Westfield
Information Security Senior Engineer
Westfield, Ashley, Ohio, United States, 43003
Job Description
The Information Security Senior Engineer, working under moderate supervision, is responsible for designing, implementing, and maintaining the organization's information security infrastructure. The role requires the identification and mitigation of security risks, the development and enforcement of security policies, and ensuring compliance with industry regulations. The role collaborates with cross-functional teams, assesses the security posture, conducts risk assessments, and implements effective security controls. Additionally, the role requires monitoring security events, investigating incidents, and providing recommendations for remediation. The role is crucial in safeguarding the confidentiality, integrity, and availability of sensitive information, contributing to the maintenance of a strong and resilient security posture within the insurance company.
Responsibilities
Leads the design, implementation, and management of comprehensive information security programs and initiatives in the insurance company, ensuring the confidentiality, integrity, and availability of information assets.Conducts advanced security assessments, threat modeling, and risk analysis of the company's IT infrastructure, systems, and applications, providing insights and recommendations for mitigating risks and strengthening security controls.Oversees the development, implementation, and maintenance of robust security controls, including firewalls, intrusion detection/prevention systems, data loss prevention systems, and encryption technologies, to protect the company's networks, servers, and endpoints.Collaborates with cross-functional teams to define and enforce information security policies, standards, and procedures, ensuring compliance with relevant regulations, industry frameworks, and best practices.Drives security awareness and training programs for employees, educating them on security threats, best practices, and incident response procedures, to foster a security-conscious culture within the organization.Leads incident response activities, including security incident investigation, containment, and remediation, collaborating with internal teams and external stakeholders to minimize the impact of security incidents and prevent recurrence.Conducts in-depth security assessments and audits of third-party vendors and service providers, evaluating their security controls, privacy practices, and contractual compliance, to mitigate risks associated with external partnerships.Evaluates and recommends new security technologies, tools, and solutions, keeping abreast of emerging threats and industry trends, and works with relevant stakeholders to implement and integrate these solutions effectively.Provides technical guidance and mentorship to junior security engineers, sharing expertise in areas such as secure architecture design, secure coding practices, and vulnerability management.Engages with industry forums, security communities, and regulatory bodies to stay informed about emerging security threats and regulations, representing the insurance company's interests and contributing to industry-wide security initiatives.Qualifications
Minimum 3-5 years of relevant experience in Information Security or Information TechnologyBachelor's degree in Information Security, Computer Science, Information Technology or a related field and/or commensurate experience.
The Information Security Senior Engineer, working under moderate supervision, is responsible for designing, implementing, and maintaining the organization's information security infrastructure. The role requires the identification and mitigation of security risks, the development and enforcement of security policies, and ensuring compliance with industry regulations. The role collaborates with cross-functional teams, assesses the security posture, conducts risk assessments, and implements effective security controls. Additionally, the role requires monitoring security events, investigating incidents, and providing recommendations for remediation. The role is crucial in safeguarding the confidentiality, integrity, and availability of sensitive information, contributing to the maintenance of a strong and resilient security posture within the insurance company.
Responsibilities
Leads the design, implementation, and management of comprehensive information security programs and initiatives in the insurance company, ensuring the confidentiality, integrity, and availability of information assets.Conducts advanced security assessments, threat modeling, and risk analysis of the company's IT infrastructure, systems, and applications, providing insights and recommendations for mitigating risks and strengthening security controls.Oversees the development, implementation, and maintenance of robust security controls, including firewalls, intrusion detection/prevention systems, data loss prevention systems, and encryption technologies, to protect the company's networks, servers, and endpoints.Collaborates with cross-functional teams to define and enforce information security policies, standards, and procedures, ensuring compliance with relevant regulations, industry frameworks, and best practices.Drives security awareness and training programs for employees, educating them on security threats, best practices, and incident response procedures, to foster a security-conscious culture within the organization.Leads incident response activities, including security incident investigation, containment, and remediation, collaborating with internal teams and external stakeholders to minimize the impact of security incidents and prevent recurrence.Conducts in-depth security assessments and audits of third-party vendors and service providers, evaluating their security controls, privacy practices, and contractual compliance, to mitigate risks associated with external partnerships.Evaluates and recommends new security technologies, tools, and solutions, keeping abreast of emerging threats and industry trends, and works with relevant stakeholders to implement and integrate these solutions effectively.Provides technical guidance and mentorship to junior security engineers, sharing expertise in areas such as secure architecture design, secure coding practices, and vulnerability management.Engages with industry forums, security communities, and regulatory bodies to stay informed about emerging security threats and regulations, representing the insurance company's interests and contributing to industry-wide security initiatives.Qualifications
Minimum 3-5 years of relevant experience in Information Security or Information TechnologyBachelor's degree in Information Security, Computer Science, Information Technology or a related field and/or commensurate experience.