Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications

Size: px
Start display at page:

Download "Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications"

Transcription

1 Thomas K. Lee, Executive Director/CIO Human Resources Department (518) Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) The New York State Teachers Retirement System (NYSTRS) is the second-largest public retirement system in the state and one of the 10 largest public systems in the nation. The System administers a defined benefit plan that provides retirement, disability and death benefits to eligible New York State public school teachers and administrators. Our active and retired membership exceeds 426,000 and annual pension payments are in excess of $6.0 billion. NYSTRS is not part of the Executive Branch of the State and, therefore, does not come under the State Budget. However, the majority of our positions are classified by the New York State Civil Service Department, thereby requiring appointments to be made in accordance with the Civil Service Law and providing NYSTRS employees the ability to transfer to State Agencies and to take State promotional exams. Summary of Duties The job duties include, but are not limited to the following: Under the direction of the Director of Risk Management, directs and manages NYSTRS' information security and compliance program; manages and coordinates the resolution of security threats to NYSTRS' information systems; serves as an information security expert; confirms systems and contract alignment with NYSTRS' information security policies; and monitors information security industry trends, tools and techniques. Works cooperatively with NYSTRS' information security administration and operations teams. Bachelor's degree Minimum Qualifications Five years of information technology experience, including three years of information security or information assurance experience to qualify at the SG-25 level. Six years of information technology experience, including four years of information security or information assurance experience to qualify at the SG-27 level. Must have a diverse security background including knowledge in at least three of the following areas: developing and implementing layered security architecture; internet protocols; firewalls; VPN technologies, anti-virus and spam technologies; risk and vulnerability assessments, compliance.

2 Page 2 * The grade level assigned to the position is dependent upon the candidate's qualifications. The complexity of tasks assigned will be tailored to the grade level. Education: Preferred Skills/Expertise Bachelor's Degree: BA or BS degree in Computer Science, Electrical Engineering, Computer Engineering, Information Systems, or related fields. Master's Degree: (MA or MS) in the same fields of study to include Business Administration and Finance, or 30 + hours of graduate work. Certification: Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC Experience: 3-5 years experience: Developing incident response plans and leading information security response teams. Conducting and/or coordinating technical security scanning, penetration testing including social engineering testing, application security testing, mobile device security analysis, and similar monitoring and validation techniques. Implementing and managing information security technologies and measures such as firewalls, IDS/IPS, endpoint protection, encryption, access controls, network security, security architecture and design, secure software application design, etc. Hands-on infrastructure experience, networking, risk

3 Page 3 management, and information security experience, as well as demonstrated understanding of Cyber security. Conducting risk assessments and implementing appropriate prevention, detection, and response mechanisms. Computer Skills: Ability to adapt to rapidly changing technology and apply it to business needs. Knowledge in the use and configuration of commonly used protocols. Experience with hacker techniques and exploits. Extensive training and experience in computer technology and networking with experience in enterprise networking infrastructure. Some web experience including backend server, security, and SSL/TLS. Expertise in IT development, integration, delivery and maintenance Applied knowledge in one or more of the following areas: Platform Security, Data Security, Data Center and Cloud Computing Security, Network Security, Perimeter Security, Physical Security, Security Assessment Tools, Security Monitoring Tools, and Managed Security Services. Applied knowledge in one or more of the following areas: Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Computer Security Incident Response, and Security Compliance Audits. Advanced knowledge/proficiency with personal computers: MS Office

4 Page 4 Knowledge of Information Security Management Frameworks: 3-5 years security assessment experience, including: ISO/IEC family of standards for managing the security of information assets NIST SP rev 1 (September 2012) Guide for Conducting Risk Assessments Information Security. Regulatory Knowledge: Knowledge of data privacy laws. Other Skills & Abilities: Excellent organizational, written and verbal communication skills Strong leadership/team building skills Strong project and people management skills Ability to handle confidential and sensitive matters. High degree of initiative and dependability Willingness and ability to meet goals and deadlines Commitment to providing exceptional customer service Excellent interpersonal skills Our Vision To be the model for pension fund excellence and exceptional customer service. How to Apply You will find a link to the employment application on the NYSTRS website (NYSTRS.org > About Us > Employment Opportunities). Please note that resumes will not be accepted as a substitute, in whole or part, for a completed application. Inquiries regarding vacancy postings, minimum qualifications, or application procedures may be made by to You can reach us by phone at (518)

5 Page 5 Our Commitment to Diversity NYSTRS is committed to fostering an inclusive environment where diversity is valued and recognized as a source of strength and enrichment. We seek to attract talented people from a diverse range of backgrounds and cultures. NYSTRS is an equal opportunity employer.

