Title: Sr IS Security Engineer
Location: Illinois-Bensenville
Collaborate with the Information Risk group and Audit Group to identify & prioritize risk components, technology audits and compliance issues respectively for the IS organization. Advocate, design, and implement processes and technology relating to risk and access control across the technology organization. Ensure control policies are executed upon in accordance with corporate-wide policies and external regulatory obligations.
Role Specific Responsibilities
* Manage and operate network security devices including, implementation, and support
* Manage and operate Identity and Access Management software including, implementation, and support
* Review and act upon vulnerability scans, IDS alerts, SIEM Alerts, and other security logs
* Monitor and report on system performance
* Create and communicate system vulnerability reports
* Perform SOX testing
* Ensure that security configurations of key systems are properly implemented, monitored and reported
* Produce management reporting, including appropriate metrics that inform management as to the state of information risk
* Recognizes and identifies potential areas where existing security polices and procedures require change, or where new ones need to be developed, especially regarding future business expansion
* Ensure the IS organization is aware of their responsibilities and accountability for compliance with policies
* Conduct risk assessments, compliance and control reviews for the technology organization
* Provide information risk management consulting to technology teams
* Evaluate and recommend security software/hardware and its application
* Establishes alternative security measures if needed to support audit findings, known vulnerabilities, or disaster recovery efforts
* Perform security testing for new systems
* Work with the Infrastructure Manager to identify and arrange for deployment of appropriate compensating controls to address security and risk gaps
* Ensure technology teams are made aware of security engineering and architecture projects that could be incorporated into business solutions
* Lead security investigations and provide forensics services in responds to security incidents
* Ensure compliance with local regulations e.g. local encryption regulations and privacy laws
People Management
* Manage individual and team workload to deliver to agreed upon project milestones
* Proactively promote consistent project-based performance measurement and skill development of junior staff
* Promote effective teamwork and resolve interpersonal issues
* Provide input to staffing plans at the project-level to identify key / required skills
* Requires minimal supervision to perform job duties
* Train other Security Engineers on processes, procedures, and technologies
* Actively mentors other Security Engineers
* College degree in related technical / business areas and/or 7 to 12 years equivalent work experience
* Well rounded understanding of technology, operations and key business processes
* Member of SANS or other leading security organizations
* Strong organization skills
* Strong change management skills
* Highly flexible and able to adapt to change
* Strong problem solving and analytical capabilities
* Excellent written and verbal communication skills
* Strong influencing and negotiation skills
Relevant Technical Skills
* Information Risk Mgmt: Content filtering technologies, application firewalls, vulnerability scanners, LDAP, forensics software, security incident response, Identity Management (IdM)
* O/S: Linux (Red Hat, SUSE), Windows (2000/XP2003 Server), UNIX
* Network: Firewalls, Proxy Servers, Reverse Proxy Servers, IPS, SEIM
* Software Languages: Perl, Shell
* Standards & Methodology: ITIL, COBIT, SOX, PCI
* Office Automation: Word, Excel, Outlook
* Planning & Design: Microsoft Project, Visio
