Information Security Officer

Top Information Security Officer Skills

Below we've compiled a list of the most important skills for an Information Security Officer. We ranked the top skills based on the percentage of Information Security Officer resumes they appeared on. For example, 11.2% of Information Security Officer resumes contained Ensure Compliance as a skill. Let's find out what skills an Information Security Officer actually needs in order to be successful in the workplace.

The six most common skills found on Information Security Officer resumes in 2020. Read below to see the full list.

1. Ensure Compliance

high Demand
Here's how Ensure Compliance is used in Information Security Officer jobs:
  • Analyzed current resources and recommended strategies to overcome threats and ensure compliance to state/federal regulations in conjunction with the Technology Team.
  • Conferred with other administrators to ensure compliance with regulatory and corporate policies, procedures and practices of records management program.
  • Provided information security and policy training to employees as periodic training or corrective action to ensure compliance.
  • Complete contract/acquisition security reviews to ensure compliance with VA/Federal statutory and regulatory requirements.
  • Coordinate information security regulatory activities and works with vendors to ensure compliance.
  • Direct interface with government bodies to ensure compliance with security regulations.
  • Communicate & ensure compliance with organizational security policies & standards.
  • Develop specifications to ensure compliance with security requirements.
  • Perform compliance reviews of management testing of internal controls to ensure compliance with the required FISMA test plans and documentation requirements.
  • Lead the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc.
  • Orchestrate infrastructure and product line overhauls to ensure compliance with Patriot Act, AML/CFT, OFAC, and other compliance requirements.
  • Evaluate the Credit Union's policies, procedures, products and programs to ensure compliance with applicable laws and regulations.
  • Conduct various systems and network security reviews to ensure compliance with company policies and industry practices.
  • Interact with NEC and Mission organizations to ensure compliance with information assurance policies and security compliance.
  • Implemented a team of functional ISO's whose charter was to ensure compliance with policies.
  • Selected Achievements: * Rewrote the Regents Information Security Policy to ensure compliance with GLBA.
  • Conducted Site visits to units to ensure compliance in all Certification and Accreditation areas.
  • Work hand and hand with support functions such as IT and Facilities to ensure compliance.
  • Developed sprints for all key provisions to ensure compliance by mandated timeline.
  • Provided Information Security security advice to the business managers and staff Ensure compliance with ETM guidelines.

Show More

2. Risk Assessments

high Demand
Here's how Risk Assessments is used in Information Security Officer jobs:
  • Spearheaded the implementation of information-security initiatives such as Risk Assessments, Vulnerability, Penetration Testing, and Awareness programs.
  • Perform technical and functional risk assessments and audits on clinical systems to ensure compliance and appropriate configurations are implemented.
  • Conducted security audits, reviewed and provided risk assessments, and assisted in developing technical security project plans.
  • Manage audits, vulnerability & risk assessments including internal & external assessments, vulnerability scans & related activities.
  • Conduct risk assessments according to SDLC and coordinate continuous process improvement of Information Security.
  • Perform comprehensive security risk assessments and report and discuss findings and remediation.
  • Lead information security risk assessments and controls selection activities.
  • Coordinate third-party risk assessments for data sharing relationships.
  • Perform security and risk assessments of corporate acquisitions.
  • Protected vulnerable networks following detailed risk assessments.
  • Performed risk assessments and execute tests of data processing system to make sure functioning of data processing activities security measures.
  • Lead access control projects for re-certifications of user access, audits, risk assessments, and log reviews.
  • Manage and conduct periodic risk assessments, application scans, and vulnerability scanning activities.
  • Focused on compliance, providing organizational and top client risk assessments annually.
  • Perform Risk Assessments on new product/systems before, during and after implementation.
  • Perform risk assessments on applications, vendors, processes and projects.
  • Used NIST Toolkit for the security risk assessments.
  • Performed risk assessments, met with auditors and examinators on regular basis to verify procedures being followed.
  • Provided security risk assessments of 3rd party application (products) in digital signatures and e-commerce processes.
  • Performed risk assessments of data center installations, applications, and 3rd party products and connectivity requests.

Show More

3. Information Security Policies

high Demand
Here's how Information Security Policies is used in Information Security Officer jobs:
  • Establish information security policies, standards and processes that align with organizational and regulatory compliance requirements.
  • Developed and implemented line of business and corporate wide information security policies and procedures.
  • Perform periodic risk assessments and adjust information security policies and procedures to minimize risk.
  • Lead development/adoption and enforcement of Information Security policies, procedures, and standards.
  • Managed the development & implementation of Information Security policies & procedures.
  • Identified information security policies, gaps and vulnerability/risk assessment strategy.
  • Developed and maintained all information security policies and procedures.
  • Reviewed proposed company-wide information security policies for IT management.
  • Create, organize and develop corporate information security policies.
  • Created and maintained Information Security policies and procedures.
  • Review and update information security policies and standards to meet the changing needs of the business, security and compliance landscapes.
  • Developed, maintained, and enforced information security policies, procedures, and standards within all operational areas of the Bank.
  • Identified non compliant items to information security policies and drafted risk acceptances if no corrective action plan was in place.
  • Developed and implemented comprehensive Information Security policies for the Asset Management Group, a Global division of AIG.
  • Manage the development, implementation, and maintenance of all information security policies, standards, and guidelines.
  • Recommend and played a vital role in implementing changes to information security policies, standards, guidelines.
  • Manage the implementation of Information Security Policies into the day to day business of the Corporation.
  • Develop and maintain information security policies, procedures, standards, and guidelines.
  • Develop, review, and enforce information security policies and procedures.
  • Key Contributions: Ensure business complied with established Information Security Policies and Standards.

Show More

4. Information Security Program

high Demand
Here's how Information Security Program is used in Information Security Officer jobs:
  • Identify key security program elements and determine which departments or offices must be involved in building a comprehensive information security program.
  • Established effective communication channels and implemented controls to ensure alignment of the information security program with organizational objectives.
  • Established and trained Information Security Liaisons in each county to expand the information security program.
  • Update and develop Information Security Program to adhere to State and Federal Regulatory requirements.
  • Secured commitment for appropriate talent/resource levels and investments for the information security program.
  • Established divisional Information Security Program for four domestic locations and seven international sites.
  • Redesigned existing Information Security Program to operate as a service to the business.
  • Established the entire information security program with all relevant policies and procedures.
  • Developed a written information security program for the company.
  • Entrusted to turnaround people, processes, and technology solutions to meet enterprise wide information security program standards.
  • Reported directly to the Chief Risk Officer to provide independent oversight of the information security program.
  • Conduct annual audit of customer information security programs and provide report to the Board of Directors.
  • Developed the Information Security program used by the department and 55 county offices.
  • Analyzed metrics and predicted trends for various Information Security programs and projects.
  • Experienced in IPS/IDS, DLP, Forensics and Information Security Program awareness.
  • Developed the Information Security Program from the ground up.
  • Build an Information Security Program utilizing ISO 27002.
  • Maintain the Information Security Program and related policies.
  • Administer and enforce the Information Security Program.
  • Assisted in the development of the Deutsche Bank Global Information Security program.

Show More

5. Recovery Procedures

high Demand
Here's how Recovery Procedures is used in Information Security Officer jobs:
  • Developed systems security contingency plans and disaster recovery procedures.

