Provide technical expertise and support to users and IT management in risk assessments, implementation, and operational aspects of appropriate information security procedures and products to ensure the confidentiality, integrity, and availability of enterprise information and computing infrastructure against unauthorized disclosure, and modification, and accidental or intentional loss of data.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
•Provide expertise to computer system end users concerning issues such as computer data access needs, security violations, and system or programming changes.
•Document computer security and emergency actions set forth in policies, standards, procedures and guidelines.
•Identify, investigate, and recommend appropriate corrective actions for information security incidents and potential threats, and respond to reported security violations.
•Identify causes of security violations, and recommend and implement corrective action to ensure information systems security.
•Enforce security policies and support existing systems in accordance with policies, standards, guidelines, and procedures.
•Participate in the evaluation, development, and implementation of security standards, procedures, and guidelines for specific system environments to enhance information systems security and prevent the unauthorized use, release, modification, or destruction of data.
•Assist in developing security awareness materials, presentations, training sessions, and communications, to promote information security awareness.
•Work with management to identify sensitive and critical data, understand organizational security needs, and develop procedures to accommodate those needs.
•Conduct information security risk assessments on an enterprise-wide basis and participate in the development of risk programs to achieve required risk tolerance levels.
•Provide level 3 support for a wide range of highly complex information security issues including secure architectures, secure electronic data traffic, network security, and data security and privacy. •Participate in the design, development, evaluation, and integration of highly complex computer systems and networks to maintain system security.
•Perform software code review to ensure adherence to security best practices.
•Perform and/or coordinate forensic/external analysis of networks and systems as required by security incident response, or upon request from the legal department.
•Test and implement appropriate information security methods and control techniques such as firewalls, intrusion detection software, data encryption, data backup and recovery.
•Maintain an awareness of existing and proposed security standard setting groups, and regulations pertaining to information security.
•May administer user access and maintain records of authorized users.
•May train less experienced personnel in technical complexities of assigned work.
•Perform all other related duties as assigned.Qualifications
•Education: Bachelor’s degree (B.A./B.S.) or equivalent in computer science or related discipline.
•Experience: Minimum of 6 years related experience in IT, with 4+ years in an information security or compliance role.
•An equivalent combination of education and experience may be accepted as a satisfactory substitute for the specific education and experience listed above.
•Certification/Licensure: IT security related certification preferred (e.g., CISSP, CISA, GIAC, or similar professional certification).
Understanding of HIPAA-HITECH, PCI, SOX, GxPs, Data Privacy regulations, etc.
Familiarity with security controls relating to antivirus/antimalware, firewalls, DLP, Network Access Control, SIEM, and other similar products/technologies.
Experience with global systems and regulations
Knowledge of IT and information security best practices.
Working knowledge of programming languages to facilitate code review
Able to handle moderate to complex problem resolution with minimal supervision.
Experience in risk assessment, audit, and IT security assessments.
Experience administering information security programs including risk assessments and forensic research, designing security architectures, developing policies, gathering metrics, and reporting status.
Must have effective communication skills and strong interpersonal skills including influencing & aligning.
Equal Employment Opportunity
Charles River Laboratories, Inc. is an Equal Opportunity Employer M/F/Disabled/Vet