Summary Lead and manage an Information Security Program that protects organizational data, systems, networks, and end-points from both internal and external threats and business risks. Provide experienced and specialized technical and business knowledge in ongoing Information Security enhancement projects and the Information Security Program for the organization. Recommend, architect, budget, implement, and maintain information protection technologies including secure network architecture, firewalls, VPN’s, intrusion detection/prevention systems, authentication, authorization, and accountability systems, web filtering, and enterprise security management devices. Work with other IT Engineers, developers, architects, and leadership to determine acceptable level of risk for enterprise computing platforms. Key Responsibilities
· Plan, direct and execute on an Information Security Strategy to achieve long term IT and Security goals and objectives. Select and/or develop, implement and maintain a data and network security program that ensures corporate assets and data are protected from loss, tampering or theft, and that network access is provided only to authorized users.
· Through the use of server, network, and end-point, security technologies, enable a secure environment that supports the business applications used by Juice Plus+ and enable employees to utilize secure technology resources to efficiently perform their duties. Ensure security policies are up-to-date and a Security Awareness and training program for the organization is created and managed appropriately.
· Develop and maintain the expertise and business processes necessary for the information security group to resolve technical problems and perform upgrades, patches and enhancements in a timely manner with little disruption to operations.
· Provide a security consultative approach to both IT and business unit projects and initiatives and provide security assessments, secure architecture and design planning assistance and timely and successful project implementations.
· Staff the Information Security team with experienced and knowledgeable security skilled employees who can effectively and efficiently carry out the mission of the team and goals of IT and the organization.
· Develop a vendor and supply chain security management program that ensures both vendors and the supply chain risk is managed appropriately.
Requirements
Staffing. Define job specifications and recruit, hire and train skilled professionals to continually fill all positions within the Information Security team. Perform regular performance evaluations on employees within the group, and provide ongoing feedback on employee performance. Ensure appropriate skills assessment and training to develop staff in support of business requirements and goals.
Resource Planning. Prepare a resource assessment and plan that highlights the capacity to take on new corporate or business unit technology projects, ensures our ability to meet the obligations of the Information Security team through internal and external resources, and communicates the allocation of resources to projects for the upcoming period.
Budget and Regulatory/Compliance. Plan and develop a departmental budget in accordance with established guidelines, administer compliance to meet budgetary goals. Implement appropriate processes and procedures to ensure compliance with any regulatory or audit requirements. Support any sanctioned internal or external regulatory agencies/groups in the production, adherence to, reporting of or mitigation of any financial, compliance or regulatory issues.
Information Security Risk Advisory Council. Help create and build an Information Security Risk review team with the core objective of reviewing security risks to Juice Plus, but also advising the council of the overall security program and security posture of Juice Plus.
Data Security. Develop and maintain data and network security programs and select and implement security systems that ensure corporate sensitive data is protected from loss, tampering or theft.
Networking and Security Infrastructure. Recommend, design, implement, and maintain information protection technologies including firewalls, intrusion detection, intrusion prevention, MFA, content filtering, end-point, and enterprise security management.
Vulnerability Assessment. Perform and/or coordinate vulnerability assessments and penetration testing of all business systems and devices communicating on our internal and public networks. Ensure appropriate changes are made to correct vulnerabilities in a timely manner.
Systems Deployment/Service Support. Ensure the timely resolution of server, workstation, network, voice and data security-related problems that adversely impact operations, productivity or customer service.
Vendor Management. Design and recommend a vendor management program that outlines what types of security documentation, certification and/or other information, short and long term that will be required for a vendor to do business with Juice Plus. Ensure a review of contracts to highlight security/data requirements with third party vendors.
Management Reporting. Develop streamlined reporting that ensures that senior leadership is kept abreast of progress on corporate and business unit projects, major problems affecting customer service, and key statistics on reliability, service level performance, system security and resource utilization.
Skills
Demonstrated ability to work well with all levels of management, business customers and manage relationships within and outside of the organization.
Ability to expertly handle sensitive data, information and processes, and to contribute to complex or difficult customer and/or employee situations.
Outstanding customer service skills and attitude, and sound written and oral communications skills.
Ability to inspire employee confidence and to motivate employees to maximum performance.
· Demonstrated knowledge of complex information system architecture, computer system security principles, and knowledge of network security engineering policy. Experience in implementing security policy and applications on information networks. Also, specific application experience with virtual private networks, encryption technologies, and certificate/authentication systems. · Must be able available for business travel, project and emergency / afterhours assignments as required.
Minimum Job Requirements
College degree in computer science/technology or commensurate experience and MSCE, CCNA, CISSP, CEH, GSEC, CISM, or other certification(s) preferred, but not required.
Ten of more years of experience with security technologies and systems with particular emphasis on Microsoft enterprise technologies and Security Operations services.
Eight or more years of management experience and staff development.
Eight or more years learned and applied experience with the implementation, operation, and support of server, workstation, networking (wired and wireless), and security based technologies.
Willingness to work non-standard hours as needed
Must be able to work remotely including access to the internet
Physical Requirements
Ability to sit for extended periods of time.
Disclaimer This job description is only a summary of the typical functions of the job, not a comprehensive list of all possible job responsibilities, task and duties. Juice Plus is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.
Description Knowledge of IT security management processes including, but not limited to, the following: risk management, security planning, IT security control implementation, testing, and logical access controls