Show More

Job type you want
Full Time
Part Time
Internship
Temporary

6. Infrastructure

high Demand
Here's how Infrastructure is used in Information Security Officer jobs:
  • Provided security services covering infrastructure security management, developed security organizational structure, budgeting, security policy development and security reporting.
  • Directed the infrastructure and organizational separation, including applications planned for use in both environments.
  • Develop baseline configuration requirements for all Global firms for Windows Servers and Network Infrastructure devices.
  • Designed a new computing infrastructure solution protecting network and data from exposure or unauthorized access.
  • Performed application (.NET environment) and infrastructure security assessments.
  • Designed and maintained production hardware and software infrastructure.
  • Supported network systems, including infrastructure redesign.
  • Led comprehensive security infrastructure upgrades.
  • Monitored and supported the company network while resolving issues on policy infrastructure, spoofed IP addresses, and reported virus alerts.
  • Directed and managed all regional risk reviews of new applications, services, and infrastructure being introduced into US Bank environment.
  • Trusted with all secure keys, critical infrastructure, user names and passwords for 100% of RCOM's network.
  • Managed, implemented, and supported campus wide policies, processes, and procedures for IT Infrastructure.
  • Conduct formal risk assessments on new and legacy infrastructure, applications, and business process.
  • Perform application vulnerability reports with developers and infrastructure groups to provide recommended plans to resolve.
  • Consolidated the IT infrastructure communications room.
  • Conduct security assessments for acquisitions due diligence, vendors, remote Assurant offices, new and existing applications, and infrastructure.
  • Advanced to senior systems and network analyst role to provide IT leadership for high sensitive high sensitive technology infrastructure.
  • Designed, deployed and maintained virtual infrastructure for the company's production environment using VMWare technology.
  • Restructured and organized Advomas's physical and virtualized infrastructure.
  • Schedule reviews of virus scanners, spyware & patch management environments to ensure Certegy's global infrastructure is protected.

Show More

7. ISO

high Demand
Here's how ISO is used in Information Security Officer jobs:
  • Managed preparation of artifacts for information security audits and served as a liaison to Internal Audit.
  • Author and Execute Security Architecture and Plan in compliance with NIST, ISO 2700, and DoD IT Security Policies.
  • Act as liaison for audit and other regulatory requests and assist in the resolution of security-related control issues.
  • Functioned as a liaison and coordinate d support within the CITM -Tech organization for all Audit Regulatory Reviews.
  • Maintain a dotted line reporting relationship to the DHS Chief Information Security Officer (CISO).
  • Serve as the liaison between the Information Technology Department and the Internal and External Auditors.
  • Recommend solutions and best practices for Information Security Governance and practical approaches to ISO framework.
  • Prepared a comprehensive global information security policy structured to be in compliance with ISO 27001.
  • Manage Risk Assessment Process, perform security control gap analysis using ISO 27000 standards.
  • Serve as a company liaison to provide remediation options to deficient third-party assessments.
  • Achieved ISO27001 certification for the ANOVO England business unit in 2 months.
  • Achieved ISO27001 Certification for the entire 3M data centers.
  • Chaired Security Operations working group, including client CISO.
  • Developed FISMA, ISO and NIST crosswalks and mapping.
  • Represent TSA in the DHS Chief Information Security Council (CISO) Council, chaired by the DHS CISO.
  • Performed ISO 27001 gap analysis and developed mappings between HIPAA and ISO 27001 to determine effort required to implement ISO 27001.
  • Architected networks into a reliable, flexible, and secure configuration capable of isolating security events.
  • Provided Client and Helpdesk support for end users in both stateside garrison environments as well as foreign deployed theaters of war.
  • Maintained readiness for client audits as well as annual ISO 27001 recertification audit.
  • Help Desk Supervisor Manage the IT Support team for Citibank, P.R.

Show More

8. Risk Management

high Demand
Here's how Risk Management is used in Information Security Officer jobs:
  • Created and implemented complete security program, including corporate security policy handbook, audit and risk management processes.
  • Create and ensure information security and risk management processes are disseminated to the organization.
  • Worked with risk management team to design and implement global security architecture.
  • Worked closely with risk management team to create worldwide security architecture.
  • Designed and deployed a Corporate Information Security Risk Management program.
  • Created Risk Management framework (based on the CMS standard) and started identifying corporate risks in multiple environments.
  • Collaborated with various USCG departments to ensure that Supply Chain Risk Management was integrated into the acquisitions process.
  • Provided oversight for all security related issues, which included risk management, security, and technology audits.
  • Directed and led all aspects of global information risk management and compliance for this major financial services firm.
  • RISK MANAGEMENT: Certification and Accreditation (C&A) methodology and document templates were developed.
  • Define and execute strategies for risk management, compliance, and all supporting security initiatives.
  • Risk Management no longer appears on any of the IS metrics.
  • Acted as the Information Security Officer for the Risk Management organization.
  • Designed and implemented a risk management framework for Deem.
  • Audit, Risk Management, and Compliance programs.
  • Established and operated an enterprise-wide information security and risk management program as part of Ameriprise Financial s divestiture from American Express.
  • Accomplished the design and deployment of the first IT Risk Management program within the Commonwealth.
  • Worked directly with various technology sectors to facilitate IT risk assessment and risk management processes.
  • Aligned the IT risk management program with the Enterprise Risk Management.
  • Discover client network vulnerabilities Write risk management protocols Establish and maintain client VoIP functionality Maintain passwords for internal and external clients

Show More

9. Vulnerability Assessments

high Demand
Here's how Vulnerability Assessments is used in Information Security Officer jobs:
  • Supported performance of vulnerability Assessments, policy management, and development of key service offerings centered on various Security IT technologies.
  • Enforced Database security through access control, STIG compliance, vulnerability assessments, and vulnerability remediation.
  • Managed and directed vulnerability assessments and provided threat vulnerability reports to client for 30 sites.
  • Facilitate end-to-end Application and infrastructure vulnerability assessments of all applications in the investment banking area.
  • Led vulnerability assessments against emerging technologies in a fast paced, high visibility environment.
  • Coordinate network penetration testing, vulnerability assessments, risk analysis & compliance testing.
  • Conducted security and vulnerability assessments of Duke Medicine core infrastructure and information systems.
  • Directed vulnerability assessments as well as penetration tests and any required remediation.
  • Oversee vulnerability assessments and penetration tests and manage remediation efforts.
  • Perform vulnerability assessments and penetration tests of the infrastructure.
  • Develop and manage IT security initiatives and vulnerability assessments.
  • Planned and executed comprehensive vulnerability assessments and penetration testing.
  • Evaluated new security technology and conducted vulnerability assessments.
  • Perform Network Vulnerability Assessments and Application Vulnerability Assessments.
  • Managed campus-wide vulnerability assessments and external penetration testing.
  • Conducted 17 Web application vulnerability assessments.
  • Complete security reviews of networks and IT infrastructures; conduct and evaluate vulnerability assessments, penetration tests, and risk assessments.
  • Scheduled and conducted multiple External and Internal PEN test and Vulnerability Assessments.
  • Performed ongoing vulnerability assessments of all healthcare systems and worked closely with the infrastructure and application departments to develop remediation strategies
  • Implemented vulnerability assessments (Qualys) and Intrusion Detection (Snort) Completed the Implementation of VPN appliances for remote connectivity.

Show More

10. Hipaa

high Demand
Here's how Hipaa is used in Information Security Officer jobs:
  • Performed ongoing information risk assessments and audits to ensure that information systems were adequately protected and met HIPAA certification requirements.
  • Appointed Information Security Officer to manage HIPAA Security regulations.
  • Complied University-wide with federal HIPAA security and privacy regulations.
  • Protected sensitive PHI (HIPAA-regulated) and bank account (GLBA-regulated, and, initially, PCI) data.
  • Trained all staff on proper HIPAA compliance as the HIPAA Compliance Officer and conducted in person training and certification.
  • Established and administered the company's IT security policies and procedures in accordance to HIPAA and HITECH regulations.
  • Reviewed and approved all HIPAA, PHI, PCI, and other confidential data handling practices.
  • Organized HIPAA transaction, privacy, and security committees and created/managed HIPAA security plan and documentation.
  • Chaired the corporate HIPAA Security Task Force and regional HIPAA Community Task Force for Arizona.
  • Implemented, managed, and enforced information security directives as mandated by HIPAA.
  • Managed the development of current compliance policies in accordance with HIPAA regulations.
  • Managed the drafting and enforcing of HIPAA security policies and procedures.
  • Achieved HIPAA Privacy/Security Rule Compliance within seven months.
  • Drafted corresponding policies and procedures for HIPAA compliance.
  • Obtained HIPAA/HITECH, SOC2 and Joint Commission certification.
  • Established an Information Security Steering Committee Spearheaded HIPAA Compliance initiative.
  • Develop and present annual education awareness program for all users of the network focusing on HIPAA regulation and Alegent policies.
  • Prepared a gap analysis and remediation plan to implement IT process following NIST 800-66 HIPAA security rules for IT.
  • Participate in agency Policy Review Committee, HIPAA Policy Working Group and LEAN Steering Committee.
  • Selected Accomplishments: * Developed roadmap that ensured organizational compliance with the HIPAA Security Rule.

