IT Security & Compliance Team Lead at Geographic Solutions, Inc.

Title: IT Security & Compliance Team Lead
Company: Geographic Solutions, Inc.

Must have the following in order to apply:
•Bachelor’s Degree in Computer Science or related IT field
•Five (5) years of experience within the last seven (7) years in this job class
•Three (3) years of experience in one or more of the following Database Environments: Microsoft SQL Server, Oracle, Sybase, DB2 and MySQL
•Experience reviewing or auditing IT general controls, network infrastructure, information security, SDLC, web server, database server, operating systems, and/or software applications to ensure compliance is maintained
•Experience in the implementation and management of both offensive and defensive security technologies in conjunction with commercial and federal information security compliance initiatives
•In depth technical understanding of network, systems, application, and cloud security
•Working knowledge of agile and waterfall software development lifecycle methodologies
•Three (3) + years of hands-on working experience with Windows Server 2012
•Three (3) + years practical experience in TCP/IP Networking
•Knowledge of Industry Standards, e.g., ISO 17799/27001, NIST Publications and other Industry Related Security Standards
•Knowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI) or Corporate Compliance
•Verbal and written communication skills

Preferred Skills:
•An expert skillset and a subject matter expert from a design, implementation, and a hands-on support standpoint within a network segmented, multi-domain Microsoft Active Directory (AD) environment
•Hands-on experience with proxy, Intrusion Detection System (IDS), Intrusion Protection System (IPS) and SPAM filters
•Hands-on working experience with Microsoft SQL Server 2012
•Working knowledge of agile and waterfall software development lifecycle methodologies
•Experience building, leading, and driving technical design and operational security teams
•Hands-on experience in compliance/remediation efforts of relevant domestic and international security standards and best practices such as PII, PCI DSS, ISO 27001/2, SOC, OWASP, NIST, and other compliance standards
•Experience in security and compliance policy and process and procedure creation and ongoing management
•CISM, MCSE, CCNA certification

Required Screenings:
Background Checks (Local/State/Federal); Reference Checks; Drug Free Workplace.

Job Description:

This individual is a member of the Information Security Team reporting to the Director of Operations with responsibility for the information security operations and compliance initiatives in a fast-paced Software as a Service (SaaS) environment.

Duties and Responsibilities:
•Process documentation, facilitation, remediation planning, risk management, and systems implementation coordination required to meet the audit, control, and compliance requirements.
•Work with Information Technology and Security teams to design, manage, and implement specific remediation plans addressing improvement opportunities within internal processes and procedures.
•Work with executive management to determine acceptable levels of risk for the organization.
•Manage a team of 3-10 security personnel to include all day-to-day functional duties, administrative responsibilities including reporting, work assignments, resource planning, and employee coaching, oversight, and evaluations
•Shall have the primary responsibility for implementing all of the security aspects of the System.
•Responsible for the Vulnerability Management lifecycle: discovery, risk analysis, review meetings, and remediation tracking, with monthly reports.
•Specify the process and policies, then implement, and maintain the systems for Security Information and Event Management.
•Primary responsibility for assigning development tasks to team members utilizing the Company’s Online Project Communicator (OPC).
•Ability to perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocols.
•Identify gaps and areas for improvement in regards to policies, procedures, standard practices, and training programs to ensure company compliance with applicable federal, state, and client security standards
•Utilization of information security tools such as Burp Proxy, IBM Rational AppScan, Nessus, Kismet, Airsnort, NMAP, Ethereal, WebInspect and Nikto, and manual techniques to exploit vulnerabilities in the Open Web Application Security Project (OWASP) top 10 including but not limited to cross-site scripting, SQL injections, session hi-jacking and buffer overflows to obtain controlled access to target systems.
•Perform continuous ethical hacking on the internal environments for potential threats and vulnerabilities, and participate in vulnerability assessments (both internal and external) for networks and applications
•Work with internal and external resources on performing and reporting the annual penetration testing to include full white-hat testing; Must provide a detailed report and recommendations for improvements and remediation where applicable
•Work with internal and external stakeholders to assess security requirements, and approve/modify designs as needed
•Ensure vulnerabilities are mitigated in a timely fashion in accordance with the applicable compliance requirements
•Support incident responses for all security-related issues 24/7
•Participate in reviewing and responding to all 3rd party vendor and supplier review questionnaires and customer audit questions and remediation, including providing compliance-specific support documentation
•Ensure the security for all systems is actively maintained and hardened against industry, legal, and compliance standards
•Provide technical security review oversight of new architectural solutions, applications, and product offerings and identify potential risks and compliance requirements
•Ensure security systems are in place to protect company assets, information and client privacy are developed, maintained, and compliant
•Evaluate Information Security policy compliance, including internal and external audit initiatives and training programs for overall effectiveness
•Execute the long-term strategy for the Information Security department and provide input for the roadmap/action plan
•Manage multiple competing priorities in a fast-paced SaaS environment
•Support and participate in an on-call schedule for the Information Security team
•Manage third party security services, application vendors, evaluate new vendors and services
•Support incident responses for all security related issues in accordance with defined company policies and procedures; Act as a lead team member for the Security Incident Response Team (SIRT)
•Provide technical support for risk and compliance initiatives to ensure adherence, and for all compliance and audit efforts (internal and external), certification, and other compliance efforts including SOC2 Type II, PCI DSS 2.0-3.0, ISO27001/2 and FISMA; This will require the authoring and maintenance of policies and procedures
•Must report on complex technical functions and risks to senior management

Work Environment:
Fast-paced, team-oriented environment with a casual dress code.

Hiring Process:

Submit resume via email or apply by registering and posting a current, up-to-date resume in Employ Florida Marketplace.

In order to apply to this position, please click “How to apply for this job” located at the bottom of the job order page, and you will receive the employer contact information. Employer has indicated the means listed are the only means they will accept to apply

Days & Hours:
Full Time position; Monday thru Friday; Complete schedule will be discussed with applicant.

Depends on experience; Benefits are offered.

See full details and apply at