The Security Administrator is responsible for the administration of the organisation’s information and data security policies and practices to ensure authorised users can readily access information and that the information is protected in terms of confidentiality, integrity and availability.
A Security Administrator is basically the point man/woman for cyber security systems.You will likely be responsible for installing, administering and troubleshooting your organization’s security solutions.
- Monitor and report on the performance of network, system and application security solutions to highlight areas of non-compliance and inform the development of improved practices and processes
- Manage the allocation of access privileges of users to ensure appropriate security settings are applied in accordance with organisation policies and application owner-defined parameters
- Assist with security breach investigations to guide the refinement of information security policies and practices
- Manage the periodic maintenance of security systems and applications to ensure new threats are identified and managed and the security of the organisation’s assets are maintained
- Maintain currency of knowledge regarding the information security environment and the range of options available to secure the organisation’s assets
- Assist with defining policies, procedures, and responsible for implementing technologies to ensure system security through secure system access, monitoring, control, and routine security evaluations.
- Design and lead the implementation of a SEIM environment, configuring appropriate alerts and manage appropriate responses.
- Design, review and assist in the implementation of user and system security policies.
- Design proper monitoring policies and procedures for firewall, anti-virus, IDS/IPS and SIEM logs.
- Monitor and advise on security software patches.
- Lead company-wide security audits.
- Work with management and the change control board to verify all security related production modifications are properly approved.
- Ensure systems align with policies, standards, licensing agreements, configuration guidelines, and standard methodologies for maintaining regulatory compliance.
- Ensure secure user access and role validation processes.
- Provide user education on security policies and ensure alignment.
- Build required reports in response to business needs.
Requirements and skills
- Bachelors Degree from an accredited college or university in business management, information technology, computer science or related fields.
- Previous experience in a senior role with a depth and scope of duties mentioned above.
- Strong organizational skills and the ability to handle many tasks simultaneously in a high pressure environment with rapidly changing priorities and deadlines.
- Work experience in training/facilitation or internal communications.
- Knowledge of international information Security and privacy laws, and industry standards (e.g., ISO 17799/27002, NIST Cyber Security Framework, EU Directive 95/46/EC), and FFIEC Examiners Handbooks surrounding Information Security.
- Excellent relationship management and liaison skills, strong orientation toward collaboration and communication, ability to earn trust and respect from a challenging customer base.
- Strong leadership, strategy and analysis skills.
- Strong verbal and written communications skills with the ability to communicate succinctly and to specific audiences including the ability to draft clear and concise employee and customer communications and executive summaries.
- Excellent customer service skills and attitude.
- At least one professional certification to include: CISSP, CISA, CISM, GSEC, GIAC, etc. or the ability to acquire within 6 months of hire.
- High degree of attention to detail.
- Ability to make sound decisions and analyze problems based on the information captured through risk assessments of the infrastructure and business.
- 5\7 years in the Information Security industry.
- BA/BS in Information Technology, Computer Science or related field.
- CISSP, CISM, CISA or equivalent certifications.
- Experience with security information and event management platforms.
- Experience with collecting, analyzing and interpreting data from various sources for building security incidents.
- Familiarity with ISO 27001, SOC 2 or NIST 800-53.
- Knowledge of HIPAA Security Rule and other Federal Technology laws.
- Vulnerability scanning, remediation, and mitigation experience.