Sirius Computer Solutions Application Administrator in San Antonio, Texas

Position Summary:

The primary purpose of this position is to provide Information Security expertise and guidance, and lead efforts to ensure that the appropriate security programs are implemented and followed. This position will also provide recommendations based on audits and assessments to ensure compliance and mitigate risk, and will proactively identify areas where information theft is possible and provide solutions for mitigation. This position will also provide security solutions for compliance or areas of concern to the business.

Primary Duties & Responsibilities

  • Develops and leads corporate security awareness program

  • Coordinates, documents, and implements corporate security certification and compliance efforts

  • Business Continuity Coordination; to include scheduling and leading annual DR tests and all planning and documentation efforts

  • Oversees and leads corporate crisis communication efforts

  • Develops and maintains security policies, processes, and procedures

  • Provides guidance and input on compliance oversight; areas to include PCI, HIPAA, export controls, etc.

  • Integrate security governance into corporate IT governance

  • Develops and maintains policies and procedures to address security questionnaires

  • Leads efforts for client questionnaires responses, ensuring responses are provided in a timely manner and with supporting documentation

  • Configures, supports, and evaluates security tools

  • Reviews IT Initiatives and architectural designs to evaluate compliance to applicable security standards

  • Conducts security audits, incident investigations, and provides recommendations to mitigate risks

  • Reviews, modifies, and integrates security with disaster recovery and business continuity plans and ensures representation of security in change management process

  • Develops and maintains remote access policies

  • Maintains and conducts tests against a Security Incident Response Plan

  • Performs vulnerability assessments against systems and network devices and provides recommendations for remediation based upon the results

  • Interacts and provides consultation to senior management regarding acceptable IT security practices

  • Performs security assessments, creates gap analysis and develops a road map to continually improve enterprise security

  • Develops information security training for employees in regards to policy and procedures that help to minimize disruption and risk to the business

  • Establishes metrics and KPIs to evaluate the high-level health of our security across the enterprise

  • Leverages ITIL fundamentals to provide guidance and oversight for change management processes

  • All Sirius employees are responsible to safeguard the information and information systems that they use or handle in the execution of their duties. Employees are obligated to know and perform their duties in accordance with Sirius policies, standards, and procedures related to security and report security violations to the appropriate Sirius authority.

  • Participate at hire and annually in the Information Security Awareness training as well as other required training identified by the Human Resources department. Other data privacy and data security related regulatory training may be required based on your role or assignment.

Position Requirements

Basic Qualifications

  • Bachelor’s degree in Information Technology, Business Information Technology, or related field

  • At least five (5) years IT experience, to include experience with Windows server operating systems, Linux/UNIX operating systems, and Security Compliance and Auditing

Other Position Requirements

  • Demonstrated knowledge of common protocols such as SNMP, HTTP, HTTPS, SMTP, NTP, LDAP, KERBEROS, RADIUS, SSH, Telnet, RDP, SCP, SFTP and FTP

  • Demonstrated knowledge of MDM policies

  • Demonstrated knowledge of encryption types and practical uses

  • Demonstrated experience in answering RFQ or RFI from customers or business units

  • Demonstrated experience with web application vulnerability scanning tools such as IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burp suite Pro or similar

  • Familiarity with forensic tools such as Encase, FTK, or Helix

  • Demonstrated experience in the use of security tools such as nmap or Wireshark

  • Demonstrated experience in Risk Assessments

  • Demonstrated experience with ITSM/ITIL best practices implementation

Preferred Qualifications:

  • Experience implementing security controls for Software Development Lifecycle (SDLC)

  • Experience with various server OS platforms: Microsoft, RedHat, CENTOS

  • 2 years experience in large enterprise with retail or sales based company

  • 5 years auditing experience

  • CISSP, CCSP, CISA, or GIAC certifications

  • ITIL certification

Essential Functions

Travel will be required to perform audits, investigations or as required by above functions

The above primary duties, responsibilities, and position requirements are not all inclusive.