Information Security Officer (ISO)
United Food and Commercial Workers International Union (UFCW) · Washington, DC
The Information Security Officer serves as the process owner of all activities related to the availability, integrity, and confidentiality of information in compliance with the organization's information security policies. A key element of the ISO's role is working with the Cloud and Infrastructure Administrator and executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining an organization-wide information security management program to ensure that information assets are adequately protected.
The position will be in our Washington, DC office.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Develops, implements, and monitors a strategic, comprehensive enterprise information security and IT risk management program. This includes identifying threats, assessing vulnerabilities, determining risk and monitoring network activity. Must stay current on security technology and threats. Maintaining a current skillset is required.
Implements, maintains, and monitors all network server security systems (protecting against both physical and virtual attacks) and ensures that all systems have a fully tested and operational backup and disaster recovery plan. Performs regular backup operations and implement appropriate processes for data protection, disaster recovery, and failover procedures.
Creates, maintains, and ensures implementation of network security policies for all users. Identify, prioritize, and implement tools and technologies to continuously improve network security policies for all users. Evaluates the effectiveness of existing security measures, such as firewalls, password policies and intrusion detections systems.
Administers measures to thwart malware, ransomware, and other forms of network attacks. Must keep security policies and software up to date. Provides and conducts training of headquarters and field staff as needed regarding UFCW security measures and policies.
Follows departmental standards and assists in preparing and updating documentation. Communicates with Network Support as needed to ensure that policies are followed at all levels of the organization. Demonstrates a high sense of ownership of all network problems.
Assists with the overall business technology planning, providing current knowledge and future visions of emerging technology and systems.
Present briefings and assist with ensuring consistent reporting of risk assessments, metrics, overviews of emerging technology, information security incidents and ongoing investigations.
Works with the Cloud and Infrastructure Administrator to develop & deploy security-related infrastructure changes.
Works with others in IT and vendors to develop a workable security strategy. Contributes to team effort by working with other department staff. Maintains the security of UFCW operations by keeping information confidential.
QUALIFICATIONS AND EXPERIENCE
- Bachelor’s Degree in one of the following subject areas: Computer Science, Cyber Security, Information Technology, or related field required. Five or more years of Cybersecurity and VMware experience required. Strong background in Cisco network security and VMware. Keeping these skills current is required.
- Familiarity with configuration & administration of the following technologies: Windows Server, Cisco routers, switches, and ASA security appliances, Cisco Prime, ISE, Umbrella, FirePower, Stealthwatch, Cloudlock, AMP, AnyConnect, VMware vSphere (including NSX and HCX), and Barracuda load balancers.
- Large breadth of knowledge and experience across the information security domain, such as endpoint security, Intrusion Detection Systems (IDS), identity management, vulnerability management, incident response, and threat intelligence.
- Experience analyzing and responding to security events, such as conducting log analysis, developing queries and analytics, troubleshooting security issues, and correlating diverse data sets.
- Experience in developing and implementing security tools and managing infrastructure. Experience in system and network administration across multiple platforms and environments, to include Azure.
- Good understanding of the organization’s goals and objectives. Must have initiative an ability to take ownership of an issue. Must be able to balance conflicting demands and changing priorities and anticipate future needs.
- Must be able to use discretion, follow department protocol, handle a wide range of sensitive situations, and recognize when to refer to a higher level.
- Must be organized and work quickly and accurately under deadlines. Strong interpersonal skills are required. Must be able to work professionally and effectively with department staff and staff at all levels of the organizations as well as external contacts and affiliates.
- Ability to work without direct supervision. Ability to work in a team-oriented, collaborative environment.
- Work may be fast paced and intense with multiple priorities. Must be able to handle stressful situations in a timely and professional manner.
- Some travel and irregular hours required.
Certifications Required: Certified Information Security Auditor (CISA)
Certifications Preferred (or equivalent experience):
- Microsoft Certified Solutions Associate (MCSA)
- Cisco Certified Network Associate (CCNA)
- Cisco Certified Network Professional (CCNP)
- VMware Certified Professional (VCP)
COMPENSATION: Salary commensurate with experience. Generous benefits.
DURATION: Full-time position; posting closes when position is filled.
UFCW is committed to staff diversity. We welcome qualified people of all backgrounds to apply. UFCW is an equal opportunity employer. Reasonable accommodations will be provided pursuant to the Americans with Disabilities Act (ADA).