Threat and Vulnerablity Officer
Lead and manage the identification, prioritization and eradication of threats and vulnerabilities in computer systems and networks throughout the corporate environment. Manage vendors and tools used to identify and track vulnerabilities and their remediation across all corporate systems.
- Manage staff. Interview, hire, set high performance standards, and manage team performance in accordance with all applicable HR policies and procedures. Create a flexible and energized work environment, fostering an atmosphere that enables employee trust and engagement. Inspire confidence and motivate others to perform at their best. Develop and coach staff while effectively addressing performance issues.
- Manage the vendor security assessment and testing process. Test systems and/or oversee testing of vendor systems and applications, assess vulnerabilities and discuss findings with leadership to determine if systems are within acceptable technology risk levels. Work with vendors as needed to improve their security.
- Design and implement processes and procedures, e.g. perform monthly scans using scanners such as Nmap, Nessus Qualys, etc., to identify and track vulnerabilities and fixes.
- Direct, perform and manage penetration tests and testing on an as needed basis.
- Lead the monitoring of web traffic for patterns of malicious activity (Tipping Point, Websense, and others).
- Lead the monitoring of the main Anti-virus console for infected machines and investigate them.
- Configure, administer and monitor the SIEM solution such as Logrhythm, Splunk, Alien Vault, etc.
- Manage the evaluation of vendors, products and technologies in order to improve the banks security posture.
- Manage the identification, tracking and monitoring of vulnerability and emerging threat issues and resolve with appropriate information technology groups. Issues could involve security risks to clients, technology, and operations.
- Direct and expand the vulnerability management program. Continually enhance and improve program parameters. Update as needed based on attack and countermeasure experiences and developments worldwide.
- Integrate threat modeling practices into the vulnerability management standards, policies, procedures and protocols.
- Develop close working relationships with internal departments and external vendors and partners to communicate technical issues and vulnerability findings. Translate complex security issues into layman’s language, providing support and assistance as needed to ensure understanding and action by the appropriate parties.
- Maintain current on information security field and geo-political developments including vulnerabilities, attacks, and countermeasures that have the potential of affecting the organization’s businesses and employees. Research and keep abreast of information security issues and incidents occurring nationally and internationally while defining and advancing threat and risk concerns.
- Prepare and deliver briefs and reports on security threats, vulnerabilities, and developments and make recommendations for changes or improvements in security direction and approach.
- Maintain a network of internal and external contacts to keep abreast of vulnerability issues and organizational responses.
- Manage and perform user access reviews for regulatory reasons (for example PCI and GLBA).
- Direct and/or perform vendor security reviews as needed.
- Perform other related duties as assigned.
- An undergraduate degree in information systems or a related field or an equivalent combination of training and experience.
- A minimum of 5 – 8 years related hands on experience in security assurance, penetration testing or vulnerability management
- Previous leadership and/or supervisory experience
- Previous experience with application security source code reviews, commercial and open-source network and application testing tools
- Certifications in one or more of the following: CISSP, GIAC, CEH, ECSA
- Strong working knowledge in the security aspects of multiple platforms, operating systems, software, communications, and network protocols.
- Advanced knowledge of operating system and database security (Windows, Unix, Linux, SQL and Oracle, etc.)
- Ability to transform technical concepts into usable documented material for non-technical users
- Excellent verbal, written, and interpersonal communication skills
- A team player able to work effectively in a team fostered, multi-tasking environment
- Proficient in Microsoft Office suite, e.g. Excel, PowerPoint, Word, Outlook
- Excellent problem resolution skills
"The Bancorp is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, among other things, or status as a qualified individual with disability."
The Bancorp is an Equal Opportunity Employer