Lead-Information Security Job Description
Lead-Information Security Duties & Responsibilities
To write an effective lead-information security job description, begin by listing detailed duties, responsibilities and expectations. We have included lead-information security job description templates that you can modify and use.
Sample responsibilities for this position include:
Lead-Information Security Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Lead-Information Security
List any licenses or certifications required by the position: CISSP, CISM, CISA, IAM, CCNA, GSLC, CASP, III, IAT, ISO
Education for Lead-Information Security
Typically a job would require a certain level of education.
Employers hiring for the lead-information security job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Engineering, Education, Information Technology, Information Systems, Technical, Technology, Business, Computer Engineering
Skills for Lead-Information Security
Desired skills for lead-information security include:
Desired experience for lead-information security includes:
Lead-Information Security Examples
Lead-Information Security Job Description
- Provide protection and sustainment of the IA/Cyber requirements for system and information availability, authorization, authentication, integrity, confidentiality and non-repudiation
- Provide subject matter expertise on IA/Cyber controls and implementation requirements
- Maintain accreditation baselines of information systems in accordance with accreditation decisions and ensure compliance with DoD information system security procedures and practices
- Ensure that information systems under their cognizance are operated, managed, secured, and in accordance with (IAW) internal security policies and procedures
- Prepare, maintain, and orally present plans and system-specific security guidance regarding the technical security controls implemented in the information system
- Review and evaluate the security impact of change to the network (e.g., Engineering Change Requests, Change Control Board)
- Review audit records, report deviation of security practices, and report security incidents IAW site-specific requirements for reporting computer security incidents and violations
- Work collaboratively with stakeholders within the line of business and the corporate organization
- Conduct training sessions for functional and business teams on SAP/GRC AC suite
- Supporting the governance processes post migration including testing, enforcing data integrity, reporting and training
- Must meet DoD 8570.01-M, or successor/DoD 8140.01 baseline certification requirements
- Experience in executing leadership and managerial duties
- Experience in the oversight and execution of the Assessment & Authorization processes (a.k.a
- Experience in the oversight and execution of a continuous monitoring/improvement program (to include but not limited to self-inspections, security control assessments, training, log management systems, automated inventory utilities)
- Experience successfully and respectfully interfacing with internal and external customers
- Secret clearance and access
Lead-Information Security Job Description
- Develop, modify and follow associated corporate and workgroup processes applicable to the role
- Contributes towards the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations, such as PCI DSS, HIPAA, ISO 27001
- Researches and obtains information on best practices and state-of-the-art innovations in regard to security architecture
- Ensures the McC plan protects all teaching, research and administrative data assets and encompasses the School’s entire universe of departments, programs
- Detect, investigate and respondto information security alerts and incidents
- Proactively and iteratively search through datasets to detect and respond to threats and anomalies
- Produce actionable root cause analysisof security incidents and recommend actionable solutions to reduce the likelihood of re-occurrence
- Identify network, systems and application vulnerabilitiesand perform security assessments using automated tools
- Work with technology support teams and vendors to implement, maintain and optimize Information Security systems that include various endpoint and network logging, monitoring, and prevention systems
- Implement indicators and metrics to maintain the effectiveness of security processes and controls
- Superior analytical skills and a deep understanding of the overall context of business processes and IS technologies
- Superior experience in leading IS people who do not report directly
- Superior experience in identifying and resolving issues between team members or other teams
- Superior experience to translate business requirements into IS capabilities and solutions
- Excellent experience in objectively evaluating IS solutions and making recommendations
- Excellent experience in project planning and execution economic aspects of system management and life cycle
Lead-Information Security Job Description
- Policy, Plans and Procedures
- Cybersecurity Reporting
- Cybersecurity Engineering/Architecture
- Provide project management for the implementation of Cybersecurity capabilities