Show More

11. Business Continuity Plan

high Demand
Here's how Business Continuity Plan is used in Information Security Officer jobs:
  • Developed requirements and guidelines for a Business Continuity Plan and assist business units in developing their plan.
  • Assisted in developing business continuity plans, backup procedures and disaster recovery plans.
  • Direct development and execution of an enterprise-wide disaster recovery and business continuity plan.
  • Developed the organizations Business Continuity Plan including driving annual table top exercise.
  • Expanded nascent DR program into a fully-realized Business Continuity Plan.
  • Participate in disaster recovery services testing and Business Continuity Planning.
  • Reviewed and tested Disaster Recovery Plan and Business Continuity Plan.
  • Assisted with Business Continuity planning, testing and documentation.
  • Directed efforts in business continuity planning, auditing, and risk management, as well as contract and vendor negotiations.
  • Led the creation, testing and maintenance of an executable business continuity planning for all US and overseas locations.
  • Developed Business Continuity Plans to sustain the current infrastructure in the event of a catastrophic outage in system fault.
  • Directed program Risk Assessments and System Security Plans as well as the Disaster Recovery and Business Continuity Plans.
  • Lead the corporate Business Continuity Planning (BCP) and Disaster Recovery (DR) program.
  • Develop, implement and train the bank's disaster recovery and business continuity plans.
  • Created and upgraded business continuity plan and conducted table top exercises for plan testing.
  • Review, maintain and enhance business continuity plans, to ensure compliance.
  • Developed business continuity plan and led the testing of the plan.
  • Establish a Business Continuity Plan for engagements and support functions.
  • Developed contract specific systems security plans, risk assessments, and business continuity plans.
  • Experienced with Business Continuity Planning / Disaster Recovery & Offsite Secure Storage.

Show More

12. Incident Response

high Demand
Here's how Incident Response is used in Information Security Officer jobs:
  • Established and Managed the Security Incident Response Team and forensics investigation of Visa and Mater Card related information security breaches.
  • Managed Incident Response, ensured electronic evidence integrity, handled media inquiries, and coordinated with law enforcement.
  • Developed Incident Response Management and Reporting system, bringing transparency and accountability to campus computing units.
  • Managed the corporate incident response program for internal and external information security breach events.
  • Develop Incident response Plan and architectural designs for implementation for Data Loss Prevention.
  • Supported and coordinate incident response activities involving the facility.
  • Formulate and implement an incident response strategy.
  • Created, implemented, and enforced University-wide Information Security, Privacy, PII, Incident Response and PDA security policies.
  • Created company policies and procedures governing corporate security, email and Internet usage, access control, and incident response.
  • Worked with outside counsel to draft an IRP (Incident Response Plan), and subsequent table top exercise.
  • Led an incident response team to contain, investigate, and prevent future computer security breaches.
  • Served as the enterprise focal point for computer security incident response planning, execution and awareness.
  • Developed a computer security incident response team (CSIRT) manual, processes, and training.
  • Performed incident response related to alerts and trained staff to handle the alerts.
  • Managed Incident Response of data security breach by bank officer (SB1386).
  • Developed and implemented a corporate wide Incident Response Plan and Procedure.
  • Created Incident Response standards and program utilizing the VERIS framework.
  • Provided Computer Incident Response Training and certification for 10 3M IT professionals Deployed formal architecture upgrade and process re-engineering for:.
  • Work with technology resources to administer Fiserv's Information Security Program, Threat Assessments, Incident Responses and Remediation Activities.
  • Developed and trained work teams in incident response and BCP/DR using Sungard LDRPS.

Show More

13. Deliver Information Technology

high Demand

14. Security Awareness

high Demand
Here's how Security Awareness is used in Information Security Officer jobs:
  • Oversee all IT security functions including security awareness, risk management, vendor security, and disaster recovery planning.
  • Provide line of business specific security awareness and training as deemed necessary or as requested.
  • Implemented security awareness seminar program, made presentations to Agency Divisions and external partners.
  • Coordinated Information Security Awareness activities within GECD, including compliance with training requirements.
  • Led information security awareness and training initiatives to educate workforce about information risks.
  • Developed and conducted training seminars for Intellectual Property and Information Security awareness.
  • Designed and delivered security awareness training initiatives to senior management and staff.
  • Conducted security awareness training seminars, initiated Divisional InfoSec programs for compliance.
  • Promote security awareness and communicate ways to ensure security compliance.
  • Promote and implement security awareness programs within the business groups.
  • Established a comprehensive Information Security Awareness program for DFA/FATCA compliance.
  • Developed and managed the information security awareness and training program.
  • Created and gave security awareness training for the organization.
  • Developed the Corporate Security Awareness Program.
  • Established a security awareness program.
  • Provide annual information security awareness education to all staff in the Americas and also to new hires.
  • Work with legal, privacy, and HR teams on security awareness and training.
  • Establish Security Awareness, Executive briefs, Brown Bag lunch programs, FBI InfraGard.
  • Invited presenter on Social Media at the Ohio State University Security Awareness Day.
  • Perform annual Security Awareness Training to all Bank of China employees in the USA

Show More

15. Data Privacy

average Demand
Here's how Data Privacy is used in Information Security Officer jobs:
  • Served as the company CISO and Privacy Officer supporting information security initiatives as the security and data privacy subject matter expert.
  • Participated in GLBA data privacy, Swiss Banking regulations, California Privacy Act, and SOX initiatives.
  • Mitigate business risks through the development of data privacy, information security, and corporate compliance programs.
  • Drafted, led, and implemented global data privacy and security policies and procedures.
  • Perform Information Security activities ensuring clients and business data are secured and in compliance with data privacy laws and regulatory requirements.

Show More

16. Architecture

average Demand
Here's how Architecture is used in Information Security Officer jobs:
  • Recommend Best Practices in IT Security policies, procedures, operational improvements and architecture leading to recommendations in Technology Optimization Program.
  • Worked closely with business and technology counterparts to understand the enterprise objectives and initiatives and their impact on the Security Architecture.
  • Modified corporate security architecture in real-time response to changing corporate needs, including the astronomical growth of Internet usage.
  • Developed and maintained firm's the enterprise security architecture strategy and ensure alignment with the enterprise objectives and initiatives.
  • Key stakeholder and participant responsible for developing the security architecture used to provide security services across the enterprise.
  • Designed and developed a new Enterprise Security Architecture and Business Continuity Program for this company from scratch.
  • Established centrally managed web based architecture enabling control and visibility into asset inventory, billing and services.
  • Led security architecture and engineering efforts within the SDLC ensuring control application and operational compliance.
  • Performed Security Architecture reviews of both internally developed applications and vendor supplied applications.
  • Provide security architecture and compliance guidance to project teams on new technology initiatives.
  • Developed and implemented security architecture for the corporate message switch environment.
  • Developed IT Security Strategic plans and Security Enterprise Architecture.
  • Developed and implemented a LAN to mainframe security architecture.
  • Performed Client Assistance yearly audits such as, logical, application, terminated user, and Network Diagram/Physical Architecture Diagram etc.
  • Managed seven teams of network engineers in the development and integration of the design and architecture of a secure network.
  • Produced >$5M in annual savings by designing and implementing first tactical security architecture and 3-year information security plan.
  • Based upon the Microsoft stack in a cloud-based system architecture.
  • Provided leadership for the disaster recovery, security architecture software and desktop, including virtural architecture.
  • Perform IT project management, architecture and strategic planning; work cohesively and effectively with other branches within ITC.
  • Developed IT strategic plan and architecture roadmap.

Show More

17. Administer Contracts

average Demand
Here's how Administer Contracts is used in Information Security Officer jobs:
  • Support, manage and administer contracts.

