Responsibility

• Oversee the company’s Information Security Program
• Work with IT Director to define information security-related objectives that will enable the company to meet its legal, contractual and business-related requirements for data confidentiality, integrity and availability through the effective use of technology controls, procedural controls and information security awareness and
educational objectives
• Ensure that the company security related objectives are being met
• Continually assess the overall effectiveness of the information security program
• Coordinate the development and maintenance of the company’s Information Security Policy and ensure that it coordinates with other Information Technology Policies
• Work with IT Director to define and maintain the company’s Information Security Policy regarding information classification, the proper handling of the company’s information at all sensitivity levels, the rules for the issuance of computer accounts and the assignment of privileges, the definition of acceptable proof of identity for accessing information resources, who authorizes access to information, how authorization decisions are documented and enforced, and the process of responding to information security related incidents
• Coordinate the development, maintenance and documentation of technology standards and procedures
• Work with IT Team to confirm that technology related standards and procedures effectively implement the company’s IT security related policies in a cost-effective practical manner
• Review third party products and services to ensure that they do not increase the risk of the company’s information being compromised
• Manage IT security incidents
• Promote security awareness and education
• Convey security related policies and procedures to company’s clients and vendors utilizing a variety communication vehicle (web content, presentations, articles, email)
• Develop and manage the company’s information security awareness program for company’s employees
• Manage information security related projects as needed
• Coordinate the company’s response to information security related audit findings and request made by Authorities
• Perform operational functions where necessary for segregation of duties
• Regularly review system activity logs to proactively uncover potential threats to company data and systems, and to ensure that operational and administrative controls are functioning appropriately
• Review and authorize access requests beyond standard user access (highly privileged system access, access by vendors)
• Serve as a Process Manager, coordinating the company’s investigation of and response to the possible exposure of sensitive company information
• Research, recommend, install, configure, operate, maintain and monitor security related products that satisfy the company’s information security
• Advise IT Director in the development of standards and procedures for: servers and workstations, handheld devices, network equipment, databases, applications
•Research, recommend, install, configure, maintain and operate software products that can detect: improperly configured servers and workstations, application program code weakness
• Perform technical investigations of suspected system compromises
• Educate IT support staff in security best practices for configuring, administering, operating and monitoring technology