- Contributing to formal security reviews of proposed software designs, controls, and test plans, and applying System-Theoretic Process Analysis (STPA) and STPA-derived methods
- Assisting in incident response and analysis
- Analyzing and articulating risks to Internet infrastructure
- Advising engineers in the development of safer and more defensible software
- Proposing new ways to find and/or prevent flaws in Internet-connected software and systems
- Guiding and leading other Architects toward excellence in the above activities
- Experience with Sarbanes-Oxley Act (SOX) and ISO 27000/IEC compliance
- Bachelor's degree in Information Technology or related field (e.g., General Engineering, Computer Engineering, Computer Science, Electrical Engineering, Systems Engineering, Mathematics, Computer Forensics, Cyber Security, Information Assurance, Information Security, or Information Systems) AND a minimum of eight (8) years relevant work experience
- In lieu of a degree, a minimum of twelve (12) years relevant work experience
- Experience with application of the ISO/IEC 27000 series and the Sarbanes-Oxley Act to information security management
- Experience with configuring, maintaining, and architecting business critical information security technology
- Must understand State and Federal security compliance laws
Lead-Information Security Job Description
- Web Application Firewalls and XML Gateways
- Self-manage security-related projects and initiatives
- Serves as Chairperson of Project Security Advisory Committee
- Reports directly to the Project Manager on all matters related to Security and Confidentiality for the Project
- Responsible for ensuring the Disaster Prevention / Disaster Recovery and Business Resumption Plans are developed, maintained and validated for the Project
- Responsible for reviewing all potential or actual security and / or confidentiality breaches and conducting Risk Assessment and Analysis to develop appropriate Risk Mitigation Plans
- Responsible for preparing and submitting for Project Manager approval all required notifications of suspected or actual breach of protection of beneficiary or confidential information or data
- Serves as the primary liaison with the Cabinet for Health and Family Services Information Security Officer on matters related to Security and Confidentiality
- Responsible for coordinating with the Corporate Information Security Officer the incorporation of Corporate Security Policies and Procedures changes or additions into Project Security and Confidentiality Policies and Procedures
- Responsible for the review and approval of all contract deliverables related to Security and Confidentiality for the Project
- Bachelor’s Degree or higher in computer engineering or in a field related to the computer engineering or computer science disciplines plus 7 years Security Engineering experience
- Bachelor's degree (in field mathematics, telecommunications, electrical engineering, computer engineering, computer science) or equivalent six to ten years’ experience with information security
- Bachelor's degree in Information Technologies, Business Administrative, Audit, Accounting, or Finance required
- Three to five years of related work experience in SOX, Audit, Compliance, Regulations with some Big 4 public accounting and/or Aerospace and Defense and/or Department of Defense (DoD) experience preferred
- 8-10 years of experience in the information technology field, which should include at least 8 years of information security systems data analysis and data management experience
- Successful candidate must be innovative and team oriented
Lead-Information Security Job Description
- Maintain Infosec procedures and report on deployed devices according to the standard build
- Provide cross-training for Ops teams and SOC so that standard performance monitoring and fault management can occur
- Participate in cross-functional project teams along with individuals from IT, Architecture and Development to design and implement security solutions as prioritized by management
- Advise, recommend, and report on risk assessment for site compliance/safety gates for review by Risk Management team prior to implementation
- Maintain adequate compliance documentation presentable for external and internal audits
- Excellent understanding of network and technical security controls required
- Strong IT / IT Security / Architecture background
- Cloud Technology and Security experience desired
- Good understanding of application security
- CISSP certification (or GIAC Gold or Platinum) desired
- Supporting and educating the Product Owner, especially with respect to grooming and maintaining the product backlog- Work cross functionally to align strategy, methodology and execution
- Establish team level cadence and drive team level ceremonies sprint planning, team retrospectives, backlog grooming, in alignment with Program level cadences established
- Supporting the team in documenting the User stories and prioritizing (with Product owner's alignment) in Rally tool
- Willingness to step in and play the technical SA role when needed
- 7+ years of relevant experience as IT PM and/or Agile practitioner
- First level Scrum Master certification CSM, PSM I Preferred - Second level Scrum Master certification CSP, PSM II - PMP certification