Sr IT Security Assessment and Validation Analyst
This individual is responsible for the development and delivery of policies, procedures and technologies to ensure the systems are appropriately configured in compliance to policy and technical standards. The candidate will lead projects related to vulnerability and configuration management including assessments and validation efforts, threat management and penetration testing. This individual will to ensure that compliance and validation activities are formally documented and effectively distributed. This The individual will responsible for collaborating with senior leaders to establish a validation program that will support continuous validation that controls are effectively implemented, reducing existing manual and error-prone approaches. This individual will act as a subject matter expert for TCCC, CCR, BIG, and the Bottlers.
RESPONSIBILITIES:
1. Provides subject matter expertise on information risk mitigation strategies in order to address early detection of systems/network security vulnerabilities, configuration management issues and process failures. This individual will develop and maintain a systems validation and threat vulnerability strategy and framework in coordination with subject matter experts from other areas including: Incident Management, Information Security, Information Assurance, BCP, identity Management, Privacy, IT Audit. The program will be formally benchmarked against other companies that have a similar risk profile. This individual will coordinate with others to ensure that as new technology and systems are adopted, that there are controls in place to test for the effectiveness of the mitigating controls.
2. Evaluate and implement technology, and operations processes in order to perform validation tests ranging from large scale vulnerability scanning, network security analysis to automated and manual penetration testing and Web/application security testing. In addition this individual will perform pro-active reviews of operating system, database, network devices, databases, mobile devices etc in order to verify compliance to technical standards and to detect emerging threats. The candidate will analyse assessment results, and provide results to system owners in a timely manner. The individual will collaborates with system’s owners to develop appropriate remediation plans based on risk, leveraging existing procedures/tools where possible, and track remediation efforts.
3. This individual will perform ongoing research on current and emerging vulnerabilities/exploits using publicly available, trusted resources. This individual will implement a communication plan to distribute this data to systems owners and third party vendors. As appropriate, plans to address these risks will be developed and tracked.
4. Establish a central repository for managing validation activities including issues, remediation activities and status. This data will be used to identify issues that are pervasive across the environment and that will benefit from a broader remediation effort. This database will leveraged to provide real-time updates to executives and system managers regarding compliance/validation efforts and the the ‘health of systems’.
5. Lead PCI-related assessments and strategy planning. Ensure that the company and third party systems are in compliance to the Payment Card Industry standard in order to ensure annual certification. Act as a subject matter expert on the PCI DSS Standard. Work closely with Director of IT Risk Validation, TCCC, CCR, BIG, and the bottlers group to validate PCI compliance.
6. Serve as a backup to the Senior IT Security Assessment and Validation Analyst (regulatory)
QUALIFICATIONS:
• CISSP Required
• CISM, CISA, CCSA, CCSE Preferred
• Knowledge of networking technologies and protocols, including Ethernet, TCP and IP and IP routing. Understanding of Information Security Policy
• 5 – 8 years of experience with Security, Vulnerability and Compliance Scanning tools
• Demonstrated knowledge in information technologies to include computer hardware and software, operating systems, and networking protocols.
• Knowledge of networking technologies and protocols, including Ethernet, TCP and IP and IP routing.
• 8 or more years of experience with Security Assessment and penetration tools such as Qualys, Core Impact, Nessus, Immunity Canvas, Webinspect.
• Demonstrates knowledge in information technologies to include computer hardware and software, operating systems, and networking protocols.
• Excellent understanding of OSI model and IP networking
• Strong problem-solving, analytical, technical, and troubleshooting skills
• Strong verbal and written communication skills
• Strong information technology and/or information security skills
• Demonstrated experience in PCI compliance and assessment scoring.
• Ability to work independently and productively under pressure
• Experienced in the following technologies: Cisco ASA firewalls, Cisco VPN concentrators and Cisco AnyConnect VPN Client, Cisco IDS, RSA Adaptive Authentication, Tipping Point IPS, Cisco IDS, Threat Management System Technology (such as RSA Envision and RSA Netwitness, Encase, +++, RSA Archer SmartSuite Framework, Knowledge of Symantec SEP, RSA Two-Factor Authentication, Tipping Point and Sourcefire IPS).
• Experience in internal processes in working with MSSPs and other externally managed security services.
• Threat Intelligence gathering whether internally or externally through services such as Cyveillance and ISight Partners.
• Ability to write SQL queries in order to create data feed integration points between security tools for log correlation, analysis, troubleshooting and system integration.
• Experience in auditing firewalls using tools such as Skybox, RedSeal, and Tufin.
Honesty and integrity have always been cornerstone values of The Coca-Cola Company. Our passion for people of integrity mirrors our spirited drive for total quality in our brands. These and other elements allow the company to sustain strategic practices and drive business performance. The Personnel Integrity Assurance Program is another step toward making The Coca-Cola Company the premier workplace.
This process includes a pre-employment background investigation that applies to all applicants employees and contractors of the company. The scope of this inquiry may cover such elements as education employment history a criminal history check reference checks and a pre-employment drug screen.
Designated countries or sensitive positions within the company may have more stringent standards.
