to interact with DFC personnel at all levels and across all business units in a professional manner.

• Must be able to interact with third party DFC relationships in a professional manner to build long-term relationships.

Physical Requirements:

The work environment is typical of a standard office setting. The position is sedentary, exerting 0 – 10 lbs. of force occasionally and/or a negligible amount of force frequently. It involves sitting most of the time but may also involve walking or standing for brief periods of time. Reaching may be required involving extending arms in any direction. Office equipment, such as a computer and telephone will be used requiring the use of hands and fingers to manipulate a keyboard or keypad. Visual ability to read a computer screen or written documents is necessary. Speaking ability to express or exchange ideas; impart oral information to customers or to the public; or convey detailed or important spoken instructions by means of the spoken word is required. Hearing is necessary to receive detailed information through oral communication.

Equal Opportunity Employer/Disabled/Veterans

Academy Bank and Armed Forces Bank provides equal employment [and affirmative action] opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability. If you need an accommodation for any part of the employment process, please e-mail humanresources@dfckc.com.