Reference #: d56ccecd-0695-4167-bcc8-65f9597d3b02Description

　　The Lead Information Security Specialist is responsible for maintaining an enterprise information and systems security stance through policy, architecture and training processes. Monitoring, evaluating, and maintaining systems, procedures and policies to protect the data systems and databases from unauthorized users. Leading Information Security projects and critical initiatives. Leading collaboration with IT architects and engineers to design and implement security controls. Identifying potential threats and vulnerabilities related to information systems. Determining causes of security violations and recommends corrective actions to ensure data security. Assisting in communicating security procedures to users. Supporting compliance audit and vendor management initiatives. Promoting information security education and awareness. Providing leadership and working as part of a team. Working with on-premise and cloud based technologyEssential Functions* Project management* Track and report information security key performance indicators (KPIs)* Design, implement, and monitor security measures for the protection of computer systems, networks, and information* Identify and define computer system security requirements* Collaborate with IT architects and engineers to design and implement security controls* Prepare and document standard operating procedures and protocols* Develop technical solutions and security tools to help mitigate security vulnerabilities and automating repeatable tasks* Configure and troubleshoot security infrastructure devices* Write comprehensive reports related to the enhancement of computer systems, networks, and information security* Act as lead security technical adviser or analyst for initiatives to evaluate new technologies for program conformance* Test solutions effectively utilizing industry standard analysis criteria involving delivery of technical reports and formal papers on test findings* Conduct periodic infrastructure scans, penetration tests, simulations to expose weaknesses, etc. Analyzing and reporting resulting findings with recommendations to minimize risks* Manage technical information security projects and initiatives* Aid in the assessment and control of 3rd and 4th party vendor risk

　　Additional Essential Functions* Ensure compliance with Northwest's policies and procedures, and Federal/State regulations* Navigate Microsoft Office Software, computer applications, and software specific to the department in order to maximize technology tools and gain efficiency* Work as part of a team* Work with on-site equipment

　　Additional Responsibilities* Perform other duties as assigned

　　Safety and Health for those without supervisory duties* Abide by the rules of the safety and loss prevention program* Perform work tasks in a safe manner* Report any and all injuries to supervisor* Know what to do in case of an emergency

　　QUALIFICATIONSTo perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

　　EducationBachelor's Degree in related field Or(5) or more years of experience or an equivalent combination of education and related work experience

　　Work Experience6 - 8 years Demonstrated work experience as a system, network, or information security engineer6 - 8 years Hands-on designing, implementing, or administering technical security controls including firewalls, IDS/IPS systems, anti-malware, authentication systems, SIEM log management, content filtering, behavioral analytics, network monitoring, public key infrastructure6 - 8 years Building and maintaining information security systems and frameworks6 - 8 years De igning database, network, telephony, and operating system security architecture6 - 8 years Understanding of the latest security principles, techniques, and protocols6 - 8 years Understanding of cloud and web-related technologies (web applications, web services, service-oriented architectures) and of network/web-related protocols6 - 8 years Configuring authentication mechanisms, system logging, group policy objects6 - 8 years Supporting IT audit functions6 - 8 years Performing digital forensics and related investigations6 - 8 years Technical project management

　　General Employee Knowledge, Skills, and Abilities* Ability to establish effective working relationships among team members and participate in solving problems and making decisions* Ability to present and express ideas and information clearly and concisely in a manner appropriate to the audience, whether oral or written* Ability to actively listen to what others are saying to achieve understanding, sharing information with others and facilitating the open exchange of ideas and information* Ability to establish courses of action for self to accomplish specific goals, develop and use tracking systems for monitoring own work progress, and effectively use resources such as time and information* Ability to make right decisions based on perceptive and analytical processes, practicing good judgment in gray areas

　　Additional Knowledge, Skills and AbilitiesKnowledge within various layers of the OSI Reference ModelKnowledge of TCP/IP communications ports and protocolsProblem solving skills and ability to work under pressureOrganization and documentation skills

　　Licenses and CertificationsCISP ISC2 - Certified Information Systems Security Professional (CISSP) Within 1 year

　　Certification from an industry recognized professional organization Upon Hire Qualifications

　　Licenses & CertificationsCERT IS SECURITY (preferred)

　　The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

　　Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities