Business Information Security Officer (Information Security Analyst Sr or Above)
Company Name:
TSYS
Title: Business Information Security Officer (Information Security Analyst Sr or Above)
Location: GA-Columbus
Other Locations:
Summary
The Business Information Security Office (BISO) is responsible for supporting the Business by providing security consulting and education, ensuring compliance with TSYS Information Security policies, conducting security assessments, providing security incident support, and reporting key Information Security metrics to the Business as applicable. This role provides an integral part of the security controls that TSYS uses to protect its data and intellectual property. The ideal candidate will have a well-balanced business and technical analytic background, with a thorough understanding and focus on Information Security topics.
Responsibilities
Embedded as a security officer within the business to provide security oversight and consulting related to Information Security programs, policies and standards
Provide consultative services to the business to raise awareness of information security standards, concerns, and interpretation and/or clarification of security policies. Engage appropriate Information Security SME as applicable.
Advise the business on Information Security practices and current, changing, and/or recommended Information Security requirements. Ensures alignment of Information Security program with business strategy.
Help the business ensure compliance to corporate Information Security policies through briefing sessions, security education programs, and other methods as appropriate
Prepare and deliver Information Security key metrics for reporting to the business
Conduct security assessments to ensure corporate/business and vendor systems have appropriate level of controls and comply with TSYS Corporate Security Policy and applicable security related compliance/regulation requirements. Perform on site assessments of vendor facilities.
Report and communicate observations of gaps and risk, providing the business with detailed risk descriptions to enable risk decision making. Work with remediation owners to ensure corrective action plans are developed and implemented. Review corrective action and approve closure by reviewing evidence to ensure the closure meets TSYS requirements or industry best practices.
Adjust security assessment methodology to ensure assessment adequately identifies associated risks
Conduct Information Security awareness and training activities, including Information Security education of new employees
Assist security incident response teams with investigation, resolution and closure of incidents, including lessons learned
Research and stay current on the latest trends, best practices, and technology developments
Core Skills
Ability to partner with and influence a variety of stakeholders to ensure security requirements are understood and met
Advanced risk analysis, problem solving, consulting skills and relationship management skills
Strong presentation, organizational, written and communication skills
Understanding of the Information Security risks that are inherent to the supported business.
Familiarity with Information Security frameworks and standards (i.e. CIS, NIST, ITIL)
Experience with conducting and analyzing security risk assessments
Ability to interpret and apply policies, standards and procedures.
Education/Experience
Four year college degree and 4 or more years professional experienceor6 or more years professional experience is required. Requires a strong technical background in various information security and related products and concepts including, but not limited to, mainframe products like ACF2, PC-based Windows applications, LAN/WAN operating systems (NT and NOVELL), Internet/Intranet (firewalls, WEB sites, and browsers), virus controls, AS/400, and Tandem. Professional certification(s) preferred. Extensive customer relation experience and customer Help Desk experience preferred.
Risk & Compliance
Organization: Total System Services, Inc.Estimated Salary: $20 to $28 per hour based on qualifications.
TSYS
Title: Business Information Security Officer (Information Security Analyst Sr or Above)
Location: GA-Columbus
Other Locations:
Summary
The Business Information Security Office (BISO) is responsible for supporting the Business by providing security consulting and education, ensuring compliance with TSYS Information Security policies, conducting security assessments, providing security incident support, and reporting key Information Security metrics to the Business as applicable. This role provides an integral part of the security controls that TSYS uses to protect its data and intellectual property. The ideal candidate will have a well-balanced business and technical analytic background, with a thorough understanding and focus on Information Security topics.
Responsibilities
Embedded as a security officer within the business to provide security oversight and consulting related to Information Security programs, policies and standards
Provide consultative services to the business to raise awareness of information security standards, concerns, and interpretation and/or clarification of security policies. Engage appropriate Information Security SME as applicable.
Advise the business on Information Security practices and current, changing, and/or recommended Information Security requirements. Ensures alignment of Information Security program with business strategy.
Help the business ensure compliance to corporate Information Security policies through briefing sessions, security education programs, and other methods as appropriate
Prepare and deliver Information Security key metrics for reporting to the business
Conduct security assessments to ensure corporate/business and vendor systems have appropriate level of controls and comply with TSYS Corporate Security Policy and applicable security related compliance/regulation requirements. Perform on site assessments of vendor facilities.
Report and communicate observations of gaps and risk, providing the business with detailed risk descriptions to enable risk decision making. Work with remediation owners to ensure corrective action plans are developed and implemented. Review corrective action and approve closure by reviewing evidence to ensure the closure meets TSYS requirements or industry best practices.
Adjust security assessment methodology to ensure assessment adequately identifies associated risks
Conduct Information Security awareness and training activities, including Information Security education of new employees
Assist security incident response teams with investigation, resolution and closure of incidents, including lessons learned
Research and stay current on the latest trends, best practices, and technology developments
Core Skills
Ability to partner with and influence a variety of stakeholders to ensure security requirements are understood and met
Advanced risk analysis, problem solving, consulting skills and relationship management skills
Strong presentation, organizational, written and communication skills
Understanding of the Information Security risks that are inherent to the supported business.
Familiarity with Information Security frameworks and standards (i.e. CIS, NIST, ITIL)
Experience with conducting and analyzing security risk assessments
Ability to interpret and apply policies, standards and procedures.
Education/Experience
Four year college degree and 4 or more years professional experienceor6 or more years professional experience is required. Requires a strong technical background in various information security and related products and concepts including, but not limited to, mainframe products like ACF2, PC-based Windows applications, LAN/WAN operating systems (NT and NOVELL), Internet/Intranet (firewalls, WEB sites, and browsers), virus controls, AS/400, and Tandem. Professional certification(s) preferred. Extensive customer relation experience and customer Help Desk experience preferred.
Risk & Compliance
Organization: Total System Services, Inc.Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
