'[SJ-JOB] Security Director, Baltimore, US'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-jobs
Subject:    [SJ-JOB] Security Director, Baltimore, US
From:       DHaseltine () ppsinfo ! com
Date:       2005-05-31 19:20:24
Message-ID: 20050531192024.10007.qmail () sfcm ! securityfocus ! com
[Download RAW message or body]


---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------


JOB DESCRIPTION
---------------------------------------------------
Position:	Security Director
Location:	Baltimore, Maryland, US
Type:		Permanent F/T
Closing Date:	06/30/2005

This position directs, coordinates, plans, and organizes information technology \
security activities.  He or she acts as the focal point for all communications \
related to information technology security, both with internal staff and third \
parties.  The Manager works with a wide variety of people from different internal \
organizational units, bringing them together to manifest controls that reflect \
workable compromise as well as proactive responses to current and future information \
technology security risks.

Job Description: 

&middot;Develops and implements the controls needed to protect proprietary \
information. &middot;Responsible for all information technology security regardless \
of the form the information takes, the information-handling technology employed or \
the people involved. &middot;Responsible for all security measures required to guard \
against threats to information and information systems, but not limited to, \
information unavailability, information corruption, unauthorized information \
destruction, unauthorized information modification, unauthorized information usage \
and unauthorized information disclosure. These threats to information and information \
systems include consideration of physical security matters only if a certain level of \
physical security is necessary to achieve a certain level of information security. \
&middot;Acts as the primary point of contact for communications dealing with \
information technology security problems, issues and concerns. &middot;Participates \
in annual budget development process. &middot;Establishes and maintains strong \
working relationships with the groups involved with information security matters \
(Legal, Internal Audit, Physical Security, etc.) &middot;Coordinates all \
multi-application or multi-system information security improvement projects. \
&middot;Develops action plans, schedules, budgets, status reports, and other top \
management communications intended to improve the status of information security. \
&middot;Performs and/or oversees the performance of periodic risk assessments that \
identify current and future security vulnerabilities, determines what level of risk \
is acceptable to management, and identifies the best ways to reduce information \
security risks to acceptable level. &middot;Coordinates and directs the development, \
management approval, implementation, and promulgation of objectives, goals, policies, \
standards, guidelines, and other requirements needed to support information \
technology security as well as within business networks (i.e., extranets). \
&middot;Creates a strategic information security plan with a vision for the future of \
information technology security that addresses management&#146;s fiduciary and legal \
responsibilities, customer expectations for secure modern business practices and the \
competitive requirements of the marketplace. &middot;Coordinates internal staff in \
their efforts to determine technology security obligations according to external \
requirements (i.e., contractual, regulatory, legal, ethical, etc.) &middot;Prepares \
security and risk updates monthly to the CIO and quarterly to the Technology Security \
Oversight Committee. &middot;Manages internal activities pertaining to the \
investigation, correction, prosecution, and disciplinary action needed for the \
resolution of information security breaches, violations, and incidents (whether \
actual or alleged), including post-mortem analyses. &middot;Directs the preparation \
of information systems contingency plans and managers worker groups (e.g., CERTs) \
that respond to information security-relevant events (e.g., hacker intrusions, virus \
infections, denial of service attacks, etc.). &middot;Manages through indirect \
authority and matrixed organization structures &middot;Manages business expectations \
and issue resolution. &middot;Maintains currency, accuracy, and relevance of \
information to which you have access or for which you are responsible. This includes \
reporting known errors or inconsistencies in the information. &middot;Diligently \
complies with and consistently enforces Information Security and Confidentiality \
policies and procedures. &middot;Reports all violations or suspected violations of \
information security policies to one&#146;s manager, the IT Information Security \
Staff, Human Resources or anonymously to the company through the whistle blower web \
site. &middot;Has input to decisions regarding hiring, firing, advancement, promotion \
or any other change of status of direct and indirect reports. &middot;Creates and \
communicates performance reviews, goals and objectives as well as training plans \
identifying skills gaps and closing them.  &middot;Performs all other duties as \
assigned.




JOB REQUIREMENTS
---------------------------------------------------
&middot;Bachelor&#146;s degree or relevant experience required (concentration in \
business or technology preferred) &middot;Masters degree preferred
&middot;Minimum five years in Information Technology with 3 to 5 years in a senior \
security role. &middot;Minimum three years of management experience.
&middot;Completion or pursuit of computer Information Security Systems Professional \
(CISSP). &middot;MCSE desirable.
&middot;CCNA desirable.
&middot;Experience with Active Directory and NT Domain administration.
&middot;Broad knowledge of security products and utilities.
&middot;Experience with implementing Checkpoint Firewall.
&middot;Experience developing system and network Disaster Recovery plans.
&middot;Ability to express complex technical concepts effectively, both verbally and \
in writing &middot;Strong negotiation, facilitation and influencing skills




CONTACT
---------------------------------------------------


Derek Haseltine
Technical Recruiter
PPS Information Systems Staffing
DHaseltine@ppsinfo.com



---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for 
searching and managing job opportunities and resumes.

http://www.securityfocus.com/jobs


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic