Responsible for managing security related projects, applications, documentation, and monitoring. In addition this position will review systems to verify complete and proper configuration security configuration. This position also helps to manage and implement security technologies to ensure that compliance is met within the network and server infrastructure.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Monitoring, improving and implementing security projects in both the PCI and internal networks
- Continuous monitoring of the security of networks and systems to maintain Nexidia’s security posture
- Documentation and enforcement of policies and procedures.
- Planning and implementing new software deployments and processes
- Perform Penetration and Security testing
- Review switch, firewall, server, and application configurations
- Thorough understanding of information security principles and practices with demonstrated experience.(Log monitoring, IPS, and AV solutions)
- Perform comprehensive PCI-DSS assessments, IT audits, policy and procedure development.
- Maintain Awareness, Patching, and Vendor security assessment systems
- Develop reports that detail compliance and security gaps including risk severity level, systems impacted, business risk summary, and recommendations that re-mediate all findings.
ADDITIONAL DUTIES AND RESPONSIBILITIES
- Maintain and manage the security training process
- Work with auditors to provide document and evidence during audits
- Performs other duties as required
- Understands and adheres to Nexidia compliance standards as they appear in the Employee Handbook, Corporate Compliance Policies, Code of Conduct and Conflict of Interest Policy (as appropriate).
- Stays current with all pertinent federal and state regulations, laws, and policies as they presently exist and as they change or are modified.
KNOWLEDGE, SKILLS, AND ABILITIES
- Solid understanding of Microsoft Server Operating Systems, Active Directory, and group policy
- Solid understanding of system and network security
- Possess a good understanding of LAN / WAN technologies and protocols including TCP/IP & DNS
- Knowledge and experience with Server 2003, Server 2008, Server 2012, Server 2016
- Excellent knowledge of security best practices and compliance standards like PCI, ISO:27001, and HIPAA
- Excellent customer service, verbal and written communication skills
EDUCATION AND EXPERIENCE
- Bachelor's degree in computer science, information technology or related field or equivalent work experience with four (4) years of additional related, progressive work experience.
- Knowledge of and experience with PCI and ISO 27001: information security management systems and certification preferred.
- A minimum of two (2) years additional directly related technical experience is required.
- Basic understanding of information security.
- Basic knowledge of security principles.
- Knowledge of information technology terms, equipment, systems, functions and major vendors.
- Excellent oral and written communication skills, including presentation skills.
- CISSP, CISM, CRISC, CISA, SSCP or similar certification would be an advantage
- Must be a US Citizen
PHYSICAL DEMANDS / WORK ENVIRONMENT
Physical Demands: Working with computer hardware in the datacenter is required. This also includes racking, stacking, and cabling of servers plus network equipment.
Work environment: Professional office environment that is entrepreneurial, creative, innovative, team-oriented, inspiring, diverse and challenging with dedication to creating and developing cutting-edge business solutions for our customers. Working conditions are normal for an office environment; work may require occasional weekend and/or evening work.