NORTH DAKOTA CLASS DESCRIPTION ND Human Resource Management Services Phone: (701) 328-3290

NORTH DAKOTA CLASS DESCRIPTION ND Human Resource Management Services Phone: (701) 328-3290 NORTH DAKOTA CLASS DESCRIPTION ND Human Resource Management Services Phone: (701) 328-3290 Class Code(s): 0117 0118 SCOPE OF WORK: INFORMATION SYSTEMS SECURITY ANALYST Work involves the completion of technical

More information

Information Security @ Blue Valley Schools FEBRUARY 2015

Information Security @ Blue Valley Schools FEBRUARY 2015 Information Security @ Blue Valley Schools FEBRUARY 2015 Student Data Privacy & Security Blue Valley is committed to providing an education beyond expectations to each of our students. To support that

More information

Europol Public Information VACANCY NOTICE

Europol Public Information VACANCY NOTICE The Hague, 16 March 2015 Reg. nº: Europol/2015/TA/AD6/186 VACANCY NOTICE Name of the Post: Specialist ICT Security (AD6), within the ICT Business Area, ICT Operations Group, Embedded ICT Security Team

More information

DISTRICT OF COLUMBIA RETIREMENT BOARD Position Vacancy Announcement

DISTRICT OF COLUMBIA RETIREMENT BOARD Position Vacancy Announcement DISTRICT OF COLUMBIA RETIREMENT BOARD Position Vacancy Announcement ANNOUNCEMENT NO: 20130411 POSITION: Security Administrator OPENING DATE: April 11, 2013 CLOSING DATE: Open until filled TOUR OF DUTY:

More information

Facing Information Security Challenges

Facing Information Security Challenges AKTINA Event Information Security & Cloud Challenges March 17, 2016 Facing Information Security Challenges ISACA Cyprus Chapter Paschalis Pissarides CRISC, CISM, CISA Immediate Past President (2010-2014)

More information

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. H23790, page 1 Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. DUTIES This is a non-career term job at the Metropolitan

More information

Corporate Overview. MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup.

Corporate Overview. MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup. Corporate Overview MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup.com IS&P Practice Areas Core Competencies Clients & Services

More information

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) Consultant - Enterprise Systems & Applications 1. Reporting Function. The Applications Consultant reports directly to the CIO 2. Qualification and Experience

More information

JOB DESCRIPTION REF: 50039237

JOB DESCRIPTION REF: 50039237 JOB DESCRIPTION REF: 50039237 Note: This job description does not form part of the employee s contract of employment but is provided for guidance. The precise duties and responsibilities of any job may

More information

Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security

More information

Director, IT Security District Office Kern Community College District JOB DESCRIPTION

Director, IT Security District Office Kern Community College District JOB DESCRIPTION Director, IT Security District Office Kern Community College District JOB DESCRIPTION Definition Reporting to the Chief Information Officer, the Director of IT Security develops and implements procedures,

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

SECURITY CONSIDERATIONS FOR LAW FIRMS

SECURITY CONSIDERATIONS FOR LAW FIRMS SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,

More information

security peace of mind

security peace of mind IN F O R M AT ION TEC HNOLOGY (IT ) SECURIT Y AT GEN ES I S security peace of mind You re covered. Access Control Application Security Business Continuity and Disaster Recovery Planning Cryptography Information

More information

I, (MR. TECHIE) GOT THE CISO JOB! SHOULD I PREPARE 3 ENVELOPES?

