Previous Job
Previous
Information Security Consultant
Ref No.: 18-00535
Location: New York, New York
Position Type:Contract
Start Date: 01/05/2018
 
Title: Information Security Officer
Location: New York, NY
Duration: Ongoing Contract (3 + Months)
Start Date: ASAP


My client is looking for a passionate and highly capable Information Security Officer that has experience working with information security, data retention and digital compliance. The scope of this position is global, and includes information storage, access control, encryption, and retention policies. Also in scope are policies related to acceptable use of IT resources and access to systems by remote and non-employee users. The purpose of establishing this role include: to assure that information created, acquired or maintained by authorized users is used in accordance with its intended purpose, to protect information and its infrastructure from external or internal threats and to assure that it complies with statutory and regulatory requirements regarding information access, security, retention and privacy.

Responsibilities:

Risk Management & Advisory
  • Serves as a trusted advisor to leadership in key areas including risk management, legal and regulatory compliance and policy; and oversees ongoing risk identification, remediation, compliance and vendor risk.
  • Drives annual predictive threat modelling and budget estimation for risk treatment
  • In close collaboration with IT Security maintains the GIS tools catalog and facilitates their adoption and use across the enterprise as appropriate; ensures greater capability for business units to manage their own risk.
  • Leads and manages customer self-service RescueNet Teamsite in coordination with the Communications Officer Mentor and identify training needs for team members, ensuring professional development and superior technical expertise
Policy
  • Manages all elements of the GIS Security Policy lifecycle including development, review, update, approve, retire version control and communications.
  • Ensures all policy documents including procedures and standards are maintained in an authoritative repository for enterprise distribution.
  • Ensures policy complies with appropriate industry standards and regulations such as PCI, GDPR and various directives form authoritative bodies such as US Dept of State.
  • Represents policy document change proposals to senior leadership for formal approval as needed.
  • Evaluates need for and implementation of GRC tool.
  • Manage and oversee the security exception process.
Compliance & Reporting
  • Leads PCI DSS compliance including internal PCI compliance testing, inquiry, observation and other analysis required to meet compliance objectives to meet successful PCI SAQ attestation
  • Establishes and communicates an annual compliance schedule.
  • Leads compliance and audit reporting for key controls including: MDM, end point protection, Firewalls, vulnerability management, DLP, systems event response, anti-virus/malware/spam technologies,
  • Designs and executes Access and Privileged Access Management (PAM) Reviews to drive down inappropriate accounts; supports access appropriate to role for all GIS initiatives.
Operations
  • Leads and supports distributed security organization with up to twenty ISOs distributed globally.
  • Serves as an SME and provides information security mentoring and training to IT and other staff as appropriate.
  • Leads vendor risk management in collaboration with IT Vendor Management. Maintains vendor risk management tools, vendor inventory and classification; ensures risk assessments are complete and accurate; reviews relevant contract terms in all agreements; identifies and tracks vendor risks to ensure they have an effective plan / are executing against an effective plan to mitigate risks; monitors IT security and related issues or changes within the vendor organization.
  • Works with Business Resilience to ensure DR plans meet business BCP needs; close collaboration with business residence.
  • Assists Communications Officer with the development and implementation of security training, awareness and progress programs to educate the company's employees regarding information security requirements and initiatives.
  • Develop and communicate security strategies and plans to executive team, staff, partners, customers, and stakeholders
Qualifications:
  • Previous experience, professional knowledge, specific skills and strengths and any other skill necessary to perform the essential functions of the job.
  • Bachelor's degree in any Information Systems related field required, Master's preferred.

If qualified and interested, please send an updated resume to michael.meade@mondo.com

Thanks, and I look forward to speaking with you!