Show More

18. Pci-Dss

average Demand
Here's how Pci-Dss is used in Information Security Officer jobs:
  • Developed organization-wide PCI-DSS policy to ensure compliance with requirements.
  • Worked with independent QSA and Fandango teams to ensure annual PCI-DSS compliance for all of Fandango's businesses.
  • Manage and participate in PCI-DSS, internal and vendor IT audits of varying scope.
  • Led project for obtaining PCI-DSS compliance for five enterprise systems.
  • Led vulnerability scanning and penetration testing for PCI-DSS compliance.
  • Lead 5 regional PCI-DSS certifications annually.
  • Established the firm's PCI-DSS and US state compliance (such as MA 201) programs.
  • Drive enterprise compliance with HIPAA, SOX and PCI-DSS.
  • Managed incorporation of PCI-DSS solution, supervising development teams working in multiple locations.
  • Established a comprehensive Information Security Program with strategic and tactical objectives to achieve sustainable HIPAA, PCI-DSS and FISMA compliance.

Show More

19. SOX

average Demand
Here's how SOX is used in Information Security Officer jobs:
  • Authored Information Security policy in compliance to SOX requirements.
  • Managed SOX information security assessments.
  • Assess infrastructure improvements and audit for regulatory compliance such as HIPAA, PCI, SOX, COBIT/ISO frameworks.
  • Manage, PCI Compliance, SOX and the protection of Customer PII Data to protect overall information security.
  • Updated over 80 security policies and procedures to align with facility HIPPA, SOX and PCI/DSS compliance laws.
  • Provided documentation that systems were compliance with regulatory requirements of HIPAA, PCI, SOX, etc.
  • Engaged to design and implement an enterprise-wide information security program to achieve SOX and HIPPA compliance.
  • Provided significant contribution to lower one customer's SOX 404 ITGC controls from 56 to 32.
  • Manage the design and implementation of enterprise-wide J2EE/.NET applications to monitor and confirm SOX404 compliance.
  • Ensured compliance with various regulations such as Gramm-Leach-Bliley Act, SOX and ISO 17799.
  • Segment Information Security Officer for Ovations Administration responsible for HIPAA and SOX requirements.
  • Performed annual department review in developing and updating controls for SOX 404 program.
  • Developed training documentation for GLBA, SOX, AML and HIPAA compliance processes.
  • Led and delivered global IT SOX, PCI, PII (China, EU, and US) and HIPAA programs.
  • Ensured compliance with information security standards (ISO 17799 & 27001) & SOX 404.
  • Established HIPAA, NIST, OECD and SOX compliant IT policies.
  • Assure compliance with SOX, HIPPA, and government health mandates.
  • Prepared PCS for SOX and SEC compliance.
  • Led IT audit and privacy initiatives addressing FDA, SOX, and HIPAA requirements.
  • Spearheaded a SOX based control framework to reduce risk and audit exposure.

Show More

20. Governance

average Demand
Here's how Governance is used in Information Security Officer jobs:
  • Executed a system-wide assessment of information security operations resulting in necessary governance improvements to system wide network security administration and controls.
  • Partnered with the Corporate Policy Governance Team to lead the rewrite Corporate Policy 401 Safeguarding Corporate Proprietary/Confidential Information.
  • Reviewed project plans, developed and interpreted organizational goals, policies and procedures relating to project governance.
  • Managed governance and risk analysis for a global financial data storage and relocation regularity project.
  • Established Project Management Office and Governance maximizing system investments and efficiency across lines of business.
  • Attained original PCI certification, and put in place governance that ensured successful re-certification.
  • Participated in and ran technology and security governance, and statewide initiatives.
  • Developed a Governance, Risk, and Compliance function and integrated risk assessment processes into the security program.
  • Utilized Archer Technologies (now EMC) Governance, Risk and Compliance (GRC) software.
  • Chaired and created a security governance committee with key stakeholders to prioritize efforts.
  • Created PMO and trained organization on common project portfolio governance standards and procedures.
  • Developed and managed the Information Security governance program for the Bank.
  • Created the Information Security Governance Committee and Security Test Groups.
  • Led security, risk and compliance strategy and managed governance.
  • Perform Information Security Governance role of the outsourced function.
  • Implemented enterprise-level security governance program securing 8+ million FAFSA financial records and multi-site call centers.
  • Partner with corporate compliance, privacy, and legal on governance, privacy, risk , and compliance matters.
  • Work closely with faculty, faculty council and other governance groups to vet policies and discuss IT initiatives.
  • Managed an IT Governance Office for 370+ professionals and a $17M annual budget.
  • Established EMR, Privacy and Security Governance, and Information and Privacy Office.

Show More

21. Information Technology

average Demand
Here's how Information Technology is used in Information Security Officer jobs:
  • Managed information technology operations and management services including delivery of communications, programming and computing services.
  • Research information technology security trends and products, and evaluate their cost effectiveness and feasibility.
  • Created processes for the inclusion of information security into daily business and information technology operations.
  • Implemented risk based metrics to evaluate and report on Security and Information Technology domains.
  • Provide advice to the VP of information technology in regulatory matters and information security.
  • Have carried out the internal audits and external regulatory carried out to information technology.
  • Determined acceptable risk levels and appropriate cost saving controls for mission critical information technology systems
  • Developed and maintained UTA's strategic information technology security plan and corresponding security budget.
  • Maintained a broad knowledge of state-of-the-art information technology security equipment, and systems.
  • Provide vision and leadership for developing and implementing information technology initiatives.
  • Investigate and respond to security policy violations regarding information technology resources.
  • Provide leadership and strategy for the integration of information technology services.
  • Mandated use of PMO and supporting technology for all projects State of New Jersey - Office of Information Technology
  • Develop, track, and control the information technology annual operating and capital budgets.
  • Assisted the University in its compliance with relevant information technology laws and policies.
  • Developed the college's Acceptable Use Policies and Information Technology related policies.
  • Acted as liaison for all Information Technology vendors and auditors.
  • Managed all Information Technology functions and employees for 20 locations.
  • Manage and respond to day to day Information Technology and Security issues.
  • Implemented an Enterprise-wide Information Technology security strategy for a Windows NT environment.

Show More

22. Cyber

average Demand
Here's how Cyber is used in Information Security Officer jobs:
  • Experienced with implementing Cybersecurity Best Practices for use with security engineers performing day to day operations for JSP/JP22 networking directorate.
  • Delivered a critical services and data security approach leveraging industry best practices, delivering tailored solutions around cyber security.
  • Improved relations with external partners to collaborate as partners in difficult cybersecurity and risk environment.
  • Revamped incident response including forensics retainer and cyber insurance.
  • Delivered a global cyber management program.
  • Developed a strategic partnership with Legal, BOD and Public Relations to ensure consensus on the Cybersecurity Program.
  • Manage Cyber Security Information Protection needs for BP Gasoline and Crude Oil Trading Organization located in Chicago.
  • Revised security and end user computing policies and procedures to comply with the new cyber security initiatives.
  • Manage the Cyber Security Program for a Department of Energy (DOE) scientific research laboratory.
  • Brand Protection in Cyber Security (Web, Search, Reputation, Scams).
  • Created cyber security outreach for business unit (structure and product/service offering).
  • Presented Cyber Security Risk Profile to New York State Chamber executives and Senators.
  • Oversee and manage the information and cyber security risk manage program.
  • Serve as principal resource for cybersecurity for the FCC.
  • Developed and implemented a multi-year cyber security program leveraging industry framework.
  • Provide oversight to Cybersecurity program, as well as management, scope, and direction for FCC Cybersecurity Program goals.
  • Designed and maintained the Cybersecurity risk assessment and overall IT Risk assessment.
  • Selected to several international cybersecurity and security committees and boards; contributed and presented strategic guidance and directives to multi-national organizations.
  • Developed a roadmap to establish a defendable approach to cyber security.
  • Risk Mitigation and Business Continuity Management of Security Controls System Security Procedures Cybersecurity Applications