I, (MR. TECHIE) GOT THE CISO JOB! SHOULD I PREPARE 3 ENVELOPES? I, (MR. TECHIE) GOT THE CISO JOB! SHOULD I PREPARE 3 ENVELOPES? Todd Fitzgerald Director Global Information Security Information Security Management Author ManpowerGroup, Inc. (NYSE:MAN, Fortune 500 #129)

More information

VACANCY NOTICE F4E/TA/AD6/2009/0092 (Temporary Agent AD6) NETWORK AND SECURITY ADMINISTRATOR (F/M) AD6

VACANCY NOTICE F4E/TA/AD6/2009/0092 (Temporary Agent AD6) NETWORK AND SECURITY ADMINISTRATOR (F/M) AD6 POSITION TITLE VACANCY NOTICE F4E/TA/AD6/2009/0092 (Temporary Agent AD6) NETWORK AND SECURITY ADMINISTRATOR (F/M) AD6 GRADE LOCATION BARCELONA, SPAIN CLOSING DATE FOR APPLICATIONS 27/02/2009 1. THE ORGANISATION

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

JOB DESCRIPTION REF: 50001776

JOB DESCRIPTION REF: 50001776 JOB DESCRIPTION REF: 50001776 Note: This job description does not form part of the employee s contract of employment but is provided for guidance. The precise duties and responsibilities of any job may

More information

Certification Programs

Certification Programs Registration Questions? Please contact us directly. 507 S. Grand Ave., Lansing, MI 48933 sfisher@mibankers.com (517) 342-9057 Certification Programs 2015 Following the lecture on day 2, students have the

More information

Click here to submit your resume

Click here to submit your resume To be considered for positions with SE Solutions candidates must be clearable to a Top Secret level. A current Secret clearance or higher is preferred. US citizenship is required. All positions are full

More information

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun CSCI 454/554 Computer and Network Security Instructor: Dr. Kun Sun About Instructor Dr. Kun Sun, Assistant Professor of Computer Science http://www.cs.wm.edu/~ksun/ Phone: (757) 221-3457 Email: ksun@wm.edu

More information

Best Practices For Department Server and Enterprise System Checklist

Best Practices For Department Server and Enterprise System Checklist Best Practices For Department Server and Enterprise System Checklist INSTRUCTIONS Information Best Practices are guidelines used to ensure an adequate level of protection for Information Technology (IT)

More information

JOB DESCRIPTION. DATE ISSUED: 08/15 FLSA: Exempt PTO: VCS TITLE. Data Security Analyst JOB SUMMARY

JOB DESCRIPTION. DATE ISSUED: 08/15 FLSA: Exempt PTO: VCS TITLE. Data Security Analyst JOB SUMMARY DATE ISSUED: 08/15 JOB DESCRIPTION TITLE Data Security Analyst JOB SUMMARY The Data Security Analyst performs two core functions for the enterprise. The first is the day-today operations of the in-place

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls

More information

Certified Identity and Security Technologist (CIST) Overview & Curriculum

Certified Identity and Security Technologist (CIST) Overview & Curriculum Overview Identity management and security technologies are increasingly needed to address the growing needs of businesses to counter threats, meet requirements, and mitigate risks. According to recent

More information

Access FedVTE online at: fedvte.usalearning.gov

Access FedVTE online at: fedvte.usalearning.gov FALL 2015 Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk her e or email the Help Desk at support@usalearning.net. To speak with a Help Desk

More information

Goals. Understanding security testing

Goals. Understanding security testing Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

Europol Public Information VACANCY NOTICE. Reporting to: Senior Specialist on the Infrastructure Engineering Team

Europol Public Information VACANCY NOTICE. Reporting to: Senior Specialist on the Infrastructure Engineering Team The Hague, 16 March 2015 Reg. nº: Europol/2015/TA/AD6/188 VACANCY NOTICE Name of the Post: Specialist ICT Infrastructure Engineering (AD6), within the ICT Business Area, ICT Operations Group, Infrastructure

More information

Europol Public Information VACANCY NOTICE

Europol Public Information VACANCY NOTICE The Hague, 21 April 2015 Reg. nº: Europol/2015/TA/AD8/193 VACANCY NOTICE Name of the Post: Senior Specialist Enterprise Infrastructure Architect (AD8), within the ICT Business Area, Architecture Team of

