GENERAL STATEMENT OF JOB

Under general supervision, this remote position is responsible for maintaining a proactive IT security posture; guarding company and customer data; monitoring, containing, and remediating IT threats on a day to day basis; installing, administering, and troubleshooting IT security solutions; creating documentation of IT security procedures, policies, and controls; running system reports; maintains up-to-date knowledge of cybersecurity systems and methodologies. Remote staff should maintain a virtual presence to office staff and be prepared to be physically present with 1.5 hours of being notified due to an emergency or request by the supervisor. Reports to the Technology Manager.

SPECIFIC DUTIES AND RESPONSIBILITIES

1.      Monitor and protect network, server, workstation, and IoT devices from cyberattacks and run appropriate defensive protocols if a breach occurs.

2.      Conduct network and server audits and scans to identify security vulnerabilities and violations. Perform risk analysis and write regular systems status reports.

3.      Maintain knowledge of current cybercrime tactics. Develop new protocols, layers of protection, and other proactive and defensive systems for remaining ahead of cybercriminals. 

4.      Plan and implement changes to increase the overall IT security posture and cohere with industry best practices. Update configurations and apply necessary security patches to protect network, server, workstation, and IoT devices.

5.      Completes industry standard questionnaires and surveys to assess the overall cybersecurity position; coordinates with IT staff to remedy deficiencies. 

6.      Manage and configure security tools.

7.      Develop and maintain incident response processes and procedures.

8.      Maintain documentation of security guidelines, procedures, standards, and controls.

9.      Prepare investigation reports that document security concerns and/or violations.

10.  Lead employee training to prevent phishing and other forms of cyberattack.  Training includes online and classroom style training.  Meets with employees to provide education on cybersecurity.   

11.  Complete annual PCI questionnaire; ensures compliance and performs monthly PCI network scans.

12.  Develop and update business continuity and disaster recovery protocols. 

13.  Provides recommendations to protect sensitive company and customer information.

14.  Interacts with various individuals and groups such as system users, management, vendors, consultants and other technical support staff.

15.  May serve as project manager on cybersecurity projects.

16.  May perform technical tasks related to correcting cybersecurity issues.  

17.  Assist in planning and completing projects assigned to IT as needed.  

18.  Other duties as assigned.

MINIMUM TRAINING AND EXPERIENCE

An Associate’s Degree in computer science or related technical field, supplemented by five (5) years of experience in computer and/or security operations, or a Bachelor’s Degree in computer science or related technical field, supplemented by three (3) year of experience is required. Certifications are a plus. Or possession of any equivalent combination of education, training, and experience which provides the requisite knowledge, skills, and abilities for this job.