|
Job Title:
|
Manager, Information Protection
|
|
Location:
|
Perimeter |
|
State:
|
Atlanta, GA Metro Area |
|
Date Posted:
|
7/27/2010 5:01:12 PM |
|
Position Description:
|
Are you looking for an exciting opportunity in a fast growing company with an entrepreneurial culture where you can make a difference? Are you willing to roll-up your sleeves and seize a unique opportunity to lead a team of exceptional information protection professionals? Soltech is seeking an Information Protection Manager to implement and lead a risk-based audit program, liaise with external parties, mentor team members and conduct internal and external audits on company entities. If you are interested in leading a bright and dynamic risk management team, this could be the role for you!
|
|
Responsibilities:
|
- Develop, implement and manage a risk-based audit program in compliance with audit standards, guidelines and best practices
- Plan specific audits to ensure that assets are protected and controlled
- Function as the IT lead on SAS-70, PCI, EU Safe Harbor, General Computer Controls, and client audits
- Assess controls and conduct audits in accordance with IS audit standards, guidelines and best practices to meet planned audit objectives
- Communicate emerging issues, potential risks, and audit results to key stakeholders
- Appraise and communicate control strengths and weaknesses with audit, IT management and business unit staff in order to plan an effective and efficient integrated audit approach and remediation plan
- Review and update relevant documentation to ensure control objectives are recorded and communicated
- Manage and maintain internal and external information protection risk assessment initiatives
- Implement and maintain PCI DSS and ISO registration
- Define appropriate frameworks for compliance initiatives
- Assist with requests-for-proposals and Information Security responses for clients
- Analyze reports from information security systems including: log consolidation, patch compliance, change control, vulnerability, IDS, and content management
- Respond to Information Security support desk escalations and assist with resolution
- Assist with incident response including performing investigative follow-up, assigning responsibility for corrective action, and auditing for effective completion
- Participate in security planning for future application system implementations
|
|
Required Qualifications:
|
- Bachelor’s Degree (B.A.), or equivalent combination of education and experience in Information Security, Computer Science, Management Information Systems or related curriculum
- Strong organizational, time management, decision making, and problem solving skills
- Professional certifications from ISACA (CISA, CISM), (ISC)2 (CISSP), or SANS strongly preferred
- 5 years of relevant general Information Technology experience required
- Some server and network administration experience helpful
- Experience with any ISO registration strongly preferred
- Experience with PCI, SOX or SAS 70 audit strongly preferred
- Strong conceptual understanding of Information Security theory
- Strong working knowledge of risk management theory and practice
- Strong working experience in meeting with internal and external auditors, IT management, and clients to discuss and address security concerns
- Strong working experience of ISO 9001:2000, ISO 27001 requirements, and PCI DSS
- Strong working experience of SAS-70 audit requirements
- Strong working knowledge of Windows XP/2000/2003, Active Directory, and IT Infrastructure security, audit, and control methods and concepts
- Working experience in troubleshooting information security-related problems and incidents
- Working knowledge of anti-virus systems, vulnerability management, and violation monitoring
- Working knowledge of AS400 security, audit, and control methods and concepts
- Working knowledge of SAP and Peoplesoft security, audit, and control methods and concepts
- Working knowledge of security architecture including encryption, firewalls, and VPNs
- Working knowledge of COBIT requirements
- Working knowledge of US and EU Data Protection requirements, Safe Harbor, ITIL v3, General Computer Controls
- Basic knowledge of Linux security, audit, and control methods and concepts
- Intermediate Programming and MS SQL and Oracle relational database knowledge helpful
|
|
This job has already been filled. Thank you for your interest.
|
|
Email Position to a Friend
|
|
Return to Position Listing
Return to Position Listing
|