More information

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

CYBERSECURITY: ISSUES AND ISACA S RESPONSE CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services

More information

KEY TRENDS AND DRIVERS OF SECURITY

KEY TRENDS AND DRIVERS OF SECURITY CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures

More information

Bellevue University Cybersecurity Programs & Courses

Bellevue University Cybersecurity Programs & Courses Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320

More information

IBM Hosted Application Scanning

IBM Hosted Application Scanning IBM Hosted Application Scanning Service Definition IBM Hosted Application Scanning 1 1. Summary 1.1 Service Description IBM Hosted Application Security Services Production Application Scanning Service

More information

So Why on Earth Would You WANT To be a CISO?

So Why on Earth Would You WANT To be a CISO? So Why on Earth Would You WANT To be a CISO? SESSION ID: PROF-M05A Todd Fitzgerald CISSP, CISA, CISM, CRISC, CGEIT, PMP, ISO27000, CIPP, CIPP/US, ITILV3f Global Director of Information Security Grant Thornton

More information

Preliminary Course Syllabus

Preliminary Course Syllabus Preliminary Course Syllabus Designing Security for Microsoft SQL Server 2005 Elements of this syllabus are subject to change. Key Data Product #: 1917 Course #: 2787A Number of Days: 2 Format: Instructor-Led

More information

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

University of Central Florida Class Specification Administrative and Professional. Information Security Officer Information Security Officer Job Code: 2534 Serve as the information security officer for the University. Develop and computer security system standards, policies, and procedures. Serve as technical team

More information

Designing Security for Microsoft SQL Server 2005

Designing Security for Microsoft SQL Server 2005 Designing Security for Microsoft SQL Server 2005 Course 2787 Two Days Hands-On, Instructor-Led Introduction This two-day instructor-led course enables database administrators who work with enterprise environments

More information

Security from a customer s perspective. Halogen s approach to security

Security from a customer s perspective. Halogen s approach to security September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving

More information

Certification Programs

Certification Programs Certification Programs 2014 The SBS Institute serves community banks by providing educational programs that will certify a banker has the knowledge and skills to protect against todays information security

More information

D.C. OFFICE OF THE ATTORNEY GENERAL GOVERNMENT OF THE DISTRICT OF COLUMBIA POSITION VACANCY ANNOUNCEMENT

D.C. OFFICE OF THE ATTORNEY GENERAL GOVERNMENT OF THE DISTRICT OF COLUMBIA POSITION VACANCY ANNOUNCEMENT D.C. OFFICE OF THE ATTORNEY GENERAL GOVERNMENT OF THE DISTRICT OF COLUMBIA *AMENDED* ANNOUNCEMENT NO: 06-2016 POSITION GRADE & SERIES: MS-2210-16 TOUR OF DUTY: 8:30 am 5:00 pm Monday - Friday AREA OF CONSIDERATION:

More information

D.C. OFFICE OF THE ATTORNEY GENERAL GOVERNMENT OF THE DISTRICT OF COLUMBIA POSITION VACANCY ANNOUNCEMENT

D.C. OFFICE OF THE ATTORNEY GENERAL GOVERNMENT OF THE DISTRICT OF COLUMBIA POSITION VACANCY ANNOUNCEMENT D.C. OFFICE OF THE ATTORNEY GENERAL GOVERNMENT OF THE DISTRICT OF COLUMBIA POSITION VACANCY ANNOUNCEMENT ANNOUNCEMENT NO: 39-2016 POSITION GRADE & SERIES: MS-2210-16 TOUR OF DUTY: 8:30 am 5:00 pm Monday

More information

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,

More information

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013 Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory

More information

Europol Public Information VACANCY NOTICE. Senior Specialist ICT Solutions Architect (AD7), within the ICT Business Area

Europol Public Information VACANCY NOTICE. Senior Specialist ICT Solutions Architect (AD7), within the ICT Business Area The Hague, 08 September 2015 Reg. nº: Europol/2015/TA/AD7/219 VACANCY NOTICE Name of the Post: Senior Specialist ICT Solutions Architect (AD7), within the ICT Business Area Reporting to: Senior Specialist

