United States of America
OT551: Otis Americas HDQ - Northpoint 5500 Village Boulevard, West Palm Beach, FL, 33407 USA
Otis, a United Technologies company, is the world leader in reliable, efficient and technologically advanced elevators, escalators and people-moving systems. Our revolutionary Gen2® elevators, energy-saving ReGen™ drives and NCE “green” escalator have clearly set the industry standard for innovation, safety and performance. More than 2.4 million Otis elevators and escalators are currently in operation throughout 200 different countries. We are proud to have a global team that continues to rise to the challenges of a fast-moving company. Together, the people of Otis are creating new ideas and opportunities by collaborating across time zones, geographies and cultures. So just imagine where we can take you!
Otis is seeking a motivated and customer-oriented Information System Security Officer (ISSO) to join our team in West Palm Beach, Florida, supporting our Americas region.
The regional ISSO will be responsible for evaluating, managing and maintaining the current information systems security and compliance functions for Otis Americas, ensuring proper controls are in place to meet or exceed company policy and government requirements, including but not limited to PCI DSS, and NIST, HIPAA, and ISO.
Additional responsibilities include but are not limited to:
Conduct periodic testing and reviews (attestation) to ensure compliance with system and administrative access controls
Participate in proposed solution architecture reviews and provide recommendations for ensuring compliance with all company and government cybersecurity requirements
Create, implement and communicate structured security operating procedures, audit processes and documentation
Consistently improve controlled identity management processes for joiners, movers, and leavers within the organization
Manage / assist with security and compliance related projects and initiatives
Coordinate and lead internal / external agency and customer compliance audits, ensuring that findings are communicated and remediated
Support / direct responses and follow up actions related to security incidents
Work with CISSO and peers to develop and implement training and awareness campaigns for employees and contract associates at all levels
Identify cost reduction and optimization opportunities, driving operational efficiencies that improve profitability while securing company resources
Analyze industry trends, making recommendations to further secure the environment and enhance customer productivity
Produce metrics showing controls effectiveness in comparison with UTC and industry best practices
Ensure annual business recovery plans are complete and appropriate disaster recovery plans exist, are maintained current, and are periodically tested as required
The ideal candidate will possess the following:
Demonstrated experience with network/firewall/VoIP controls, server/desktop controls, segregation of duties/change management, IT security operations management, Identity Access Management (IAM) integration, disaster recovery/business continuity planning, cloud computing security, eSOX compliance, SOC1/SSAE18/IS27001/PCI DSS compliance.
Demonstrated leadership and experience working with distributed teams to define and execute governance projects and ongoing compliance control activities
Experience with process improvement methodologies such as UTC ACE/Six Sigma desirable
Use and management of RSA Archer use cases a plus
Experience with media sanitization and destruction, PEDs, incident response, virus scanning, privileged user access, and hardware/software configuration management
Experience using security hardening, collection and assessment tools (e.g. SCAP Tool, Nessus, Rapid7, etc.)
Strong analytical, prioritizing, interpersonal, and problem-solving skills
Experience working with cloud environments such as Microsoft Azure
Excellent written, oral communication and presentation skills
Specific experience with compliance and security for a distributed and mobile field organization and associated technologies desirable
BA/BS degree in computer science or related fields, w/ 6-10+ years of experience
MA/MS degree in computer science or related fields, w/ 4-7+ years of experience
CISSP, CEH, or CompTIA Security+ certifications strongly desired
Travel Requirements 10% (may include international)