Executive - Business Information Security

OVERVIEWEstablishes system controls by developing framework for controls and levels of access; recommending improvements.Maintains access by providing information, resources, and technical support.Ensures authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements.Establishes computer and terminal physical security by developing standards, policies, and procedures; coordinating with facilities security; recommending improvements.Safeguards computer files by performing regular backups; developing procedures for source code management and disaster preparedness; recommending improvements.Develops security awareness by providing orientation, educational programs, and on-going communication.Updates job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organization.Accomplishes information systems and organization mission by completing related results as needed.Monitors compliance with defined internal control policies and procedures in relation to applicable regulatory and industry requirements to which the business must conform.Coordinates the compliance reporting process for external customers.Provides support to external customers for mandated compliance reporting using the PCI Data Security Standard (PCI DSS) Self-Assessment Questionnaires (SAQ’s).Functions as the primary liaison with vendors and resident expert on systems and services in use for PCI DSS compliance self-reporting and/or vulnerability scanning.Provides technical guidance on compliance-related security controls, including vulnerability resolution activities, network segmentation, etc.Performs periodic security tasks as mandated by industry or regulatory requirements.Analyses reviews, researches and follows-up on data from SIEM tools and security alerts for suspicious activity.Gathers and reviews data from diverse system environments to determine risk exposure and makes recommendation to minimize risk.Defines thresholds and identifies specific patterns of behaviour indicative of malicious activity.Escalates, as appropriate, suspicious and/or malicious activity indicative of an attack.Maintains the company’s Information Security Policy and Incident Response Plan documentation.Monitors the currency of IT departmental documentation, operational procedures and configuration standards.Investigates, documents, trends and recommends appropriate corrective actions for reports of computer security incidents.REQUIREMENTS Bachelor Degree in computer engineering, computer science or related IT (any equivalent).Fresh graduates are encouraged to apply. Knowledge of CISSP, CISA, CISA, PCIP. GCIA, CEH, GREM, CISM, CRISC certified or IT Security Knowledge in Information Security Policies, Informing Others, System Administration, Network Security, Firewall Administration, Problem Solving, Process Improvement, Project Management, On-Call, Network Protocols, Routers, Hubs, and Switches.Infrastructure and application development background and working knowledge of security code review processes.Candidates are expected to be highly motivated, innovative and capable of working and delivering under tight schedule.