More information

Cybersecurity Demystified: Information Technology Security Trends. Joe Oleksak, Plante Moran

Cybersecurity Demystified: Information Technology Security Trends. Joe Oleksak, Plante Moran Cybersecurity Demystified: Information Technology Security Trends Joe Oleksak, Plante Moran Agenda Data Security Trends Example Attacks Industry Examples An Answer 1 Who Are The Victims? Targets - victims

More information

Classification: Computer Information Technology Specialist II (CITS II) Information Security Unit Title Code: V08005 Pay Range: 33

Classification: Computer Information Technology Specialist II (CITS II) Information Security Unit Title Code: V08005 Pay Range: 33 Classification: Computer Information Technology Specialist II (CITS II) Information Security Unit Pay Range: 33 POSITION SUMMARY: The position provides professional and advanced technical expertise as

More information

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013 An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information

More information

POSITION DESCRIPTION YEARLY PERCENT OF TIME 25% ESSENTIAL FUNCTIONS:

POSITION DESCRIPTION YEARLY PERCENT OF TIME 25% ESSENTIAL FUNCTIONS: POSITION DESCRIPTION PROPOSED TITLE: Chief Information Security Officer CATEGORY: Administrative ETENDED TITLE: Chief Information Security Officer FLSA STATUS: Exempt GRADE: E JOB SUMMARY: Responsible

More information

This document includes information about the role for which you are applying and the information you will need to provide with the application.

This document includes information about the role for which you are applying and the information you will need to provide with the application. Further Particulars This document includes information about the role for which you are applying and the information you will need to provide with the application. 1. Role details Vacancy reference: 7770

More information

SYSTEM ENGINEER - GRADE III CLASS I. Eligibility Requirements :

SYSTEM ENGINEER - GRADE III CLASS I. Eligibility Requirements : National Savings Bank, the premier savings bank in Sri Lanka with an island-wide branch network is looking for suitably qualified and experienced Sri Lankan citizens to fill the following positions. SYSTEM

More information

CLASSIFICATION SPECIFICATION FORM

CLASSIFICATION SPECIFICATION FORM www.mpi.mb.ca CLASSIFICATION SPECIFICATION FORM Human Resources CLASSIFICATION TITLE: POSITION TITLE: (If different from above) DEPARTMENT: DIVISION: LOCATION: Executive Director Executive Director, Information

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

JOB DESCRIPTION. IS teams, Hanover colleagues, third party suppliers. Principal Duties and Responsibilities

JOB DESCRIPTION. IS teams, Hanover colleagues, third party suppliers. Principal Duties and Responsibilities JOB DESCRIPTION Job title: IT Security Analyst Grade: Responsible to: Responsible for: Liaises with: Head of IS N/A IS teams, Hanover colleagues, third party suppliers Role Purpose: Location: The purpose

More information

GOVERNMENT OF THE DISTRICT OF COLUMBIA OFFICE OF THE ATTORNEY GENERAL

GOVERNMENT OF THE DISTRICT OF COLUMBIA OFFICE OF THE ATTORNEY GENERAL GOVERNMENT OF THE DISTRICT OF COLUMBIA OFFICE OF THE ATTORNEY GENERAL POSITION VACANCY ANNOUNCEMENT *AMENDED* This vacancy announcement has been amended to reflect updates in the description of duties

More information

BUILD YOUR CYBERSECURITY SKILLS WITH NRB

BUILD YOUR CYBERSECURITY SKILLS WITH NRB BUILD YOUR CYBERSECURITY SKILLS WITH NRB BECOME A PECB CERTIFIED ISO 27001 AUDITOR OR INSTRUCTOR NRB established a partnership with the Professional Evaluation and Certification Board (PECB) to enrich

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

Penetration Testing. Request for Proposal

Penetration Testing. Request for Proposal Penetration Testing Request for Proposal Head Office: 24 - The Mall, Peshawar Cantt, 25000 Khyber Pakhtunkhwa, Islamic Republic of Pakistan UAN: +92-91-111-265-265, Fax: +92-91-5278146 Website: www.bok.com.pk

