RR Donnelley -
Downers Grove,
Illinois
7267
DESCRIPTION
Responsible for enhancing security for web applications/ development, defining and implementing secure coding practices; Responsible for the planning, design, enforcement and audit of security policies and procedures which safeguard the integrity of and access to enterprise systems, files and data elements, with a focus on web systems. Maintains knowledge of changing technologies, and provides recommendations for adaptation of new technologies or policies. Recognizes and identifies potential areas where existing data security policies and procedures require change, or where new ones need to be developed, especially regarding future business expansion. Provides management with risk assessments and security briefings to advise them of critical issues that may affect customer, or corporate security objectives. Evaluates and recommends security products, services and/or procedures to enhance productivity and effectiveness. Position reports to the Director of Information Security
Responsibilities:
* Evaluate web based solutions from a security perspective, provide and follow through on recommendations
* Define and implement secure coding practices including development and rollout of training for developers
* Communicating unresolved security exposures, misuse, or noncompliance situations to management
* Provide technical expertise and guide the administration of security tools that control and monitor information security
* Assist in the monitoring of compliance with security controls
* Assist IT and business staff in understanding and responding to security audit failures reported by internal and external auditing departments
* Assist in the response to security questionnaires, RFP responses, and audits.
* Train staff in the implementation of necessary computer security controls or new/upgraded security software and devices
* Research, evaluate, design, test, recommend and plan implementation of new or improved information security software or devices.
* Proactively protect the integrity, confidentiality and availability of information in the custody of or processed by the company by responding in a timely manner to a loss or misuse of information assets
* Advise security administration staff on normal and exception processing of security authorization requests
* Document security policies; maintain resource classification scheme
REQUIRED SKILLS
* Advanced degree in Computer Science, Engineering or related discipline with 7+ years experience OR Bachelor degree with 8-10 years of relevant work experience OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience.
* Web Programming skills required
* Specific information security experience and CISSP highly desired
* Experience implementing PCI certification, ISO 27001 accreditation, and SAS70 audits desired
* Ability to relate business requirements and risks to technology implementation for security-related issues
* Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies
* Technical proficiency in security-related hardware and software; ability to function as a consultant to other IT groups on security matters as a recognized technical expert
* Experience with vulnerability scanning tools and penetration testing
* Experience with risk assessments and audit procedures
* Self driven, highly motivated with a strong customer focus
* Strong analytical and problem-solving skills
* Solid project management skills, especially in a cross-functional environment
* Strong team-oriented interpersonal skills; ability to effectively interface with a wide variety of people
RRDIT
Downers Grove, IL
Downers Grove, Illinois
|
|