Information Security Spec

Position Summary:

With a strong focus on cost-effectively meeting the Information Security requirements of CompuCom business units and through them, our clients, provide qualified support and technical advice on a wide variety of information security responsibilities, issues and problems. This includes Documentation, Compliance, User Awareness, Incident Response, Security Vulnerability Management, Risk Assessment and being a Subject Matter Expert in these and other areas related to Information Security. Assess applications developed internally as well as SaaS solutions CompuCom chooses to use to determine whether they include adequate security controls. Work on committees and task forces throughout CompuCom as may be needed to assist with the improvement of security of information systems, processes and procedures as well as to ensure compliance with all established policies and standards relevant to CompuCom.

Position Details:

Information Security Documentation

• Working with team members and business unit representatives, develop and publish information security policies, processes and procedures that support compliance with industry standards and regulations relevant to CompuCom and that otherwise reflect information security best practices
• Update existing information security policies, processes and procedures to ensure the policies remain current with industry standards and regulations
• Review security related documentation produced by other teams for accuracy and completeness

Compliance and Risk

• Assist with client proposals, including the review of and proposed changes to RFPs and MSAs to minimize risk to CompuCom
• Assist with responding to client security questionnaires as well as participating in client security reviews and audits
• Work with internal and external Auditors to ensure audits have the proper scope, are complete and completed in a timely manner
• Participate in the review and assessment of information security Waiver Requests, working with the requestor to find alternative solutions and/or compensating controls that could minimize the risk to CompuCom while meeting the needs of the business
• Investigate theft of CompuCom IT assets in order to understand the circumstances of the theft as well as the level of risk to CompuCom and/or client information assets
• Coordinate and/or drive remediation activities in order lower to an acceptable level any risk that may identified as a result of an audit

Security User Awareness

• Working with other team members and business unit representatives, support Security User Awareness initiatives. Where needed, assist in identifying specialized security training from sources outside of CompuCom
• Assist in performing analyses of available Security User Awareness training in order to gauge utilization and effectiveness

Incident Response

• Participate in incident response activities as directed and as outlined in CompuCom's Security Incident Response Policy and Procedure

Security Vulnerability Management

• Monitor for vulnerabilities relevant to the CompuCom IT Environment
• Organize and conduct monthly Security Vulnerability Management Meetings
• Participate in the Security Vulnerability Management process, offering advice and recommendations as well as identifying compensating controls in order to ensure risk from vulnerabilities is kept to a minimum

Vulnerability Scanning

• In conjunction with Security Vulnerability Management process, coordinate and schedule scans of CompuCom's internal address space for vulnerabilities
• Ensure that approved scanning tools have at least the minimum level of access needed to identify vulnerabilities that may exist for the device environment
• Ensure that approved scanning tools are configured to perform all necessary tests in order to have an accurate and complete risk profile for the devices while at the same time not performing tests without prior approval that are known to have the potential to introduce instability or compromise a system, for example DoS attacks
• Generate and publish reports of vulnerabilities; using these reports, assess level of compliance with the Security Vulnerability Management process

Subject Matter Expert

• Keep abreast of security and privacy standards and regulations, alerts, and vulnerabilities that are relevant to CompuCom
• Develop proposals on how new and existing standards and technologies could be used to improve the competitive position of CompuCom
• Communicate Information Security knowledge to internal as well as external parties

Other

• Participate in the Change Management process and weekly meetings
• Participate in the Security Vulnerability Management review process and monthly meetings, offering advice and recommendations in order to ensure vulnerabilities are assigned an appropriate risk rating
• Active participation in Project Management, as participant or Project Manager, for any project that may require such a formal approach
• Mentoring less experienced team members
• Perform additional duties as deemed necessary by CompuCom management

Minimum:

• Degree in Information Systems, a similar technology or the equivalent in the form of proven experience
• One or more certifications related to Information Security
• Proven ability to create and maintain effective documentation, including policies, processes and procedures
• Good understanding of Information Security technologies
• Good understanding of the controls required by ISO27001
• 3 years experience with Information Security in a medium to large organization
• Project Management experience
• Good organizational skills
• Ability to prioritize workload in order to meet commitments
• Strong English language communications skills, both verbal and written

Preferred:

• Bachelors degree in Information Systems, a similar technology or the equivalent in the form of proven experience
• CISSP, GIAC or CISA
• Excellent understanding of Information Security technologies
• Very good understanding of the ISO27000 family of standards as well as experience with implementation of controls and achieving compliance
• 5+ years experience with Information Security in a medium to large organization
• 3 years Project Management experience with demonstrated ability to lead complex projects