[TriLUG] Chief Security Officer - Raleigh, NC (fwd)

Fri Apr 2 08:19:04 EST 2004

thought Id pass this along for anyone not on the securityjobs mailing
list.

---------- Forwarded message ----------
Date: Thu, 1 Apr 2004 14:46:01 -0500
From: Ryan Kurtz <Ryan.Kurtz at us.Randstad.com>
To: "'securityjobs at securityfocus.com'" <securityjobs at securityfocus.com>
Subject: Chief Security Officer - Raleigh, NC

I'm looking for a candidate for the position of Corporate Security Officer
in Raleigh, NC. This position is going to need to be filled quickly.   I'm
looking for someone who has great speaking skills, and can communicate
effectively with other executives and subordinates.  This will be a hands on
role and will require extensive knowledge.  This position will require CISSP
or related certifications along with previous executive level experience
manageing a mid-sized company. No phone calls or 3rd. party vendors. Thanks

ryan.kurtz at us.randstad.com

Job Title:	Corporate Security Officer	Date:  	3/17/04

Department:	Information Systems	Location:  	Corporate

Reports To:	Chief Information Officer	FLSA Status: 	Exempt

Purpose: Responsible for the definition and implementation of the corporate
security function. Instrumental in defining security policies, standards and
procedures protecting corporate assets as well as the hosted assets of our
customers. Increase security awareness of company employees. Address
customer security concerns and questions. Direct security investigations
when necessary. Maintain corporate business continuity plans. To provide
overall coordination and management of in-building system network
operations.

Job Functions:
1.	Develop, implement and maintain all corporate-level information
security standards, procedures, and guidelines, including compliance
monitoring procedures.
2.	Develop a comprehensive program for planning, design, implementation
and monitoring of security measures.
3.	Coordinate, implement and maintain the Business Continuity and
Disaster Recovery programs.
4.	Contribute to customer RFP/RFI's as required.
5.	Manage yearly audits and report results to management.
6.	Recommend tools for the implementation of security best practices;
work closely with systems, network, and application development personnel to
ensure the integrity of information security procedures, systems and
policies.
7.	Manage regular reviews of access to all systems and platforms and
develop risk-analysis and rating of all current and future systems and
platforms.
8.	Conduct direct vulnerability assessments and security reviews,
investigate security violations and reports policy violations to management.
9.	Develops and coordinates remediation plans to address security
vulnerabilities.
10.	Develop and administer an effective corporate security awareness
program.
11.	Oversees the maintenance and update of incident response plans.
12.	Develop and maintain budget associated with all security and
business continuity related expenses.

The above responsibilities represent the major tasks assigned to incumbents
in this job title.  They are not intended to be an exhaustive list of all
tasks.  On occasion, incumbents may perform other related tasks.

Working Conditions and Physical Demands:

Works in normal office environment with minimal traveling required.

Qualifications:

1.	Requires at least 10 years information security leadership
experience, with a significant portion of that time establishing and leading
comprehensive security programs in a large financial organization.
2.	Prefer at least 7-10 years of financial experience.
3.	CISSP and/or CISA certification required.
4.	A degree in computer science or related field.
5.	Extensive knowledge of Sarbanes-Oxley, GLBA and ISO17799.
6.	Thorough knowledge and understanding of current information security
and disaster recovery planning techniques and technologies.
7.	Demonstrated ability to work with management and staff at various
levels of the organization to implement sound security practices.
8.	Extensive knowledge of networks, system, database and applications
security.
9.	Knowledge of secure software development.
10.	Computer/network investigation skills and forensics knowledge.
11.	Strong Project Management skills.
12.	Strong analytical and risk assessment.
13.	Strong written and oral communication skills.