At The Coca-Cola Company you can cultivate your career in a challenging and dynamic environment. We are the largest manufacturer and distributor of nonalcoholic drinks in the world-selling more than 1 billion drinks a day. Unlock your full potential with a future-focused company that is known and respected throughout the world.
Sr IT Security Assessment and Validation Analyst
RESPONSIBILITIES:
1. Provides subject matter expertise on information risk mitigation strategies in order to address early detection of systems/network security vulnerabilities, configuration management issues and process failures. This individual will develop and maintain a systems validation and threat vulnerability strategy and framework in coordination with subject matter experts from other areas including: Incident Management, Information Security, Information Assurance, BCP, identity Management, Privacy, IT Audit. The program will be formally benchmarked against other companies that have a similar risk profile. This individual will coordinate with others to ensure that as new technology and systems are adopted, that there are controls in place to test for the effectiveness of the mitigating controls.
2. Evaluate and implement technology, and operations processes in order to perform validation tests ranging from large scale vulnerability scanning, network security analysis to automated and manual penetration testing and Web/application security testing. In addition this individual will perform pro-active reviews of operating system, database, network devices, databases, mobile devices etc in order to verify compliance to technical standards and to detect emerging threats. The candidate will analyse assessment results, and provide results to system owners in a timely manner. The individual will collaborates with system’s owners to develop appropriate remediation plans based on risk, leveraging existing procedures/tools where possible, and track remediation efforts.
3. This individual will perform ongoing research on current and emerging vulnerabilities/exploits using publicly available, trusted resources. This individual will implement a communication plan to distribute this data to systems owners and third party vendors. As appropriate, plans to address these risks will be developed and tracked.
4. Establish a central repository for managing validation activities including issues, remediation activities and status. This data will be used to identify issues that are pervasive across the environment and that will benefit from a broader remediation effort. This database will leveraged to provide real-time updates to executives and system managers regarding compliance/validation efforts and the the ‘health of systems’.
5. Lead PCI-related assessments and strategy planning. Ensure that the company and third party systems are in compliance to the Payment Card Industry standard in order to ensure annual certification. Act as a subject matter expert on the PCI DSS Standard. Work closely with Director of IT Risk Validation, TCCC, CCR, BIG, and the bottlers group to validate PCI compliance.
6. Serve as a backup to the Senior IT Security Assessment and Validation Analyst (regulatory)
QUALIFICATIONS:
• CISSP Required
• CISM, CISA, CCSA, CCSE Preferred
• Knowledge of networking technologies and protocols, including Ethernet, TCP and IP and IP routing. Understanding of Information Security Policy
• 5 – 8 years of experience with Security, Vulnerability and Compliance Scanning tools
• Demonstrated knowledge in information technologies to include computer hardware and software, operating systems, and networking protocols.
• Knowledge of networking technologies and protocols, including Ethernet, TCP and IP and IP routing.
• 8 or more years of experience with Security Assessment and penetration tools such as Qualys, Core Impact, Nessus, Immunity Canvas, Webinspect.
• Demonstrates knowledge in information technologies to include computer hardware and software, operating systems, and networking protocols.
• Excellent understanding of OSI model and IP networking
• Strong problem-solving, analytical, technical, and troubleshooting skills
• Strong verbal and written communication skills
• Strong information technology and/or information security skills
• Demonstrated experience in PCI compliance and assessment scoring.
• Ability to work independently and productively under pressure
• Experienced in the following technologies: Cisco ASA firewalls, Cisco VPN concentrators and Cisco AnyConnect VPN Client, Cisco IDS, RSA Adaptive Authentication, Tipping Point IPS, Cisco IDS, Threat Management System Technology (such as RSA Envision and RSA Netwitness, Encase, +++, RSA Archer SmartSuite Framework, Knowledge of Symantec SEP, RSA Two-Factor Authentication, Tipping Point and Sourcefire IPS).
• Experience in internal processes in working with MSSPs and other externally managed security services.
• Threat Intelligence gathering whether internally or externally through services such as Cyveillance and ISight Partners.
• Ability to write SQL queries in order to create data feed integration points between security tools for log correlation, analysis, troubleshooting and system integration.
• Experience in auditing firewalls using tools such as Skybox, RedSeal, and Tufin.
Honesty and integrity have always been cornerstone values of The Coca-Cola Company. Our passion for people of integrity mirrors our spirited drive for total quality in our brands. These and other elements allow the company to sustain strategic practices and drive business performance. The Personnel Integrity Assurance Program is another step toward making The Coca-Cola Company the premier workplace.
This process includes a pre-employment background investigation that applies to all applicants employees and contractors of the company. The scope of this inquiry may cover such elements as education employment history a criminal history check reference checks and a pre-employment drug screen.
Designated countries or sensitive positions within the company may have more stringent standards.
At The Coca-Cola Company you can cultivate your career in a challenging and dynamic environment. We are the largest manufacturer and distributor of nonalcoholic drinks in the world-selling more than 1 billion drinks a day. Unlock your full potential with a future-focused company that is known and respected throughout the world.
Sr IT Security Assessment and Validation Analyst
Post a Comment