Show More

23. Security Management

average Demand
Here's how Security Management is used in Information Security Officer jobs:
  • Collaborate with corporate C-level management teams and subsidiaries to provide concrete guidance in information security governance and enterprise security management challenges.
  • Established the standard operating procedures for Security Management, Information Security, and Information Management for the Maneuver Center of Excellence.
  • Authored numerous security policies in support of security management, participating in regular audits to ensure regulatory compliance.
  • Reduced AH's CyberRisk insurance premiums due to recognized best practices in information security management.
  • Spearheaded the development, operations and maintenance of the Information Security Management System.
  • Provide expertise and ingenuity to the risk and information security management tasks.
  • Developed and managed the organization s Information Security Management Program.
  • Developed the Information Security management vision & strategy.
  • Lead Social Security Administration (SSA) audit that conforms to Federal Information Security Management Act (FISMA) standard.
  • Utilized experience in Network security management, security development and enterprise level solutions, supporting a 50,000 node V-LAN network.
  • Direct all aspects of leading the mandated information security program under the Federal Information Security Management Act of 2002.
  • Coordinate information security management and governance across AH's 19 hospitals, 150+ clinics, 39 rural health clinics.
  • Direct compliance of 80+ TSA Systems with the Federal Information Security Management Act (FISMA).
  • Lead, manage, and deliver the enterprise Information Security Management program for all US entities.
  • Provided on-site security management and engineering on Multi-Level Security (MLS) systems for AMC.
  • Evaluated ISMS (Information Security Management Systems) and Risks against ISO 27001 controls.
  • Implemented security management programs through industry standards, including ISO 27002 and COBIT.
  • Remained compliant with the Federal Information Security Management Act (FISMA)
  • Assist Office of Cyber Security in complying with the Federal Information Security Management Act (FISMA) and other security-related legislation.

Show More

24. Assurance

average Demand
Here's how Assurance is used in Information Security Officer jobs:
  • Chaired information security risk management governance oversight committee providing corporate level assurance of control implementation and function for compliance.
  • Evaluated vulnerability scans utilizing network scanning tools and software to notify system administrators of applicable Information Assurance Vulnerability Alerts.
  • Developed strategies and plans for identity management, federated identity, strong authentication, levels of assurance.
  • Assisted Software Engineering on incorporating product assurance and secure programming processes into the Development Life Cycle.
  • Conceptualized, created, led and matured a highly successful enterprise-wide information security and assurance function.
  • Collaborated on Defense Information Assurance Certification and Accreditation Process (DIACAP) instruction.
  • Analyze ALL information assurance-related technical problems and provided engineering and technical support.
  • Created and developed Information Assurance Vulnerability Alert policy and procedures.
  • Implemented metrics-based management solutions to run our Information Assurance business.
  • Developed sweeping IT governance program which incorporated ITIL, CMMI, and COBIT framework for executing process rigor and compliance measurements/assurance.
  • Directed State of Colorado's Information Assurance, Risk Management, and Compliance managed services programs.
  • Lead a Satellite Flight Operations (DoDD 8581 Information Assurance and FISMA) security assessment.
  • Served as the focal point for information protection and assurance for Lehman Brothers worldwide.
  • Task with the responsibilities of the development of the City Information Assurance program.
  • Implemented SSAE16 SOC1 and SOC2 program for client assurance.
  • Manage Quality Assurance staff for application testing and deployment.
  • Manage the IS function by implementing relevant security technology platforms that delivery information assurance for operational and business continuity initiatives.
  • Identified and managed information assurance during the integration of critical ERP and communication systems and the datacenter consolidations.
  • Direct all aspects of the overall operation of the TSA Information Assurance and Cyber Security Division.
  • Led the cyber security team and ensured tactical execution of cyber security plans for agency's information assurance office.

Show More

25. Security Requirements

average Demand
Here's how Security Requirements is used in Information Security Officer jobs:
  • Manage the vendor contracts regarding information security input and work to ensure vendor compliance to agreed upon information security requirements.
  • Consulted on information security requirements, and policy and control standards on proposed process changes on new and existing applications.
  • Fostered a change in culture that embraced new and challenging security requirements by improving communication and education.
  • Review network architecture designs and ensure projects meet development standards and adhere to security requirements.
  • Interpret and translate the information security requirements of the business IS programs into technical requirements.
  • Evaluate security solutions to ensure they meet security requirements for processing classified information.
  • Developed strategies and plans to achieve security requirements and address identified risks.
  • Drafted high-level, tactical, and strategic recommendations for security requirements.
  • Implemented security tools and technology to meet security requirements.
  • Validated network security requirements, local area network administrator.
  • Provide guidance on government mandated security requirements.
  • Organized, planned and implemented AH's strategy to meet Meaningful Use information security requirements across all Adventist Health entities.
  • Created and developed a Security Compliance team to assist the colleges in meeting COV security requirements and preparing for audits.
  • Develop, maintain and oversee policies, processes and control techniques to address all applicable information security requirements.
  • Assist HQ AMC in identifying security requirements for client/server-based MLS programs and facilities under AMC control.
  • Establish procedures to support IT security requirements, and support compliance measurement and reporting.
  • Review security requirements of all projects that contain IT components.
  • Review legal contracts providing language to ensure Assurant compliance or vendor compliance with appropriate security requirements.
  • Aligned 2015-16 Security Requirements with annual Forecasting & Budgeting roadmaps.
  • Review business associate contracts and practices to ensure HIPAA information security requirements are being met and enforced.

Show More

26. Fisma

average Demand
Here's how Fisma is used in Information Security Officer jobs:
  • Provided security industry leadership by speaking at national and regional conferences on subjects of Data Privacy, Compliance/Risk/Governance and FISMA/NIST Implementation.
  • Performed annual information security self-assessments for FISMA compliance.
  • Lead efforts and implemented strategies to achieve an accreditation status for the medical center during the FISMA 2016 audit season.
  • Created an aggressive strategy to establish security documentation to meet FISMA and NIST requirements under the Risk Management Framework.
  • Provide oversight to security projects to ensure that they meet FISMA requirements and follow NIST guidelines.
  • Considered extremely knowledgeable in utilizing the SMART database, the VA's FISMA compliance tool.
  • Coordinate compliance programs for applicable regulation (HIPAA, FERPA, PCI, DoD 8500, FISMA, CJIS).
  • Enforce compliance for federal regulations, including HIPAA, NIST, FISMA, HITECH, etc.
  • Phase two underway following a FISMA framework Security Architecture Lifecycle: Identified existing dated security controls and replaced with modern capability.

Show More

27. Access Control

average Demand
Here's how Access Control is used in Information Security Officer jobs:
  • Provided information risk management services including policy reviews, procedure development, access control, asset classification and compliance reviews.
  • Evaluated existing systems and provided recommendations on infrastructure upgrades, information systems architecture, access control systems and physical security.
  • Lead a team of information security professionals dedicated to core information security practices including identity management and access control.
  • Identified and Mitigated Risk: Created and managed internal access control monitoring that identified unique network behavior.
  • Consulted with Business Associates for physical security and access control mechanisms at off-site locations.
  • Reviewed access controls entitlements and provided reports to senior management on a quarterly basis.
  • Ensured proper addressing with access control, disaster recovery and risk management requirements.
  • Developed baseline security models and access control policies.
  • Managed several projects to ensure better access control, accountability, and log monitoring of the bank's systems.
  • Lead network, server, application, access control (Identity, IDS/IPS) system design and implementation efforts.
  • Serve as subject matter expertise to director level staff on access control regulations and best practices.
  • Experience planning, organizing, and administering Resource Access Control Facility (RACF) access.
  • Administered Network Access Control devices to control the integrity and security of the network.
  • Assisted with the implementation of a role-based access control single sign on system.
  • Implemented Cisco ISE system for Wireless Access control for the county wireless.
  • Implemented User ID & Password Provisioning and Role Based Access Control.
  • Investigate possible security violations through access control audits and CCTV.
  • Report writing and access control to property.
  • Access Control granting, revoking and monitoring.
  • Provided access control to multiple buildings.

