Friday, August 07, 2015
Director - IT Security - Hanger - Austin
Job description
Designs, implements, and maintains security measures to support the information and data security needs of Hanger Inc. and its related companies. Actively participates in and oversees Hanger’s Sarbanes-Oxley (SOX), HIPPA and PCI compliance programs as it relates to information security.
Evaluates and assesses the current-state of information security programs at Hanger and develops the future-state security roadmap as it relates to SOX, PCI and HIPPA compliance.
Establishes and maintains a set of information security-centric procedures that complement the day-to-day activities of IT Operations, such as daily monitoring and auditing of wide area network devices and servers, firewall and VPN configuration, work station configuration, backup and recovery procedures, and incident reporting and handling.
Defines security frameworks for existing and new systems and develops cutting-edge, innovative solutions for IT networks security.
Communicates risk assessment results and sells solutions to SLT and Board as it relates to information security.
Provides system security planning, development, and implementation of security policies across multiple platforms
Establishes and document policies related to information security, SOX, HIPAA and PCI requirements
Installs and configures software related to information security and encryption
Coordinates the resolution of security incidents and violations
Consults with application development team to build security into applications and databases.
Provides consultation and support in security management, architecture standards and documentation, and chances/enhancements to security configurations
Defines processes to manage network and application security as well as prevent the proliferation of viruses and hacker intrusion
Conducts penetration tests and periodic reviews of the IT network devices’ configuration to discover and resolve any vulnerabilities in information systems.
Determines version currency and identifies and mitigates potential weaknesses to prevent unauthorized access or disruptions to the Company’s network and computing services.
Act as the primary contact and coordinator of the IT security audits initiated by the Company’s clients and partners, including IT’s responses to audit questionnaires.
Research, recommend and implement new technologies and processes that enhance the information security capability of IT and the Company as a whole
Establish information security guidelines to be used during software design and perform security assessments, as necessary, of pre-production software before being released to production.
Minimum10 years of experience in information security management and administration as well as in technical information security within a distributive business model
Experience with implementing information security roadmaps and best practices as it relates to HIPAA, SOX and PCI compliance
Hands-on experience in physical security, technical security countermeasures, risk management, contingency planning, and data communications networking
Excellent written and verbal communication skills and interpersonal collaborative skills to be able to communicate security and risk-related concepts to technical and non-technical audiences
Demonstrated knowledge of a Microsoft Windows environment (XP, Active Directory, Exchange, SQL)
Experience in IP networking and remote infrastructure (WAN, LAN, frame relay, DSL, VPN, Citrix, wireless)
Experience with various security monitoring tools (Ecora, encryption software like PGP, NESSUS/NMAP, etc.)
Proven project management experience and effective organization skills
Demonstrated success in working cross-functionally and collaboratively
Experience preparing executive management-level documentation and communication
Experience in managing disaster recovery functions for information systems
Bachelor’s degree in Computer Science or related field
Strong oral and written communication skills required
Strong customer service skills
Certifications such as CISSP, CISA, CISM, CRISC, CGEIT, ISO27001 desired.
Refer This Job To Your Friends And Help Them To Find Jobs!