Specialist, Information Security Compliance

What You’ll be Doing: 

• Develop, implement, and monitor a strategic, comprehensive enterprise information security compliance program. 

• Ensure that our IT infrastructure is in line with industry standards and compliance regulations. 

• Work closely with IT and business stakeholders to understand their needs and ensure that compliance requirements are met without hindering business operations. 

• Conduct regular audits and risk assessments to identify vulnerabilities and non-compliance issues. 

• Coordinate with external auditors and consultants to conduct external security audits. 

• Prepare and document standard operating procedures and protocols. 

• Design and implement educational programs to improve the understanding of related laws and regulatory requirements across the organization. 

• Respond to security breaches and identify the root cause to prevent future incidents. 

• Stay current with the latest security technology and practices, as well as compliance regulations and standards. 

• Serves as primary driver to identify securable resources and mentor/assist business staff in selecting appropriate resource owners. 

• Works with resource owners in business organizations to determine appropriate security policies for securable resources. 

• Consults with IT technical services staff to evaluate, select, install and configure hardware and software systems that provide appropriate security functions. 

• Mentors, leads or assists resource owners and IT staff in understanding and responding to security audit failures reported by internal and external auditing departments. 

• Advises security administration staff on normal and exception processing of security authorization requests. 

• Determine appropriate level of documentation.  Documents security policies and maintains resource classification scheme.  May be required on occasion to present information on security status, project status and security training to audiences from management to field staff as appropriate. 

• Proactively protects the integrity, confidentiality and availability of information in the custody of or processed by the company by: responding in a timely manner to a loss or misuse of information assets; leading and participating in investigations of suspected information security misuse or in compliance reviews as requested by auditors; communicating unresolved security exposures, misuse or noncompliance situations to management. 

• Consults with IT management to ensure selection and use of realistic enforcement mechanisms. 

• Oversees review of security policies and resource classification scheme; keeps management informed of project status. 

• Provides technical expertise and guides the administration of security tools that control and monitor information security, including: updating access control tables; setting up user logon ids and assigning/resetting passwords; designing computer system access reports to identify possible security violations. 

• Researches, defines, develops and maintains effective disaster recovery plans, processes and procedures necessary to recover services in the event of a declared disaster.  Provides direction and in house consulting in these areas. 

• Researches, evaluates, designs, tests, recommends and plans implementation of new or improved information security software or devices. 

• Analyzes new software applications or tool implementations for implications to existing security software and devices. 

• Defines curriculum and trains information owners in the implementation of necessary computer security controls or new/upgraded security software and devices. 

• Develops and implements information security educational programs, conducting awareness seminars and workshops as appropriate. 

• Maintains technical reference library.  Develops technical information materials and workshops on these new areas for IT as appropriate. 

• This job profile is not meant to be all inclusive of the responsibilities of this position; may perform other duties as assigned or required.