Show More

28. CIO

average Demand
Here's how CIO is used in Information Security Officer jobs:
  • Reported to Global Information Security Officer with dotted line responsibility to Shared Services CIO.
  • Oversee program operations and business development on Internal Revenue Service TIPPS 4, CIO SP3, and commercial opportunities and contracts.
  • Provide strategic-level security leadership and security operations oversight to the HP Global IT infrastructure and Operations (ITIO) CIO.
  • Worked with CIO to enhance security efficiency and capabilities, right-size staff, and reduce spend by 50%.
  • Worked with CIO in establishing centralizing AWS management as well as the CTO/Applications in establishing a cloud development environment.
  • Stepped in to fill an additional IT leadership role during CIO transition while continuing to shoulder CISO responsibilities.
  • Deployed a corporate wide Intrusion Detection System (SNORT) to monitor suspicious network activity.
  • Deployed tools utilizing the new aggregation infrastructure resulting in the detection of malicious traffic.
  • Assisted CIO in creating IT integration plan for upcoming acquisition of Sun Health
  • Observed CCTV monitors for suspicious activity in and around the facility.
  • Created security-conscious culture through policy, training, and education.
  • Worked with the CIO to establish a Governance Model.
  • Participate in CIO and SVP level leadership teams and meetings
  • Collaborated with the CIO, Audit, and business.
  • Serve as the primary advisor to the Chief Information Officer (CIO), regarding all agency-wide IA issues.
  • Provided expert advice, recommendations, and representation to the Deputy Secretary and CIO in all areas of cybersecurity.
  • Installed enterprise level anti-spam appliance that resulted in 80 percent drop in emails with malicious malware.
  • Assisted the CIO in establishing the City's first multi-tier Security IT governance structure.
  • Deployed corporate Security roadmap and scorecard sponsored by the COO and CIO.
  • Developed and delivered Cybersecurity presentations to private equity firm CIOs and Board representatives.

Show More

29. Security Incidents

average Demand
Here's how Security Incidents is used in Information Security Officer jobs:
  • Led creation of Incident Reporting and Response System to document information security incidents, alleged security policy violations and external complaints.
  • Collaborate closely with state and federal authorities to ensure policy compliance and to report on security incidents.
  • Developed security incident prevention and response program and serve as central point of coordination for security incidents.
  • Increase the reporting of security incidents through consistent communication, expectations, and resolution.
  • Acted as the primary control point during significant information security incidents.
  • Investigate and recommend appropriate corrective actions for IT security incidents.
  • Liaised with customers with regards to information security incidents.
  • Investigated and ensure documentation of security incidents and problems
  • Established incident response program for information security incidents.
  • Analyzed security incidents and escalation of security events.
  • Handle security incidents including employee misconduct.
  • Manage security incidents and forensic activity.
  • Minimized security incidents through the development of various policies, procedures, standards and guidelines and periodic compliance reviews.
  • Started a creative security training and education program that reduced security incidents by 8%.
  • Monitor systems logs, PHI access, and handles security incidents and security endpoint failures.
  • Managed security incidents, confidential matters and events to protect corporate IT assets.
  • Saved $200,000 annually by reducing number of security incidents 55%.
  • Investigated and remediated security incidents.
  • Evaluated security incidents as they occurred and provided research and proper responses to state government in a timely manner.
  • Detect, respond and document security incidents discovered on bank's information systems in a timely manner.

Show More

30. Glba

low Demand
Here's how Glba is used in Information Security Officer jobs:
  • Executed on PCI Level 1 compliance, HIPAA and HITECH, GLBA, protecting the sensitive customer data entrusted to SoundBite.
  • Created, successfully implemented and managed the SOX, GLBA, HIPAA and PCI compliant Information Security Awareness and Training Program.
  • Keep all the documentation based on all bank regulations, FED, SEC, FDIC and according with GLBA.
  • Ensured compliance with the provisions of the Gramm-Leach-Bliley Act (GLBA) and requirements of PCI - DSS.
  • Perform business unit security process reviews on high risk processes in support of the GLBA Testing Program.
  • Implemented GLBA and SSAE16 regulatory compliance programs for two large customers within 1st 60 days.
  • Maintain Security Framework (ISO) to assure GLBA-FFIEC-PCI compliance for all its financial customers.
  • Coordinated all IT audits including SOX, GLBA, PCI, and annual financial audit.
  • Coordinated Regulation P / GLBA / Mass 201CMR risk assessment, and remediation plans.
  • Implemented a Bank wide Information Security and GLBA Privacy Compliance Program.
  • Oversee the GLBA information security risk management program.
  • Project led GLBA Risk Assessment.
  • Maintained SOX, EU Privacy Directive, Safe Harbor, HIPAA, PCI, FCPA, GLBA etc.
  • Maintained compliance with NIST, GLBA, PCI, and FERPA.
  • Completed Meaningful Use Stage 2 compliance and abated breach impact under HIPAA, FERPA and GLBA reporting guidelines.

Show More

31. Business Units

low Demand
Here's how Business Units is used in Information Security Officer jobs:
  • Implemented and promoted a security-minded culture that enhanced information security risk management through strategic partnerships with executive management and business units.
  • Developed and maintained security assessment methodology, technology, and reporting metrics for all business units.
  • Worked with business units to analyze audit findings and help develop procedural strategies for remediation.
  • Produced and disseminated Security Awareness Training affecting employees of all business units in scope.
  • Established partnerships with HR, Legal, Compliance, Ethics, Internal Audit, numerous global business units and IT.
  • Instituted security improvement plans as necessary for business units to achieve appropriate risk levels and compliance with policies and standards.
  • Led technology transformation in and across business units, worked with senior staff to incorporate new systems and solutions.
  • Risk Classification - Interviewed all IT departments and key business units to identify and categorize all technical resources i.e.
  • Collaborated with the various business units on setting up new accounts and reports for internal and external clients.
  • Developed via Scrum-based Agile environment, in close consultation with all business units, spanning 10+ years.
  • Implemented a single ERP solution for all business units, establishing a single ecosystem for the organization.
  • Worked with business units to ensure that patient data subject to protection under HIPAA is properly controlled.
  • Directed First Data's InfoSec strategy and posture and managed InfoSec staff across forty business units.
  • Negotiated vendor agreements for various business units, including marketing, sales, and engineering.
  • Partnered with business units to understand needs within the organization and provide solutions.
  • Work with business units to close security gaps and initiate risk acceptance.
  • Provided IT services for multiple business units operating 24x7 real-time processing systems.
  • Worked with Business units to gain SOC 2/ HI Trust attestations.
  • Worked with business units and vendors to identify security control requirements, establish assessment process and address/remediate weaknesses.
  • Evaluate Cybersecurity threats that may impact the business units and analyze the potential impact.

Show More

32. Penetration Tests

low Demand
Here's how Penetration Tests is used in Information Security Officer jobs:
  • Ensured system safety and security for both University assets and students through penetration tests and vulnerability assessments.
  • Conducted extensive and routine external-view penetration tests and security audits of all network borders.
  • Conducted active penetration tests; discovered vulnerabilities in information systems.
  • Conduct vulnerability scans and penetration tests.
  • Conduct penetration tests, review system logs, configure firewalls, configure anti-virus software, and manage web proxy.
  • Lead third-party risk assessments, Enterprise Penetration Tests, and Threat and Vulnerability Management processes.
  • Conducted in-depth penetration tests and static code analysis in support of assessment process.
  • Coordinated security penetration tests, audits and risk assessments by third parties.
  • Managed external Penetration Tests, compliance and IT controls reviews.

Show More

33. Audit Procedures

low Demand

34. Software Development

low Demand
Here's how Software Development is used in Information Security Officer jobs:
  • Provided information security risk assessment and consulting for software development projects.
  • Lead organizational software development strategies and software customization initiatives.
  • Create and document plans to account for business continuity, networking, security and software development across four corporate sites.
  • Risk assessment driver and approved changes in the SDLC (AGILE) software development for bi-weekly software changes/updates/new features.
  • Perform cost analysis for new and proposed software development projects.