More information

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the

More information

HEC Security & Compliance

HEC Security & Compliance HEC Security & Compliance SAP Security, Risk & Compliance Office November, 2014 Public Version 2.0 Details Introduction Overview Security Offering Approach Certifications Introduction Dear Customer, Information

More information

Information Security Specialist Training on the Basis of ISO/IEC 27002

Information Security Specialist Training on the Basis of ISO/IEC 27002 Information Security Specialist Training on the Basis of ISO/IEC 27002 Natalia Miloslavskaya, Alexander Tolstoy Moscow Engineering Physics Institute (State University), Russia, {milmur, ait}@mephi.edu

More information

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13 Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...

More information

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS aims to provide the most secure, the most private, and

More information

Cyber Security Certification Program

Cyber Security Certification Program Centre for Cyber Security Cyber Security Certification Program Sardar Patel University of Police, Security & Criminal Justice, jodhpur (Established by Govt. of Rajasthan) SCISP SPUP Certified Information

More information

Redhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity.

Redhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity. Planning Guide for Penetration Testing John Pelley, CISSP, ISSAP, MBCI Long seen as a Payment Card Industry (PCI) best practice, penetration testing has become a requirement for PCI 3.1 effective July

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

InfoSec Academy Application & Secure Code Track

InfoSec Academy Application & Secure Code Track Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security

More information

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments

More information

Infrastructure Engineer

Infrastructure Engineer Infrastructure Engineer It s About You Do you have a passion for all types of computer hardware, software, communication and network technology? Do you like to be hands-on and directly involved in improving

More information

NERC CIP Compliance with Security Professional Services

NERC CIP Compliance with Security Professional Services NERC CIP Compliance with Professional Services The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Proven LANDesk Solutions

Proven LANDesk Solutions LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations

More information

Request for Resume (RFR) CATS+ Master Contract All Master Contract Provisions Apply. Section 1 General Information

Request for Resume (RFR) CATS+ Master Contract All Master Contract Provisions Apply. Section 1 General Information Section 1 General Information RFR Number: (Reference BPO Number) Functional Area (Enter One Only) R00B4400129 FUNCTIONAL AREA 7 INFORMATION SYSTEM SECURITY LABOR CATEGORY Security, Computer Systems Specialist

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Lot 1 Service Specification MANAGED SECURITY SERVICES

Lot 1 Service Specification MANAGED SECURITY SERVICES Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services

More information

Data Security and Healthcare

Data Security and Healthcare Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population

More information

Balboa Park Online Collaborative San Diego, California May 2013

Balboa Park Online Collaborative San Diego, California May 2013 Balboa Park Online Collaborative San Diego, California May 2013 Senior Network Engineer Job Description Status: Full time, non- exempt Hours: 9:00 5:00 p.m., Tuesday Saturday or Sunday - Thursday Salary:

More information

Introduction to Cyber Security / Information Security

Introduction to Cyber Security / Information Security Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be

More information

SENIOR SYSTEMS ANALYST

SENIOR SYSTEMS ANALYST CITY OF MONTEBELLO 109 DEFINITION Under general administrative direction of the City Administrator, provides advanced professional support to departments with very complex computer systems, programs and

More information

Security Services. 30 years of experience in IT business

Security Services. 30 years of experience in IT business Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3

More information

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security

More information

INFORMATION TECHNOLOGY MANAGER Salary Range: 22 (Management Salary Schedule)

INFORMATION TECHNOLOGY MANAGER Salary Range: 22 (Management Salary Schedule) February 2013 CITY OF ROCKLIN INFORMATION TECHNOLOGY MANAGER Salary Range: 22 (Management Salary Schedule) DEFINITION Under general direction, to plan, organize, manage, and supervise the efforts of the

More information

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014 PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014 Agenda Introduction PCI DSS 3.0 Changes What Can I Do to Prepare? When Do I Need to be Compliant? Questions

More information

CIP R3 Vulnerability Assessments Compliance Workshop October 27, Carl Bench Compliance Auditor, Cyber Security

