Information Security Officer Network Administrator

I. Position Mission

The Information Security Officer and Network Administrator will apply a comprehensive knowledge of information technology security principles, practices and procedures to develop, implement, and manage the overall information security program, which includes procedures and policies designed to protect Circle Graphics communications, systems and assets from both internal and external threats. The ISO will ensure that the access control, disaster recovery, incident response, and risk management needs of the company are properly addressed, including assisting in the ongoing maintenance and support thereof.

II. Organizational Structure

Functional Area

Information Technology

Immediate Supervisor

Manager, IT Operations

Subordinates (functionally)

None

Other key interfaces (relationship)

IT Team

Human Resources

All employees as needed

Working Environment and Physical Demands

Typical office environment.  Requires prolonged sitting, some bending, stooping and stretching.  Requires eye-hand coordination and manual dexterity sufficient to operate a keyboard, photocopier, telephone, calculator and other office equipment.  Requires a normal range of hearing and vision to record, prepare and communicate appropriate reports and answer the phone.  Requires eyesight correctable to 20/20 to read numbers, reports and computer terminals. 

FLSA Status

This is a full-time position requiring consistent dependable attendance.  This is a FLSA exempt role, therefore not eligible for overtime.

III. Tasks description – Essential Duties and Responsibilities:

IT SECURITY MANAGEMENT: 34% of position responsibility

·        Provide technical leadership and internal expertise regarding information security. 

·        Research, provide recommendation, and maintain security systems designed to provide detection, prevention, containment, deterrence, and recovery mechanisms to maintain the confidentiality and security of Circle Graphics’ data.

·        Monitor emerging threats and vulnerabilities as provided by information security vendors, government agencies, and professional communities.

·        Develop and implement Information Security awareness and education initiatives for Circle Graphics’ employees.

COMPLIANCE: 33% of position responsibility

·        Facilitate SOC 2 Type 2 and PCI-DSS compliance audits on at least an annual basis, as defined by management.

·        Manage and enforce information security directives as required by management and industry security standards relating to SOC 2 Type 2 and PCI-DSS compliance.  Such directives include the development and maintenance of security related policies and procedures as well as operational and technical controls throughout the organization.

·        Evaluate compliance with information security policies, follow up on exceptions and non-conformities, conduct quarterly internal security audits, and report all related findings to upper management.

·        Attend annual security training classes and/or security certification programs. 

NETWORK ADMINISTRATION: 33% of position responsibility

·        Ensure that the access control, disaster recovery, incident response, and risk management needs of the company are properly addressed, including assisting in the ongoing maintenance and support thereof.

·        Coordinate internal and external communication including, issue-resolution, vendor relationships, risk assessments, testing plans, remediation plans, design reviews, security requirements analysis, and project management.

• Establishes network specifications by conferring with users; analyzing workflow, access, information, and security requirements; designing router administration, including interface configuration and routing protocols.
• Establishes network by evaluating network performance issues including availability, utilization, throughput, and latency; planning and executing the selection, installation, configuration, and testing of equipment; defining network policies and procedures; establishing connections and firewalls.
• Maintains network performance by performing network monitoring and analysis, and performance tuning; troubleshooting network problems; escalating problems to vendor.
• Secures network by developing network access, monitoring, control, and evaluation; maintaining documentation.
• Prepares users by designing and conducting training programs; providing references and support.
• Upgrades network by conferring with vendors; developing, testing, evaluating, and installing enhancements.
• Updates job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
• Protects organization's value by keeping information confidential.

IV. Additional Task and Responsibilities

·        Requires on-call coverage as defined by IT management. Emergency/unplanned coverage may be required.

V. Skills, Intellectual Demands and Job Requirements:

EDUCATION AND FORMAL TRAINING:

• Three to five years Network\System Administration required
• Minimum of 5 years IT related experience
• Bachelor’s degree in IT field preferred

KNOWLEDGE, SKILLS, AND ABILITY:

Demonstrate knowledge and experience with the following technologies, tools, and equipment: 

·        Sophos “Endpoint Security and Control,” “Exploit Prevention,” and “Mobile Control”

·        SolarWinds “Network Performance Monitor” and “Log and Event Manager”

·        Carbon Black “Protection”

·        NinitePro

·        Active Directory Group Policy

·        NTFS, Windows Share, and Linux permissions

·        Encryption (VPN, SSL/TLS, Application-Layer)

·        Network Access Control via Active Directory

·        Sonicwall Firewall and SonicPoint Configurations

·        Dell and Cisco Switch Configurations

·        IDS/IPS Configurations

·        RBAC provisioning and de-provisioning of users, workstations, and servers

INTELLECTUAL DEMANDS:

·        Must understand vague and implicit instructions, and react favorably in all work situations.

·        Must be approachable and responsive to a variety cross-functional teams and issues.

·        Must be able to resolve problems, handle conflict and make effective decisions under pressure. 

·        Must have a long attention span in order to listen to people, perceive the real problems and bring issues to a successful conclusion.

·        Ability to effectively present information and respond to questions from groups of production employees, peers, executives, and vendors.