Show More

35. Active Directory

low Demand
Here's how Active Directory is used in Information Security Officer jobs:
  • Included Active Directory user, and distribution/security group management, day-to-day maintenance, performance tweaking, troubleshooting, and disaster recovery.
  • Managed Microsoft Windows Servers/Workstations Operating Systems security configuration through Microsoft Active Directory and Group Policy Management.
  • Coordinated corresponding updates to related platforms such as active directory and building access control.
  • Administer user accounts and permissions utilizing Windows 2000 Active Directory.
  • Experienced in the installation and administration of Windows Active Directory.
  • Created HDI s centralized Active Directory security model
  • Configured and maintained Microsoft Active Directory services.
  • Managed Active Directory Security and Group Policy.
  • Managed Active Directory of 600 users, created accounts and managed e-mail using Microsoft Exchange Information Management Officer (IMO).
  • Create users and groups in Active Directory on the unclassified, classified, and isolated networks.
  • Reviewed and approved tickets to create new Organizational Units within Active Directory.
  • Installed and managed Microsoft Server 2005, Active Directory and Exchange Server.
  • Added, deleted, unlocked end users to network via Active Directory.
  • Evaluated and approved changes to systems and active directory.
  • Administer ECAT, Active Directory, SharePoint platforms.
  • Configured and supported Native 2008 Active Directory Forest.
  • Managed over 1000 user accounts (active directory) Monitored security event logs Managed all trouble tickets using Remedy
  • Led migration from Novell Netware, Windows 2000 and NT 4.0 mixed domain to flat Windows 2003 Active Directory.
  • Experienced in Msoft applications and help desk support Strong understanding of DNS, DHCP and Active Directory.
  • Developed the enterprise migration plan from Novell Netware to Windows Active Directory 2003.

Show More

36. Intrusion Detection

low Demand
Here's how Intrusion Detection is used in Information Security Officer jobs:
  • Led comprehensive security infrastructure upgrades (e.g., firewall/VPN upgrades, intrusion detection, token-based authentication and remote management)
  • Established global policies and standards for vulnerability management, threat monitoring, intrusion detection, and incident response.
  • Manage several security consultants and developers that were responsible for intrusion detection, policies and procedures.
  • Reviewed third party intrusion detection methodologies and equipment, preventive and reactive measures and data transition.
  • Implemented Network Intrusion Detection architecture with monitoring provided by a SANS recommended managed security service provider.
  • Utilized Intrusion Detection and Prevention Technologies for alerting and responding to insider and outsider attacks.
  • Implemented the first 24x7-intrusion detection and vulnerability assessment program at the Pentagon.
  • Developed countywide WAN topology with firewalls and intrusion detection systems.
  • Implemented a reliable, integrated network/host-based intrusion detection/prevention system.
  • Managed intrusion detection system and firewall changes and configuration.
  • Conceived and deployed host/network intrusion detection services.
  • Analyzed and resolved a variety of configuration errors within the setup of the company's intrusion detection system.
  • Planned, installed, configured and managed Intrusion Detection System for corporate VPN.
  • Managed on premises Intrusion Detection and Prevention system for over 10 years.
  • Architected and Implemented Host and Networked Based Intrusion Detection Systems and Monitoring.
  • Experience implementing content filtering, intrusion detection and prevention, firewalls, antivirus, secure authentication, etc.

Show More

37. Staff Members

low Demand
Here's how Staff Members is used in Information Security Officer jobs:
  • Conducted information security awareness training sessions during Professional Development days for instructors and staff members.
  • Developed and delivered a cost-effective security service company in collaboration with six staff members.
  • Improved relationship between auditors and division staff members by managing the relationships and giving audit assessments proper due diligence.
  • Manage a global team of 20 security staff members dispersed in domestic and international office locations.
  • Keep a current record of staff members' whereabouts and availability.
  • Mentor and help develop skill sets of security staff members.
  • Relay organization plans regarding IT operations to staff members.
  • Monitored annual operating budget of $5 million and supervised 11 IT staff members.

Show More

38. Business Goals

low Demand
Here's how Business Goals is used in Information Security Officer jobs:
  • Developed, established and maintained multiple information security policies supporting business goals, objectives, and applicable laws/regulations.
  • Authored local security policies and guidelines in strategic alignment with business goals.
  • Drive adoption of security technologies to achieve strategic business goals (e.g.
  • Mapped core business goals to cyber risk potential and mitigation.

Show More

39. Service Level Agreements

low Demand
Here's how Service Level Agreements is used in Information Security Officer jobs:
  • Negotiated enterprise security hardware, software, and services purchases and service level agreements.
  • Monitor Service Level Agreements with IT and Information Security Service Provider.

Show More

40. Executive Management

low Demand
Here's how Executive Management is used in Information Security Officer jobs:
  • Identify security risks to Brands and evaluate/recommend appropriate security measures, from a strategic perspective in order to help executive management.
  • Led incident response for security and safety incidents to executive management and other entities as legally and contractually required.
  • Develop and deliver formal oral presentations to MeritCare Executive Management relating to privacy and information security matters.
  • Deliver briefings and updates on security related topics to executive management on an as-needed basis.
  • Advised executive management, internal and independent auditors in all areas of Information Security.
  • Presented quarterly information security status updates to Executive Management and Audit and Risk Committee.
  • Provide Information Security Posture reporting to Executive management team for Home Loans.
  • Provide executive IT leadership to steering committees and executive management board.
  • Advise Executive Management on information security risk issues.
  • Worked with executive management for formal approval.
  • Provide various reports, metrics, dashboards, and other data to be used by Executive Management in decision making.
  • Identified and formalized key risk metrics used to measure and report risk levels and trends to executive management and board.
  • Worked with Executive management to provide security status and compliance updates to the company's Board of Directors.
  • Reported directly to the CEO and was a member of the Executive Management Team.
  • Worked with executive management to determine acceptable levels of risk for the enterprise.
  • Consulted the CEO and senior executive management.
  • Created regular security reports to demonstrate compliance to executive management and customers to provide validation that contractual requirements were met.
  • Supervised 20-person organization and provided Executive Management & Entrepreneurial Leadership from startup through growth and maturity stages.
  • Provided executive management quarterly state of security briefs on the security stance of kajeet.
  • Provide subject matter expertise to executive management ona broad range of information security standards and best practices (e.g.

Show More

41. VPN

low Demand
Here's how VPN is used in Information Security Officer jobs:
  • Provided professional services support focusing on secure application integration, VPN communication, security audits, and secure data delivery solutions.
  • Consult territories on all security matters including Firewall configuration (Checkpoint/Cisco PIX) and VPN implementation.
  • Implemented firewalls, routing and switching SSLVPN, IPS, web content filtering, email content filtering, and two-factor authentication.
  • Implemented RSA 2-factor authentication for VPN, SSH and Server access to provide greater controls over access to critical systems.
  • Led the project to convert 900 remote computers from dial-up to VPN, saving over $100,000 per month.
  • Enter information into the VPN and PKI portal and provides users with welcome letter and software.
  • Created and deployed security architecture utilizing PKI, VPN, and access zones for BoD meetings.
  • Improved federated access control utilizing RDP - Remote Desktop Protocol, VPN and RSA SecurID.
  • Managed Security Incident reporting, VPN, and PKI technologies throughout the CMOP's.
  • Manage Primary ASA 5540s that are used for Firewalls and client VPN termination.
  • Facilitated the installation of VPN remote access solution for support associates.
  • Upgraded the agency remote access from windows PPTP to 128 bit encryption using Cisco IPSEC client and clientless Web VPN service.
  • Evaluated and implemented regional VPN/ADSL and Cisco PIX firewalls - resulting in $100,000+ annual savings.
  • Created, edited, and removed user accounts from AD, VPN, and Logon.
  • Installed Watchguard VPN support for remote users working from home with VoIP support.
  • Managed multi-site AT&T VPN and security system.
  • Deployed SSL VPN to 100 Sales, Marketing and IT staff on Cisco ASA 5520 hardware.
  • Implemented and enforced security measures including VPNs, stronger encryption (e.g.
  • Architected and administered corporate VPN running on Cisco and Nortel platforms.

Show More

42. Cobit

low Demand
Here's how Cobit is used in Information Security Officer jobs:
  • Deployed industry standard practices including those in the COBIT framework, NIST standards and OCTAVE audit framework.
  • Established new IS standard policy/procedure utilizing ISACA COBIT and NIST 800 for control standards.
  • Consulted to General Motors on IT controls compliance leveraging ITIL and COBIT frameworks.
  • Defined COBIT based Sarbanes-Oxley IT controls matrix and performed quarterly testing.
  • Execute on SOX, COBIT, ISO 17799, PCI DSS, and C-TPAT compliance for distributed and mainframe operations.

