The IT Vulnerability Manager will build and manage a vulnerability security program for IT and the Company. The IT Manager will evaluate information systems, platforms and IT operating procedures in accordance with the company’s standards and best practices and create a vulnerability management program to keep the company secure.
Develop, in conjunction with IT leadership, Legal, HR and Audit policies and standards framework and process to craft and maintain policies/standards
Work directly with Ecommerce team to develop a strong application vulnerability program
Produce metrics showing operational compliance with best practices
Manage and measure the IT Security Framework, vendor risk assessments and Security Awareness Program
Manage and maintain the PCI compliance standard and testing within the company
Track and ensure adequate and timely resolutions to all audit/review issues relating to security
Lead and deliver of security services and programs to the corporation, in conjunction with Enterprise processes, develop success criteria and operational processes
Provide technical guidance on security/privacy policies and standard development
Develop and implement action plans to address security issues and enhance the security architecture
Assist with mapping dependencies/risks among people, processes and technologies.
Perform other duties as assigned.
Education and Experience:
Firewall engineering, intrusion detection systems, host based and network based vulnerability assessment tools, sniffers, TCP/IP protocol stack and the OSI layer, content management and filtering systems, VPN, web servers (IIS, Apache, WebSphere, etc.)
Strong experience with vulnerability management tools. Rapid7, IBM Appscan, Qualys, Qradar, Sumo Logic and similar technologies
Experience in application development methodologies in various languages, experience with project management life cycle and application architecture
Experience in cryptographic technology and their applications in secure e-mail, general message and content security (for file and database protection), PGP, SSL, digital encryption, code signing, digital signature and digital rights management
Experience with data and meta-data management issues surrounding data definition, classification, modeling, integration, quality and usage
Experience creating role-based authorizations and access profiling
Strong analytical, prioritizing, interpersonal, problem-solving, presentation, budgeting, project management (from conception to completion) & planning skills
Bachelor’s degree and CISSP Certification preferred