Senior Security Systems Engineer / Information Security Analyst in Plattsburgh, New York For Sale

Company Description
Please email your resume in WORD format and current base salary requirements ASAP: Darrenf@rtijobs.com
Job Description
Large firm in NY needs:
Senior Security Engineer
Responsibilities:
Enhances policy management program though implementation of the Archer eGRC Policy Module, maintains the system and manages all policy and related content (policy, technical control standards, procedures and compliance artifact repository). Leads company through additional Archer planning and implementation as needed. ecture and secure application delivery, assessment and monitoring capabilities.
lead independent technical assessments as needed and provide key support to major programs such as: Information Security Plan, BCP/DR/Pandemic and CSIRT.
collaborates closely with key internal teams such as NetOps and serves a trusted advisor to management.
complex positioning requiring the synthesis of technical security and risk information with business drivers and organizational requirements.
Critical thinking is required for key decision related to technical security architecture, design, assessment and incident response. Span of influence is enterprise wide and will require interaction with all levels of the organization.
This role must provide expert opinion and guidance to management on security posture that balances the cost vs benefit of controls to the organization.
technical security measures must assist business growth through compliance, innovation and maintenance of a security posture adequate to meet the needs of many regulated markets (financial services, government, retail, etc.)
requires close working relationship with internal functions including: Network Operations, Development, Audit and Compliance, and Database Operations. Security product or service evaluation will require interfacing with external parties.
Advancestechnical security program through ongoing security solutions or improvements to technologies and increased automated policy enforcement (software and network security testing tools)
As requested by internal customers, provides assessments of key technologies including web applications, databases, and infrastructure.
Increases monitoring and alerting through SEIM / related technologies
Supports company CSIRT program; coordinates activities, provides analysis, reporting and procedural updates where necessary.
Key contributor to design and operation of Business Continuity Plan, threat assessment and treatment.
Performs ongoing research latest security best practices, staying abreast of new threats and vulnerabilities and help to disseminate this information within the company: maintains a strong professional network.
Proven ability to lead a cross company team to evaluate the marketplace and manage product or service evaluations
Requirements:
BS or MS from an accredited college or university with major course work in Computer Science
5+ years of information security experience working in a distributed network infrastructure environment
Professional certifications such as CISSP, CCNA, ITIL, GIAC, CISA, VCP, CISM .
Solid background in AD, LDAP, Cisco ASA, Anti-virus, IPS, DNS, network topology – VLAN/MPLS, vulnerability / penetration testing tools and methodologies along with supporting knowledgebases.
Strong knowledge about various data encryption methodologies, management processes and technologies.
Strong knowledge of Windows Server xxxx+, Workstation 7/8, and System Service Center; Linux, MS Exchange, Databases experience
Solid grasp of key standards, framework and laws such as NIST ISO xxxxX, OWASP, NIST 800-53, AICPA SOC, COBiT etc.
Prior experience in network, applications, risk management or IT security functions a plus
Demonstrated mastery of key information security and risk concepts for the design, implementation and operation of technology related controls.
Proven hands-on capability to analyze a variety of technologies (networks, messaging, directory services, application etc.) in relation to security requirements (confidentiality, integrity and availability) to identify improvements / solutions and drive their implementation as needed.
Implements automated policy enforcement controls and exception reporting where feasible. Escalates alarms or conditions such as potential intrusion, control failure, systems tampering, etc.
Has a strong security background in utilizing a variety of security and management technologies such as WebSense, Qualysguard, Solar Winds, MS System Service Center/ Configuration Manager, port lockdown, Cisco, etc. and the demonstrated aptitude to learn new technologies quickly.
Working knowledge of secure application delivery process.
Possesses strong communication skills (written, verbal, and listening) and relationship development competencies to foster close working relationships with key areas/ (NetOps and Application Dev)
Key contributor to annual Information Security Plan, CSIRT program and BCP testing including reporting and updates to plans or procedures as needed.
Strong analytical and diagnostic skills, detail oriented with superior written and oral communications.
Ability to work independently with minimal supervision and guidance with strong problem-solving, negotiation and decision-making skills to influence management, as well as internal and external partners.
Distills complex messages into actionable information in everyday English and has demonstrated capability to learn and adapt to new situations & requirements
IMMEDIATE INTERVIEW!
