• Monitor the compliance of Information Security programs, policies, procedures and systems to satisfy company policy, regulatory, compliance requirements and to protect the company's technology and informational assets.
• Collect system logs including firewalls, switches, routers, servers, SANs and workstations and these analyze system logs for abnormal or unusual behaviors, investigate the roots causes and formulate appropriate responses.
• Perform periodic risk assessments of critical systems and infrastructure to assess the information security risks to the Company. Recommend mitigating controls or procedures to eliminate or minimize identified risks.
• Promote information security awareness by developing, maintaining, and delivering information security awareness programs together with Corporate Training.
• Represent information security considerations in approved System Development LifeCycle, Change Management, Production Support and technology-enabled projects.
• Support the cause of Information Security throughout the company by actively participating as part of the IT Security Committee.
• Perform as part of the Computer Incident Response Team (CIRT).
• Maintain CIRT documentation and incident reports according to approved policies and procedures.
• Continuously identify, evaluate, rate, and report internal and external threats to the company's information security posture.
• Evaluate, recommend and implement reasonable security systems and/or procedures to mitigate identified threats.
• Monitor changes in the technical, legal and regulatory arenas affecting Information Security, alert management accordingly.
• Prepare and publish Information Security reports as directed by management.

• Knowledge of LAN/WAN and desktop security and structure.
• Ability to write detailed technical documentation on security procedures and project plans. Ability to report and speak on technical issues in lemans terms to a broad audience.
• Knowledge of security auditing and reporting applications.
• Knowledge of compliance, regulatory and audit requirements
• Ability to interact with all levels of personnel across the enterprise to determine information security requirements
• Knowledge of Internet applications and Firewall process.
• Ability to keep abreast with new technologies.
• Must have excellent analytical, creative and problem solving skills.
• Knowledge of computer incident response procedures.
• Knowledge of system design and implementation.
• Knowledge of security monitoring of various operating systems and applications such as: Network Intelligence, Windows 2003, XP Professional, Cisco IOS, Redhat, Solaris and Ex-change 2003.

MINIMUM QUALIFICATIONS:
Education: A four-year degree preferred with study in Computer Science

Experience:
Five to seven years experience in Technology Services with specific experience in the following areas:

• Security administration
• Access control
• Encryption
• Internet security
• Database and/or application security
• Security design and implementation
• Risk assessments.
• Certification: CISSP preferred