thought Id pass this along for anyone not on the securityjobs mailing list.
---------- Forwarded message ---------- Date: Thu, 1 Apr 2004 14:46:01 -0500 From: Ryan Kurtz <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Subject: Chief Security Officer - Raleigh, NC I'm looking for a candidate for the position of Corporate Security Officer in Raleigh, NC. This position is going to need to be filled quickly. I'm looking for someone who has great speaking skills, and can communicate effectively with other executives and subordinates. This will be a hands on role and will require extensive knowledge. This position will require CISSP or related certifications along with previous executive level experience manageing a mid-sized company. No phone calls or 3rd. party vendors. Thanks [EMAIL PROTECTED] Job Title: Corporate Security Officer Date: 3/17/04 Department: Information Systems Location: Corporate Reports To: Chief Information Officer FLSA Status: Exempt Purpose: Responsible for the definition and implementation of the corporate security function. Instrumental in defining security policies, standards and procedures protecting corporate assets as well as the hosted assets of our customers. Increase security awareness of company employees. Address customer security concerns and questions. Direct security investigations when necessary. Maintain corporate business continuity plans. To provide overall coordination and management of in-building system network operations. Job Functions: 1. Develop, implement and maintain all corporate-level information security standards, procedures, and guidelines, including compliance monitoring procedures. 2. Develop a comprehensive program for planning, design, implementation and monitoring of security measures. 3. Coordinate, implement and maintain the Business Continuity and Disaster Recovery programs. 4. Contribute to customer RFP/RFI's as required. 5. Manage yearly audits and report results to management. 6. Recommend tools for the implementation of security best practices; work closely with systems, network, and application development personnel to ensure the integrity of information security procedures, systems and policies. 7. Manage regular reviews of access to all systems and platforms and develop risk-analysis and rating of all current and future systems and platforms. 8. Conduct direct vulnerability assessments and security reviews, investigate security violations and reports policy violations to management. 9. Develops and coordinates remediation plans to address security vulnerabilities. 10. Develop and administer an effective corporate security awareness program. 11. Oversees the maintenance and update of incident response plans. 12. Develop and maintain budget associated with all security and business continuity related expenses. The above responsibilities represent the major tasks assigned to incumbents in this job title. They are not intended to be an exhaustive list of all tasks. On occasion, incumbents may perform other related tasks. Working Conditions and Physical Demands: Works in normal office environment with minimal traveling required. Qualifications: 1. Requires at least 10 years information security leadership experience, with a significant portion of that time establishing and leading comprehensive security programs in a large financial organization. 2. Prefer at least 7-10 years of financial experience. 3. CISSP and/or CISA certification required. 4. A degree in computer science or related field. 5. Extensive knowledge of Sarbanes-Oxley, GLBA and ISO17799. 6. Thorough knowledge and understanding of current information security and disaster recovery planning techniques and technologies. 7. Demonstrated ability to work with management and staff at various levels of the organization to implement sound security practices. 8. Extensive knowledge of networks, system, database and applications security. 9. Knowledge of secure software development. 10. Computer/network investigation skills and forensics knowledge. 11. Strong Project Management skills. 12. Strong analytical and risk assessment. 13. Strong written and oral communication skills. -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