Information Security Analyst
Must have 2+ years working experience on ARCHER 5.x
Responsibilities:
will drive the implementation of the Archer Policy module to ensure policy content, and other related elements such as compliance artifacts, are maintained up to date in a usable repository.
improve efficiencies for the management of all policy program elements and complete customer risk questionnaires in a timely and consistent manner.
The Information Security Analyst will provide hands on support to the Vendor Risk Oversight program and serve as point of contact for external auditors and provide periodic risk assessment as needed. This role serves a trusted advisor to management
critical to maintaining Policy while enabling business growth.
requires strong relationship development skills, a strong understanding of the business, depth in information security policy, and assessment capabilities.
customer focused and must successfully manage competing priorities. Span of influence is enterprise wide and will require interaction at all levels of the organization.
This role must continuously assess the cost benefit of processes and technologies to the organization such as: program process improvements, technology refresh enhancements, additional Archer Modules, etc.
This role will work closely with the Senior Director of Information Security and several internal functions including: General Counsel/Privacy, Network Operations, Audit and Compliance, Human Resources and Database Operations. Audit/Compliance related activities such as assisting in Sarbanes Oxley Audits will require coordination with internal / external auditors and Customer Questionnaire management will require collaboration with Operations.
This role will work closely with the Senior Director of Information Security and several internal functions including: General Counsel/Privacy, Network Operations, Audit and Compliance, Human Resources and Database Operations. Audit/Compliance related activities such as assisting in Sarbanes Oxley Audits will require coordination with internal / external auditors and Customer Questionnaire management will require collaboration with Operations.
Leverages policy content for timely completion of customer risk questionnaires and provides support to Vendor Risk Oversight program.
Provides periodic audits or risk assessment on information security and compliance related areas such as IT General Controls, Privacy, etc.
Serves as point of contact and manages support for external auditors including SOX, SOC, etc.
Provides timely and accurate completion of customer risk questionnaires leveraging Archer and other automation / processes as needed
Keen sense of managing competing priorities as the customer questionnaires are coupled to business development.
Solid understanding of key vendor risk frameworks such as SIG, ISO xxxx1, FISMA.
Supports Vendor Oversight program through periodic review of vendor documentation, SSAE 16 reports, DC/DR Plan and test results, certificates of insurance, financial statements, and other appropriate documentation.
Completes periodic vendor risk scorecards and tracks remediation where necessary.
Performs periodic assessments on key areas such as SOX IT General Controls and Privacy
Maintains a professional network related to Archer, vendor risk management and emergency information security trends and policy issues.
Distills complex messages into actionable information in everyday English and has demonstrated capability to learn and adapt to new situations & requirements
Requirements:
Must have 2+ years working experience on ARCHER 5.x.
Demonstrated knowledge of Archer Questionnaires, Complex Calculated Fields, Custom Objects and demonstrated history of successful Archer Policy Module implementation;
ACP certification highly desired.
Advanced RSA Archer administration required; background in SQL scripting a plus.
Must have a proven background in organizational policy, structure (policy, standards, procedures, etc.)
Solid grasp of key standards, framework and laws such as SOX, ISO xxxxX, MA Privacy, SOC, COBiT etc.
Prior experience in audit, risk management, governance or IT security functions is required.
Certification such as CISA, CRISC, CISSP, CISM, CISA, ITIL, etc. is highly desirable
Proven Archer eGRC system design, implementation and operational support competencies are required for final implementation and operation of the Archer eGRC Policy Module.
Strong relationship development skills to work closely with stakeholders to ensure requirements are adequately addressed and provides system customization as needed such as: custom calculated fields, modification to Policy, Area, Section, etc. structure.
Gathers functional business requirements and develops vision / roadmap for additional modules as may be requested by management (Compliance, Risk, Vendor, etc.)
Ability to increase efficiency of manual processes through use of standard office tools (i.e. SharePoint, Excel, process improvement)
Strong capability to manage collection, evaluation of and maintenance of policy related artifacts.
Strong analytical and diagnostic skills, detail oriented with superior written and oral communications
IMMEDIATE INTERVIEW!
Please email your resume in WORD format and current base salary requirements ASAP!
Click here to apply.