The Information Cybersecurity Specialist will provide security and risk management services by performing risk identification, assessment and remediation as well as regulatory and internal compliance monitoring using standards and processes as required to adequately protect personnel, facilities, infrastructure, information and business operations from criminal intrusion. Recognizes problems by identifying abnormalities and reports violations. Completes tasks designed to ensure security of the organization’s systems and information assets. Protects against unauthorized access, modification or destruction of information and tracks compliance throughout the organization. Establishes and maintains effective working relationships with end users, vendors and managers to facilitate identification and resolution of hardware and software related security problems. Recommends security improvements by assessing current situation, evaluating trends and anticipating requirements. Maintains and updates malware end-point protection software; mitigates vulnerabilities as identified.
- Provide excellent customer service to users using good communication skills in a sympathetic manner.
- Interact extensively with internal or external customers.
- Critically understand company’s operations and systems.
- Provide security expertise to the company to ensure compliance with regulations.
- Plan, create, implement and maintain security program documentation.
- Conduct vulnerability assessments and carries out penetration tests.
- Develop and track security metrics for security events and incidents.
- Define security requirements and review systems to determine if they have been designed to comply with established security standards.
- Independently identify, assess and document system security deficiencies and recommend solutions.
- Perform system risk assessments, evaluation of products and review SaaS based services to assess/address risk.
- Monitor various security tools to identify potential incidents, network intrusions and malware events, etc. to ensure confidentiality, integrity and availability of Ashford/Remington information systems are protected.
- Review and analyze log files to report any unusual or suspect activities.
- Follow established incident response procedures to ensure proper escalation, analysis and resolution of security incidents.
- Work with the Training department to maintain and update the security awareness training program.
- Work with the IT Operations to ensure Cybersecurity threats are properly identified, analyzed, communicated, addressed and/or defended, investigated and reported to management.
- Participate in investigations into any alleged computer or network security compromises, incidents or problems; recommends corrective actions.
- Assess vendors’ security controls to ensure new and existing vendors adequately protect customer information (NPI).
- Staying up to date with relevant security information and best practices through membership in special interest groups or professional forums.
- Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
- Coordinate with network engineering, business application and database administration functions to implement desktop and server systems that utilize industry best practices to meet corporate objectives.
- Other duties as assigned.
- Bachelor’s degree in a related field preferred. Related work experience may substitute for some years of education.
- One or more certificates (CISA, CISSP, etc.) preferred.
- Minimum 5+ years of system administration experience.
- 1+ year PowerShell/Scripting.
- 2+ years of experience in the Information Security or Cybersecurity industries.
- Knowledge of security standards and groups such as NIST, OWASP, ISO 27001/27002.
- Experience in supporting network firewalls and proxy servers.
- Familiar with administration of Routers, Firewalls and Switching technology.
- Knowledge of TCP/IP and related data network protocols.
- Knowledge of standard network protocols such as, TCP, ARP, ICMP, DHCP, HTTP, SNMP etc., and advanced features like IPSEC and IPv6 related protocols and accompanying protocol analysis tools.
- Experience with the design and configuration of a network DMZ.
- Knowledge of security and risk frameworks including NIST, SANS, ISO, CoBIT.
- Knowledge of data retention strategies and policies related to personally identifiable information and other regulatory requirements.
- Strong technical knowledge of Windows Server 2003 – 2012 R2 including Active Directory, DHCP, DNS, load balancing, DFS, RADIUS and ADFS.
- Working knowledge of local area network administration including protocols and standards, switching, routing and firewall configuration.
- Experience in computer security combined with risk analysis, audit, and compliance.
- Hands-on software and hardware troubleshooting experience.
- Knowledge of patch management, firewalls and intrusion detection/prevention systems.
- Familiarity with public key infrastructure (PKI) and cryptographic protocols (SSL/TLS).
- Ability to conduct research into hardware and software issues and products as required.
- Comply with all written and stated company ethics and safety policies and procedures.
- Report all unsafe and unethical violations to immediate supervisor, or Human Resources.
- Employee has to be self-motivated and self-starter. Direction provided will be mid-level and focused on the tasks and projects to be worked on with defined deadlines that must be met.
- Able to express technical and non-technical concepts clearly to broad audiences.
- Excellent communication skills (written and verbal) to document complex concepts in a comprehensive manner.
- Proven experience in large, complex enterprise-wide initiatives.
- Proven analytical and problem-solving abilities.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Skilled at working within a team-oriented, collaborative environment.
- Ability to communicate with immediate supervisor and other team members in order to receive/direct all work instructions and express any questions or concerns as required.
- Ability to work well in a fast-paced professional office environment.
- Strong interpersonal and oral communication skills.
- Adept at reading, writing and interpreting technical documentation and procedure manuals.
- Ability to present ideas and solutions in user-friendly language.
- Keen attention to detail.
: United States-Texas-Dallas-Remington Corporate
14185 Dallas Parkway Suite 1150
: Information Systems
: Remington Corporate
: Day Job