Title:  IT Security Specialist (Analyst Admin)

Our History:
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nation-wide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies, to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record

Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project based work.

Description

The Security Specialist is responsible for planning, implementing and maintaining the information security program. The information security program is designed to ensure the confidentiality, integrity, and availability of the information technology environment.

The Security Specialist’s role performs two core functions for the enterprise. The first is the day-to-day operations of the in-place security solutions while the second is the identification, investigation and resolution of security breaches detected by those systems. Secondary tasks may include involvement in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines and procedures as well as conducting vulnerability audits and assessments. The IT Security Analyst is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals.

The position requires the ability to be proactive and work with cross-functional teams to achieve information security objectives. The incumbent must provide outstanding service to various stakeholder groups throughout the Company.

Responsibilities:

Core Areas of Focus

• Protects systems by defining access privileges, control structures, and resources.
• Recognizes problems by identifying abnormalities; reporting violations.
• Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
• Maintains current IT Security maturity through project(s) progress and initiatives.
• Coordinate security reviews and maintain security awareness programs to ensure that there is an appropriate awareness of information security and safe computing practices across the enterprise.
• Determines security violations and inefficiencies by conducting periodic audits.
• Track or manage updates to systems that implement improvements or maintain security controls.
• Keeps management and users informed by preparing performance reports; communicating system status.
• Track network security mechanisms (e.g. firewalls, VPNs, security monitoring) and work with management, developers, network engineers, architects and system administrators to select and integrate security tools into new and existing systems.
• Maintains quality service by following organization standards.
• Maintains technical knowledge by attending educational workshops; reviewing publications.
• Conduct research on current and emerging technologies, as well as security exploitation techniques.
• Perform vulnerability analysis, monitoring, intrusion detection/incident response, secure application and host design, security assessments and security consulting.

Policy Administration and Management

• Assist in development, implementation and administration of information security standards, policies, procedures and guidelines to ensure security policies and standards are up-to-date, reflective of security trends, best practice principles, and appropriate for anticipated threats.

Risk Management

• Develop and maintain information security risk assessments designed to evaluate inherent risks, controls, and residual risks. Effectively advocate within the business for security controls that mitigate unacceptable risks.
• Perform assessment of security controls and evaluate results relative to risk assessment.
• Lead cross-functional teams to analyze technical security controls to detect critical vulnerabilities and recommend safeguards.
• Work with auditors during scheduled and non-scheduled IT audits.
• Work closely with Company IT professionals responsible for user security and access controls to review privileged levels of access and changes to the technology environment for risk.

Security Architecture

• Assist to design and build network security mechanisms, process and technical improvements across the enterprise.
• Provide security architecture and design alternatives for third party access utilizing security risk assessment and analysis techniques.
• Consult with IT and other business functions and stakeholders on the design, implementation and operation of new and existing systems relative to security. 

Investigation

• Lead investigation of security incidents as required.
• Establish and participate in enterprise-wide computer security response team when significant network, Internet, or related security incidents occur.

Position Requirements

• B.S. in Computer Science/MIS/Telecommunications or related field.
• A minimum of 3-4 years IT information security related experience.
• Strong technical skills including the ability to lead/assist teams.
• Project management experience leading medium/complex projects.
• Budgeting, planning and organizational skills.
• Excellent communication/people skills.
• Knowledge of information security frameworks, capability-maturity models.
• Specialized security training or security certification such as NIST, CISSP, CISA, or CISM desirable.
• Ability to effectively prioritize and execute tasks in a transformation environment.