CIP R3 Vulnerability Assessments Compliance Workshop October 27, Carl Bench Compliance Auditor, Cyber Security CIP 010 2 R3 Vulnerability Assessments Compliance Workshop October 27, 2016 Carl Bench Compliance Auditor, Cyber Security 2 CIP 010 2 Purpose To prevent and detect unauthorized changes to BES Cyber Systems,

More information

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-05. Cyber Risk Management Guidance. Purpose

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-05. Cyber Risk Management Guidance. Purpose FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-05 Cyber Risk Management Guidance Purpose This advisory bulletin provides Federal Housing Finance Agency (FHFA) guidance on cyber risk management.

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security

Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Review the

More information

DISTRICT OF COLUMBIA RETIREMENT BOARD Position Vacancy Announcement

DISTRICT OF COLUMBIA RETIREMENT BOARD Position Vacancy Announcement *** Successful pre-employment criminal, financial, educational and certification background check required *** ABOUT THE D.C. RETIREMENT BOARD: DISTRICT OF COLUMBIA RETIREMENT BOARD Position Vacancy Announcement

More information

PCI DATA SECURITY STANDARD OVERVIEW

PCI DATA SECURITY STANDARD OVERVIEW PCI DATA SECURITY STANDARD OVERVIEW According to Visa, All members, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard. In order to be PCI compliant,

More information

JOB DESCRIPTION. Network Manager

JOB DESCRIPTION. Network Manager JOB SCRPTON Post epartment Reporting to Responsible for Network Manager T Support irector of T & Resources T nterprise Team Overall Purpose To be responsible for installing, configuring and supporting

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Cybersecurity: What CFO s Need to Know

Cybersecurity: What CFO s Need to Know Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction

More information

UNDERSTANDING PCI 3.0 AND HOW TO REDUCE YOUR SCOPE

UNDERSTANDING PCI 3.0 AND HOW TO REDUCE YOUR SCOPE UNDERSTANDING PCI 3.0 AND HOW TO REDUCE YOUR SCOPE April 30 th, 2014 Sean Mathena CISSP, CISA, QSA Trustwave Managing Consultant WELCOME AND AGENDA PCI-DSS 3.0 Review the high-level areas that have changed

More information

I n f o r m a t i o n S e c u r i t y

I n f o r m a t i o n S e c u r i t y We help organizations protect INFORMATION The BorderHawk Team has significant experience assessing, analyzing, and designing information protection programs especially in Critical Infrastructure environments.

More information

Checklist for Vulnerability Assessment

Checklist for Vulnerability Assessment Checklist for Vulnerability Assessment Implement processes to test for the presence of wireless access points (802.11), and detect and identify all authorized and unauthorized wireless access points on

More information

Security Transcends Technology

Security Transcends Technology INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Career Enhancement and Support Strategies for Information Security Professionals Paul Wang, MSc, CISA, CISSP Paul.Wang@ch.pwc.com

More information

Library Systems Security: On Premises & Off Premises

Library Systems Security: On Premises & Off Premises Library Systems Security: On Premises & Off Premises Guoying (Grace) Liu University of Windsor Leddy Library Huoxin (Michael) Zheng Castlebreck Inc. CLA 2015 Annual Conference, Ottawa, June 5, 2015 Information

More information

John P Zelsnack CISSP/CISM/CRISC/Securty+/ITILv3 Senior Technical Manager/Cyber Security Engineer General Dynamics - Advanced Information Systems

John P Zelsnack CISSP/CISM/CRISC/Securty+/ITILv3 Senior Technical Manager/Cyber Security Engineer General Dynamics - Advanced Information Systems John P Zelsnack CISSP/CISM/CRISC/Securty+/ITILv3 Senior Technical Manager/Cyber Security Engineer General Dynamics - Advanced Information Systems AGENDA Who Am I? Breaking it down Why Do We Care Questions

More information

Database Security and Auditing

Database Security and Auditing Database Security and Auditing COURSE DESCRIPTION: This seminar aims to provide the Database Administrators, System Administrators, Auditors and IT Security Officers an overview on how to secure and audit

More information