IT Security Administrator III

The Information Security Administrator III has overall responsibility for the administration of the Information Security program for Giesecke+Devrient America, Inc (G+D). This includes the ongoing administration of G+D's security certifications for ISO 27001, PCI, and internal information security compliance. Serve as the subject matter expert in data security and act as a consultant in assisting other departments with IT Security process and documentation. Investigate findings to determine root causes and recommend necessary preventative actions to mitigate reoccurrence of the associated risks. Must have ability to provide 24x7 for possible Security or IT related emergencies and/or escalations.

• Administer and preserve G+D Security Certifications through the administration and ongoing enhancement of the Information Security Management System with a primary focus on ISO 27001, Cryptographic Key Management and PCI Logical Security requirements. Ensure Information Security controls are relevant, properly documented and maintained for ongoing recertification and governance activities. Part of the role is to maintain a system that fosters appropriate, demonstrable, auditable and coordinated security procedures, and practices that are compliant with related laws, regulations, policies and professional standards.
• Provide daily supervision of IT Security staff and tasks.
• Responsible for effective and comprehensive administration of the cryptographic key management program, which includes the generation, exchange, storage, use, replacement and documentation of cryptographic keys. Possess a full understanding of key management servers, symmetric and asymmetric keys, and public key infrastructure (PKI).
• Ensure compliance with all applicable internal and external Information Security requirements through coordination of internal and external Logical Security audits.
• Maintains a system that fosters appropriate information security training and awareness. Responsible for developing and maintaining a system that encourages the routine use of risk assessments and risk management planning related to the information security features of systems, tools and networks.
• Responsible for assessing, reporting and assisting in the remediation of IT security vulnerabilities for IT systems and applications that are part of G+D operations.
• Responsible for designing, documenting, training and testing of the corporate IT Security Incident Response Plan.
• Responsible for maintaining status information regarding the configuration files for information security appliances, software and equipment (monthly firewall rule target/configuration comparison etc.)
• Independently contribute ideas and process improvements and look for creative solutions and better ways of doing things, in order to meet goals of continuous improvement
• Identify, analyze, and address problems in order to resolve issues whenever possible in a way that minimizes the negative impact on the organization
• Work with the ISF (information security forum) materials and tools including participation in local ISF chapter meetings
• Analyze issues not only from a local point of view but should also consider the global scope of G+D operations
• Performs other duties as assigned
• Complies with all policies and standards

Education and Experience

• Associate degree in Computer Science or Information Systems
• 5 years IT/Information Security experience, preferably in a financial service or similar industry
• CISSP and/or CISA certification required
• Audit and Compliance experience (PCI, ISO)

Knowledge Skills and Abilities

• Solid knowledge and understanding of IT Security Standards (ISO 27001) and IT Process Standards (ITIL, COBIT)
• Strong computer skills (MS Office, Visio, TCP/IP, Nmap)
• Solid understanding of the key technical and organizational concepts of Information Security-related Systems (firewalls, intrusion detection, virtualization technologies, encryption, VPN, etc.).
• Ability to develop and defend technical recommendations and budgetary plans and communicate them in non-technical "business language"
• Ability to communicate information security issues clearly and appropriately to audiences with diverse technical backgrounds, without creating unnecessary urgency

• Work performed in a light industrial setting
• Exposure to some shop noise
• Significant amount of walking between offices and throughout facility
• Some lifting required
• Travel up to 15% may also be required.

The pay range for this position is $114,520-$130,760 and is eligible for an annual bonus. Benefits offered to eligible employees include, medical (PPO and HDHP with HSA), dental, vision, paid time off, paid holidays, 401K w/ employer match, short/long term disability, life insurance, healthcare and dependent care flexible spending, EAP, commuter benefits, education assistance, pet insurance, legal, and more.

$$ Giesecke+Devrient ePayments America, Inc. endeavors to make to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Human Resources at View phone number on click.appcast.io or View email address on click.appcast.io.

Giesecke+Devrient ePayments America, Inc. is an Equal Opportunity Employer - M/F/Veteran/Disability/Sexual Orientation/Gender Identity

$$ $$ $$ $$ $$