Job Purpose :
Responsible for the development and delivery of a comprehensive information security program for ISYS Group. The scope of this program is wide and includes information in electronic, print and other formats. The purposes of this program include: (1) assure that information created, acquired or maintained by ISYS and its authorized users, is used in accordance with its intended purpose; (2) protect ISYS information and its infrastructure from external or internal threats; and (3) assure that ISYS complies with statutory and regulatory requirements regarding information access, security and privacy
- Serve as the Information Security subject matter expert for the company.
- Development and maintenance of effective Information Security Policies, Procedures, and Standards.
- Define, create and maintain the documentation for certification and accreditation of each information system in accordance with regulatory requirements (PCI, ISO … etc.)
- Maintain the Security Awareness Program
- Responsible for Incident management – reporting and process
- Work closely with Information Technology professionals responsible for user security and access controls to review levels of access.
- Maintain strong understanding of technology used to support Information Security initiatives (network/system scanners, Firewalls, Internet/Email Filtering, Encryption, Anti-malware, Network Access Control, and Identity Management … etc.)
- Review systems in order to identify potential security weaknesses, recommend improvements to mitigate vulnerabilities, implement changes and document upgrades
- Applicant must exercise strict confidentiality in daily operations.
- Bachelor’s Degree from an accredited institution in Information Security, computer science or a closely related field.
- Three (3) or more years of Information Security experience.
- Relevant information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) or the ability to gain a certification within 6 months of hire.
- Because of the constant developing nature of information systems and cyber attacks, must be committed to continuous learning and system development.
- Knowledge of Financial Services industry.