Responsible for managing security related projects, applications, documentation, and monitoring. In addition, this position will review systems to verify complete and proper configuration security configuration. This position also helps to manage and implement security technologies to ensure that compliance is met within the network and server infrastructure.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Monitoring, improving and implementing security projects in both the PCI and internal networks
- Continuous monitoring of the security of networks and systems to maintain Nexidia’s security posture
- Documentation, development, and enforcement of policies and procedures.
- Planning and implementing new software deployments and processes
- Perform Penetration and Security testing
- Review switch, firewall, server, and application configurations
- Thorough understanding of information security principles and practices with demonstrated experience including Log monitoring, IPS, and AV solutions.
- Perform comprehensive PCI-DSS, ISO:27001, and HITRUST assessments, IT audits, policy and procedure development.
- Maintain Awareness, Patching, and Vendor security assessment systems
- Develop reports that detail compliance and security gaps including risk severity level, systems impacted, business risk summary, and recommendations that remediate all findings.
- Stay current with security vulnerabilities, tools, and best practices
ADDITIONAL DUTIES AND RESPONSIBILITIES
- Maintain and manage the security training process
- Work with auditors to provide document and evidence during audits
- Performs other duties as required
- Understands and adheres to Nexidia compliance standards as they appear in the Employee Handbook, Corporate Compliance Policies, Code of Conduct and Conflict of Interest Policy (as appropriate).
- Stays current with all pertinent federal and state regulations, laws, and policies as they presently exist and as they change or are modified.
VISA SPONSORSHIP NOT CURRENTLY OFFERED.
KNOWLEDGE, SKILLS, AND ABILITIES
- Solid understanding security frameworks and standards
- Solid understanding of Microsoft Server Operating Systems, Linux Operating Systems, Active Directory, and group policy
- Solid understanding of system and network security including:
- Firewalls, VPN, SIEM, Audit Tools, Vulnerability and Penetration Testing tools, Antivirus, FIM, IDS/IPS, DLP, Email Security, Wireless, and other Security Tools
- Possess a good understanding of LAN / WAN technologies and protocols including TCP/IP & DNS
- Knowledge and experience with Server 2012 and Server 2016
- Excellent knowledge of security best practices and compliance standards like PCI, ISO:27001, and HIPAA/HITRUST
- Excellent customer service, verbal and written communication skills
EDUCATION AND EXPERIENCE
- Bachelor's degree in computer science, information technology or related field or equivalent work experience. (Typically four years of additional related, progressive work experience would be needed for candidates applying for this position who do not possess a bachelor's degree.)
- Knowledge of and experience with PCI, HITRUST, and ISO 27001: information security management systems and certification preferred.
- A minimum of two years additional directly related technical experience is required.
- Basic understanding of information security.
- Basic knowledge of security principles.
- Knowledge of information technology terms, equipment, systems, functions and major vendors.
- Excellent oral and written communication skills, including presentation skills.
NICE Systems is an Equal Opportunity/Affirmative Action Employer, M/F/D/V.
NICE is committed to provide an environment based on equal opportunity for all qualified applicants and employees. It is the policy of NICE to afford equal employment opportunities to qualified individuals, regardless of age, race, color, creed, religion, citizenship, ancestry, national origin, sex, gender, pregnancy, mental or physical disability, marital status, veteran status, service in the Armed Forces, sexual or affectional orientation, atypical hereditary cellular or blood traits, genetic information, status as a victim of domestic or sexual violence, and/or any other status protected by any applicable federal, state and/or local statute or regulation.