Information Systems Security Officer
New Hampshire Retirement System | Concord, NH
SCOPE OF WORK:
The Information Systems Security Officer is responsible for researching, developing, implementing, testing and reviewing NHRS’ information security in order to protect information and prevent unauthorized access. This positon also supports security initiatives and NHRS policy adherence and awareness efforts and provides security expertise to business units and key stakeholders.
- Using the Risk Management Framework of record, conduct assessments of information security controls in order to measure the effectiveness of controls and identify control gaps.
- Identify, assess, and prioritize identified risks, collect evidence, artifacts, and document findings to support conclusions, report on compliance with internal policies, controls, and standards, and provide recommendations for remediation of identified deficiencies.
- Manage remediation efforts and report on the status of control deficiencies, this will include working with external partners.
- Ensure compliance to guidance and standards such as NIST Publications, NHRS policies and procedures, and other industry best practices.
- Coordinate third-party risk assessments and IT audits.
- Manage security awareness training using NHRS approved software, and coordinate with third parties for onsite trainings and HR for tracking. Training includes quarterly office testing.
- Enforce policy adherence and manage formal policy exception requests.
- Provide timely status updates/reporting on assessments and assigned projects.
- Provide back up and assistance to others on the team, which include roles in Network and Server administration, and help desk duties.
- Other appropriate and related duties as assigned by supervisor.
Education: Bachelor’s degree in Computer Science or a related engineering field with training in information security. Master’s Degree in Computer Science or Business preferred.
Experience: 10+ years’ experience in Information Security. 5+ years’ experience building and managing Windows server platforms. Experience using security scanners and remediating vulnerabilities, or similar tools. Experience in creating and maintaining minimum-security configuration baselines for Windows platforms and applications (i.e., Minimum Benchmarks: STIGS, US-CERT). Experience reviewing system logs for potential intrusions and policy violations, working with SIEMs is a plus.
License/Certification: Valid driver’s license preferred.
- This position requires sitting (80%), standing (5%), and walking (15%).
- Requires lifting materials of approximately 20-25 lbs.
- Often requires computer responsibility, which involves extensive use of keyboard, mouse and monitor.
- Dayshift hours primarily, although overtime may be required in meet project deadlines.
- Physically able to participate in training sessions, presentations, and meetings.
- Work related assignments on weekends are possible