Information Security Specialist

Job Purpose

The Information Security Specialist develops and drives effective cyber risk assessment and IT security compliance programs involving activities such as designing, reviewing and developing security systems, processes/procedures, and policies, establishing compliance with policies, and conducting security reviews and security assessments. S/he determines security violations and inefficiencies by conducting periodic audits, security checks, and reviews. S/he defines and communicates risks, analyzes abnormalities, and reports any violations to ensure that Company data is secured against relevant threats and vulnerabilities, both internal and external, that the impact to the business of any security incidents would be minimal to nil, and that the confidentiality, integrity, and availability of information is always guaranteed.

Main Duties and Responsibilities

1. Analyze management and technical controls to ensure that specific security and client compliance requirements are met through the verification of documented processes, procedures, and standards in order to validate the maintenance of secure configurations.
2. Review and develop security framework, information security systems and policies, processes, and procedures on an ongoing basis.
3. Manage internal information security reports and lead remediation with key technology stakeholders (Antivirus, Scanning Tools, Domain Reputation, Malware, Vulnerability Scans, AD Policies, etc).
4. Conduct IT Risk Management and Project-based IT Risk Assessments.
5. Collaborate with the team to complete audit reports, questionnaires, and Compliance related training.
6. Reviews critical system events such as alerts, unauthorized logins, admin changes, and others.
7. Collaborates with the tech security team in researching, performing proof-of-concept, and deploying security tools or products, software or devices.
8. Analyzes and interprets events and incidents by obtaining logs and identifying root causes of the incident.
9. Provides post-incident analysis report to Management.
10. Performs other information security functions such as asset management, vulnerability management, security awareness training, patch management, among others.
11. Be up to date on the latest information security news and trends.
12. Works on special projects other tasks as assigned by the Information Security and Compliance Manager.

Required Skills and Experience

Knowledgeable, skilled, and/or experienced in the following:

• Network Security, Firewalls, IPS/IDS systems, Windows System and Network configuration, Active Directory GPO management, Windows and Linux operating system,ISO/IEC 27001, other information security standards, and information security best practices

Find out more about Civicom Pacific atwww.civi.comand our Feathers Project atwww.feathersproject.org.