Information Security Officer Job Description Template

Are you looking for an exciting leadership opportunity where you can use your information system security expertise? We have an amazing opportunity for an experienced Information Security Officer. In this role you will help us protect the company as we navigate the digital enterprise. As an Information Security Officer you will act as a key participant in monitoring, evaluating, and measuring the impact of decisions. You will also collaborate with relevant business groups to identify current and emerging risks associated with business activities and operations, and provide guidance in developing and implementing risk-mitigating strategies.

Typical Duties and Responsibilities

  • Lead complex initiatives designed to mitigate current and emerging risks with broad impact
  • Monitor moderately complex business specific programs and provide risk management consulting to support the business in designing and implementing risk-mitigation strategies
  • Monitor, measure, evaluate, and report on the impact of decisions and controls to the relevant business group or functional area
  • Assisting with determining and quantifying the organizational risk appetite or tolerance
  • Develop and implement risk monitoring and risk reporting processes and controls
  • Develop and manage the Cyber Risk Register
  • Define internal security controls for monitoring and reviewing access and setup of various systems
  • Identify vulnerabilities in our network, and recommend and implement solutions.
  • Develop, recommend, and implement a comprehensive plan to secure our network based on the NIST Cybersecurity Framework and Zero Trust Architecture
  • Monitor, respond, prioritize, and resolve security related audit findings
  • Coordinate internal or external tests or audits 
  • Assist in vendor review and 3rd party oversight
  • Manage and create log collection and monitoring systems
  • Create or modify technology related policies to adhere with regulatory requirements, industry frameworks, or best practices
  • Lead efforts to document and test incident response plans, disaster recovery and crisis management plans from an IT Security perspective, and report on results
  • Create standard operating procedures and technical system overview documents
  • Configure and report on vulnerability scans
  • Manage and design firewall infrastructure
  • Design active directory and group policy design
  • Complete and monitor compliance against industry frameworks (FFIEC CAT, NIST, etc.)
  • Consult with other team members to ensure systems are secured and assist with production troubleshooting were security may impacting
  • Identify and implement social engineering and IT/cybersecurity training and testing for the entire enterprise, and monitor and report on results
  • Attend security focused training, conferences, and webinars, and present to various stakeholders or team members on content or security best practices

Education

  • Bachelor’s degree in computer science or a related technology field

Required Skills and Experience

  • 5+ years of experience in information security, preferably in a cyber risk management capacity
  • Project management experience leading small and medium sized teams
  • Technical understanding and experience developing and implementing innovative techniques and solutions to deliver cost efficient security solutions
  • Hands-on experience in multiple security domains, such as firewall, network, VPN, encryption, code review, Windows/Unix security hardening, security framework & standards, and various protocols (e.g., TCP/IP, UDP, MPLS, SSL/TLS, SSH, HTTPS, FTP, RDP, ICA, BGP, LDAP, etc.)
  • Strong decision-making abilities, with a proven ability to weigh the relative costs and benefits of potential actions 
  • Ability to effectively influence others to modify their opinions, plans, or behaviors
  • Ability to react to high pressure dynamic changing environments

Preferred Qualifications

  • Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), and/or Certified Information Security Manager (CISM)
Contact us

Recruit with Nexus IT Group