Job-Description-Templates.Com

 

 

Security Engineer - Information Technology Job Description

 

 

 

Job Summary:

The Security Engineer - Information Technology will be responsible for establishing and maintaining a corporate-wide information risk management program to ensure that information assets are adequately protected. He/She will act as an advisor to the enterprise's business units (Stores, Finance, HR, Legal, and Sourcing). For this reason, an up-to-date understanding of the latest security threats, trends, and technologies is critical. 

Job Description:

The Security Engineer - Information Technology will perform all or some of the following Job description:

  • Develop strategies and plans to achieve security requirements and address identified risks

  • Perform control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommend remedial action

  • Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the IT leadership with a realistic overview of risks and threats in the enterprise environment

  • Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department

  • Assist in the development of security architecture and security policies, principles and standards

  • Work with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments

  • Assist with the resolution of negative audit findings reported by internal or external auditors

  • Provide security communication, awareness and training for audiences, which may range from senior leaders to field staff

  • Manage production issues and incidents, and participate in problem and change management forums

  • Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation

  • Serve as an active and consistent participant in the information security governance process

  • Work with IT leadership and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program

  • Provide support and guidance for legal and regulatory compliance efforts, including audit support

  • Play an advisory role in application development or acquisition projects, to assess security requirements and controls and ensure that security controls are implemented as planned

  • Collaborate on critical IT projects to ensure that security issues are addressed throughout the project life cycle

  • Recommend and coordinate the implementation of technical controls to support and enforce defined security policies

  • Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools

  • Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements

  • Develop a strong working relationship with the corporate and brand infrastructure teams to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements

  • Develop and validate baseline security configurations for operating systems, applications, networking and telecommunications equipment

  • Coordinate, measure, and report on the technical aspects of security management

  • Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements

  • Manage and coordinate operational components of incident management, including detection, response and reporting

  • Maintain a knowledge base comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations

  • Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk

  • Manage security projects and provide expert guidance on security matters for other IT projects

  • Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements

  • Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks

  • Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans. 

Minimum Requirements / Knowledge / Skill For Security Engineer - Information Technology Job

  • In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls
  • Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans
  • In-depth knowledge of risk assessment methods and technologies
  • Proficient use of various tools and techniques, including risk, business impact, control and vulnerability assessments, used to identify business needs and determine control requirements
  • Excellent technical knowledge of mainstream operating systems (for example, Microsoft Windows and AIX UNIX) and a wide range of security technologies, such as network security appliances, identity and access management systems, anti-malware solutions, automated policy compliance and desktop security tools
  • Experience in developing, documenting and maintaining security policies, processes, procedures and standards
  • Knowledge of network infrastructure, including routers, switches, firewalls and associated network protocols and concepts
  • Experience in application technology security testing (white box, black box and code review)
  • Experience in system technology security testing (vulnerability scanning and penetration testing)
  • PCI, SOX, C-TPAT experience preferred
  • Strong analytical skills to analyze security requirements and relate them to appropriate security controls
  • Ability to interact with personnel at all levels and across all business units/organizations, and to understand business imperatives
  • Strong leadership abilities, with the capability to develop and guide IT team members and to work with only minimal supervision
  • Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff
  • Strong written and verbal communication skills
  • Strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience and build long-term relationship
  • Ability to prioritize work efforts; balancing operational tasks with longer-term strategic security efforts
  • Ability to work with external vendors to ensure that service levels and vendor obligations are met
  • Detailed knowledge of the retail industry a plus
  • Five years of IT or network security experience..

Minimum Education Requirements / Certification / Licensure For Security Engineer - Information Technology Job

  • Bachelor's degree in information systems, or equivalent work experience
  • CISSP Certification is preferred.  
     


 

 

Find More IT - Information Technology - Job Descriptions Here

               

               

               

 

 

Employers/Recruiters

Copyright © 2012 Job-Description-Templates.Com. All rights reserved. About Us | Contact Us | Job Description Templates

Job descriptions for people looking for job, employees, employers, hiring managers, and  recruiters.