· Architects, designs, implements, maintains and operates information system security controls and countermeasures.
· Analyzes and recommends security controls and procedures in acquisition, development, and change management lifecycle of information systems, and monitors for compliance.
· Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance.
· Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends.
· Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement.
· Administers authentication and access controls, including provisioning, changes, and DE provisioning of user and system accounts, security/access roles, and access permissions to information assets.
· Analyzes trends, news and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments.
To keep up to date with emerging security trends, threats, best practices and standards (internal and external), regulations, and security-enhancing technologies.
Analyzes and develops information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and us