The Senior Engineer, Information Security (New York, NY) will support and help establish the cyber security program of Teach For America. This is a great opportunity for an individual that is currently in the cybersecurity space and wants to expand and collaborate with other members of IT combining their strong technical/operational background in Information Security while exploring best practice and governance.
Areas of Responsibility:
OPERATIONAL SUPPORT (25%)
- Coordinate, measure and report on the technical aspects of security management.
- Manage and coordinate operational components of incident management, including detection, response and reporting.
- Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
- Assist and guide in the development, testing and maintenance of disaster recovery and incident response plans.
- Respond to and, where appropriate, resolve or escalate reported security incidents.
- Monitor system logs, SIEM tools and network traffic for unusual or suspicious activity. Interpret such activity and make recommendations for resolution.
- Investigate and resolve security violations by providing postmortem analysis to illuminate the issues and possible solutions.
- Assist as needed with the monitoring of internal control systems to ensure that appropriate information access levels and security clearances are maintained.
Strategic Support (25%)
- Collaborate in developing a security program and security projects that address identified risks and business security requirements.
- Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing management with a realistic overview of risks and threats in the enterprise environment.
- Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department.
Security Liaison (25%)
- Assist in security communication, awareness and training for audiences, which may range from senior leaders to field staff.
- Work as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements.
- Manage production issues and incidents, and participate in problem and change management forums.
- Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
- Serve as an active and consistent participant in the information security governance process.
- Work with IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.
Architecture/Engineering Support (25%)
- Consult with IT and other staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
- Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
- Develop a strong working relationship with the IT team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
Educational Background:
Bachelor's degree in Information Systems, or equivalent work experience
CISSP or CISM certifications a plus
Skills/Experience:
Prior Experience
- 7+ years of IT Information Security experience
- Experience developing and maintaining policies, procedures, standards and guidelines.
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
- Experience in system technology security testing (vulnerability scanning and penetration testing).
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Experience working with legal, audit and compliance staff.
SKILLS
- Demonstrated strength in:
- Leadership and the ability to work effectively with business managers, IT engineering and IT operations staff.
- Communication (verbal, written and interpersonal), and the ability to build and foster strong relationships at all levels
- Analyzing security requirements and relating them to appropriate security controls.
- A strong understanding of the business impact of security tools, technologies and policies.
- An excellent understanding of information security and risk concepts, protocols, industry best practices and strategies.
- An understanding of operating system internals and network protocols.
- Familiarity with the principles of cryptography and cryptanalysis.
- Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
- Technical proficiency with security-related systems and applications, including proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Work Demands
- This position is located on-site in our New York national office.
Job Function:
Organization Info
Listing Stats
Post Date:
Dec 8 2017
Active Until:
Jan 7 2018
Hiring Organization:
Teach For America
industry:
Nonprofit