Show More

43. Siem

low Demand
Here's how Siem is used in Information Security Officer jobs:
  • Spearheaded Infrastructure and Network security initiatives and projects, established and managed SIEM and Vulnerability Management frameworks.
  • Deployed, configured, and monitored IDS/IPS and SIEM systems for unauthorized activity, detecting anomalies and stopping all attempted attacks.
  • Manage Security Operations Center(SOC) utilizing 10 Q1 Labs SIEMS, monitoring over 800 million transactions a day.
  • Implemented a full stack SIEM solution using ELK stack and Python modules with zero cost to the company.
  • Implemented and led the security audit log monitoring (SIEM) for local applications and platforms.
  • Analyze logs and create/maintain policies within our Endpoint Security Package, QRADAR SIEM and firewall tools.
  • Led the pilot build out of a Security Information and Event Monitoring (SIEM) framework.
  • Captured data crucial to ending corporate espionage by implementing a SIEM logging and alarm system.
  • Established campus-wide SIEM infrastructure, an outgrowth of earlier efforts to establish central logging facilities.
  • Implemented SIEM, IDS, along with Governance to ensure success and regulatory requirements.
  • Led development and implementation of SIEM, log management, and IDS systems.
  • Deployed SPLUNK and its SIEM for centralized log collection and analysis.
  • Implemented a global SIEM approach covering with follow the sun monitoring.
  • Implemented a SIEM product called CinXi by NetForensics.
  • Deployed FireEye and Log Rhythm SIEM product.
  • Implemented new security tool suites, system integrations, and correlations with security information and event management (SIEM).
  • Planned, budgeted and implemented anti-malware solution and SIEM product deployment.
  • HEAT Endpoint Management, Cisco ASA/FirePOWER NGS firewalls, Barracuda WAF, Splunk SIEM).

Show More

44. Systems Performance

low Demand
Here's how Systems Performance is used in Information Security Officer jobs:
  • Created IT Compliance scorecards and communicating monthly senior management reports for IT security and systems performance metrics.

Show More

45. DOD

low Demand
Here's how DOD is used in Information Security Officer jobs:
  • Provided technical support to DoD and Federal Agency personnel in the implementation of information engineering projects.
  • Provided executive level incident reports and monthly intrusion analysis data for senior DoD leadership.
  • Ensured Department of Defense (DOD) computer systems integrity through random testing, system analysis and firewall monitoring.
  • Develop and maintain IA and IT programs required to establish and maintain compliance with DOD directives.
  • Certified internal and external cloud environments for HHS, FDA, DoD, DoE program environment.
  • Managed and ensured all AIS systems were operated in accordance with applicable DoD directives.
  • Locate and contact the DOD point of contact for the return of old equipment.
  • Briefed senior (Secretary Level) DoD members as required.
  • Operate facility in compliance with AFMC and DOD standards.
  • Maintained a working knowledge of the AR 25-2, DIACAP, SSAA processes and DoD IA polices.
  • Performed OMB A-123 financial audits for DoD (ATF).
  • Key Contributions: Protected sensitive information by strictly adhering to DOD security guidelines.
  • Conducted Training sessions at 48 US DOD Bases including Ramstein Germany, UK, South Korea, Guam and Japan.

Show More

46. Capital Expenditures

low Demand
Here's how Capital Expenditures is used in Information Security Officer jobs:
  • Designed and established the Information Security Office, including organization, cost center, resources and capital expenditures.

Show More

47. Test Cases

low Demand
Here's how Test Cases is used in Information Security Officer jobs:
  • Created development plans, project documentation, and test cases.

Show More

48. Continuous Delivery

low Demand
Here's how Continuous Delivery is used in Information Security Officer jobs:
  • Organized sectional teams around continuous delivery principles to increase organizational throughput as well as automate processes to deliver predictable services consistently.

Show More

49. Operational Planning

low Demand
Here's how Operational Planning is used in Information Security Officer jobs:
  • Lead IT strategic and operational planning.

Show More

50. Enterprise-Wide Disaster Recovery

low Demand
Here's how Enterprise-Wide Disaster Recovery is used in Information Security Officer jobs:
  • Led development, testing, and implementation of cost effective enterprise-wide disaster recovery plan supporting readiness for catastrophic event.

Show More

20 Most Common Skill for an Information Security Officer

Ensure Compliance15.5%
Risk Assessments6.3%
Information Security Policies6.1%
Information Security Program5.3%
Recovery Procedures5.3%
Infrastructure5.1%
ISO5%
Risk Management5%

Typical Skill-Sets Required For An Information Security Officer

RankSkillPercentage of ResumesPercentage
1
1
Ensure Compliance
Ensure Compliance
11.2%
11.2%
2
2
Risk Assessments
Risk Assessments
4.5%
4.5%
3
3
Information Security Policies
Information Security Policies
4.4%
4.4%
4
4
Information Security Program
Information Security Program
3.8%
3.8%
5
5
Recovery Procedures
Recovery Procedures
3.8%
3.8%
6
6
Infrastructure
Infrastructure
3.7%
3.7%
7
7
ISO
ISO
3.6%
3.6%
8
8
Risk Management
Risk Management
3.6%
3.6%
9
9
Vulnerability Assessments
Vulnerability Assessments
3.6%
3.6%
10
10
Hipaa
Hipaa
3.4%
3.4%
11
11
Business Continuity Plan
Business Continuity Plan
3.3%
3.3%
12
12
Incident Response
Incident Response
3.2%
3.2%
13
13
Deliver Information Technology
Deliver Information Technology
3%
3%
14
14
Security Awareness
Security Awareness
2.8%
2.8%
15
15
Data Privacy
Data Privacy
2.7%
2.7%
16
16
Architecture
Architecture
2.6%
2.6%
17
17
Administer Contracts
Administer Contracts
2.5%
2.5%
18
18
Pci-Dss
Pci-Dss
2.3%
2.3%
19
19
SOX
SOX
2.1%
2.1%
20
20
Governance
Governance
2.1%
2.1%
21
21
Information Technology
Information Technology
2%
2%
22
22
Cyber
Cyber
1.7%
1.7%
23
23
Security Management
Security Management
1.5%
1.5%
24
24
Assurance
Assurance
1.5%
1.5%
25
25
Security Requirements
Security Requirements
1.2%
1.2%
26
26
Fisma
Fisma
1.1%
1.1%
27
27
Access Control
Access Control
1.1%
1.1%
28
28
CIO
CIO
1.1%
1.1%
29
29
Security Incidents
Security Incidents
1.1%
1.1%
30
30
Glba
Glba
1.1%
1.1%
31
31
Business Units
Business Units
0.9%
0.9%
32
32
Penetration Tests
Penetration Tests
0.9%
0.9%
33
33
Audit Procedures
Audit Procedures
0.9%
0.9%
34
34
Software Development
Software Development
0.9%
0.9%
35
35
Active Directory
Active Directory
0.8%
0.8%
36
36
Intrusion Detection
Intrusion Detection
0.8%
0.8%
37
37
Staff Members
Staff Members
0.8%
0.8%
38
38
Business Goals
Business Goals
0.8%
0.8%
39
39
Service Level Agreements
Service Level Agreements
0.7%
0.7%
40
40
Executive Management
Executive Management
0.7%
0.7%
41
41
VPN
VPN
0.7%
0.7%
42
42
Cobit
Cobit
0.7%
0.7%
43
43
Siem
Siem
0.6%
0.6%
44
44
Systems Performance
Systems Performance
0.6%
0.6%
45
45
DOD
DOD
0.6%
0.6%
46
46
Capital Expenditures
Capital Expenditures
0.6%
0.6%
47
47
Test Cases
Test Cases
0.6%
0.6%
48
48
Continuous Delivery
Continuous Delivery
0.6%
0.6%
49
49
Operational Planning
Operational Planning
0.6%
0.6%
50
50
Enterprise-Wide Disaster Recovery
Enterprise-Wide Disaster Recovery
0.6%
0.6%

41,989 Information Security Officer Jobs

Where do you want to work?