Two people working together with laptops and pen and paper

Information/Cyber Security Administrator

Employment Type: Full Time

Work Hours: Exempt; 40+ hours per week; Monday – Friday

Experience Requirements

  • 5 plus years’ experience in IT, Information/Cyber Security and/or related Technology fields
  • Functional knowledge of Security Frameworks such as ISO 27001, SANS, NIST, CIS, GDPR, OWASP Top 10
  • Working experience of creating and maintaining operational effectiveness of IT Controls
  • In-depth understanding of security tools such as vulnerability scanning, firewalls, IDS/IPS, patch management, antivirus, and SIEM
  • Hands on experience with security tools, conducting security audits, and performing security investigations
  • Strong communication skills and the ability to be influential through both written and verbal interactions with a variety of audiences
  • Proven ability to work independently and as a member of a team
  • Ability to maintain productivity while multi-tasking in a fast-paced environment
  • Industry accepted Information Security Certifications are a plus!

Responsibilities

  • Maintain and strengthen IT Security initiatives including ISO 27000, Cloud Security, GDPR, Business Continuity & Disaster Recovery, Asset and Data Classification, System Hardening, etc
  • Leverage security tools such as SIEM and asset/vulnerability scanners to monitor and secure our environments
  • Assist with the planning, execution, evidence gathering, and remediation of internal/external audits and compliance activities, such as Penetration Tests, Client Security Questionnaires, IT Compliance Audits
  • Maintain internal/external compliance against information security policies and procedures by completing internal control reviews and risk assessments. This includes identifying and communicating control gaps, proposing action plans for remediation, and reporting on the completion of tasks
  • Participate/ensure security controls and best practices are available and maintained in DevOps
  • Facilitate internal phishing campaigns, security announcements, security awareness trainings, and security exception processes
  • Assist in maturing the overall IT/Cyber Security programs while aligning with security frameworks

Apply Here