Information Security Admin

Information Security Administration

Direct Hire

5 Days a Week - Wilmington Delaware 19802

Our client, a Wilmington, DE based Precious Metals and Trading Services Company, is seeking an Information Security Administrator to join their growing team! This exciting role is Direct Hire opportunity. Our client is seeking an individual local to their Wilmington office so they can work on-site 5 days a week. This position is not offering sponsorship at this time.

Responsible for overseeing and managing the company's information security compliance programs. This role ensures that all security measures are in place, compliance reports are accurate, and access controls are effectively managed. The specialist will also oversee vendor management, security training, incident response, and various other internal control and security-related tasks to maintain the integrity and security of the company's information systems and processes.

Responsibilities:

• Prepare, obtain, and review compliance report data on a monthly, quarterly, semi-annual, and annual basis. Resolve any issues identified in the reports and ensure the reports meet information security standards. Maintain accurate records of all compliance reports.
• Execute termination compliance on the same day as the termination announcement by ensuring facility, Active Directory (AD), and Identity Management (IdM) access is disabled. Keep accurate records of all termination compliance activities.
• Manage User Access Control (UAC) forms, Group Access Control (GAC) forms, Secure File Transfer Protocol (SFTP) access forms, and other control forms as required. Identify the appropriate forms to use and the required information to fill them out.
• Review access requests to ensure they follow the company's least privilege policy. Audit data and records for accuracy and maintain organized and accurate records for all access-related activities, including onboarding, changes, and terminations.
• Understand and manage vendor contracts, scope of work, renewal dates, and vendor contacts.
• Attend monthly meetings with vendors and digest monthly reports, following up on any necessary actions. Responsible for reporting risks and managing remediation efforts.
• Complete security questionnaires, customer assessments, and due diligence reviews.
• Manage the annual penetration test with vendors, including identifying the scope, preparing the company for the test, scheduling, monitoring, reviewing results, and managing remediation items through to successful completion of the retest.
• Plan and execute annual incident response tabletop exercises with stakeholders to ensure readiness for security incidents.
• Assist the Business Continuity Manager in evaluating and testing the information security aspects of disaster recovery and business continuity plans.
• Create, plan and coordinate training sessions and security awareness programs to educate employees on information security best practices, internal control procedures and the importance of data protection. Conduct security awareness onboard training within 30 days of new employee start date. Provide annual training for all staff at all locations, with specialized sessions for staff with admin access privileges. Ensure PCI compliance training requirements are met. Conduct ongoing phishing training through simulated phishing attacks and interactive workshops. Maintain training schedule to ensure adherence to standards. Document and record all training content and attendance for compliance.
• Manage Information Security department tickets received through the internal ticketing system, analyze and set priority order, and execute efficiently.
• Immediately investigate risky login notifications and work with vendors to identify the severity of threats, resolve and mitigate the issue. Responsible for notifying the Chief Information Security Officer (CISO) of threat detection.
• Attend all regularly scheduled meetings, including daily IT stand-ups, backlog meetings, sprint reviews/demos, and monthly vendor reports.
• Utilize tools to perform vulnerability scans and resolve issues or failed scans.
• Develop and update records of processes and procedures for all department functions. Evaluate ways to streamline processes and recommend changes to enhance efficiencies.
• Manage the shared inbox. Responsible for responding to inquiries, directing emails to appropriate departments, following up on all outstanding items.
• Conduct semi-annual internal control audits to evaluate business processes, internal controls, and risk management. Report findings and provide recommendations. Keep accurate records of audits and results.
• Identify and evaluate key risks related to financial, operational, logical, and information security processes, and develop risk mitigation strategies.
• Collaborate with cross-functional teams, including IT, legal, compliance, and operations to ensure alignment and coordination on internal control and information security initiatives.
• Remain current on company procedures, products, services, and new technologies through available resources.
• Ability to remain calm and collected under pressure and manage stress and anxiety.

Preferred Skills:

• Experience with SOC1.
• Conducting audits, with a preference for internal controls.
• Knowledge of the warehouse and/or precious metals industries.
• Proficient in change management, with the ability to combine pieces of information to draw conclusions, make recommendations for process improvement and efficiency, find relationships among seemingly unrelated events, and apply general rules to specific problems to produce sensible answers.
• Strong time management and task prioritization abilities.
• High emotional intelligence.
• Proficiency in using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions, or approaches to problems.

Qualifications:

• Bachelor's degree, cyber security or computer science preferred.
• 5 years experience in information security and compliance management.
• 3 years experience with incident response, risk assessment and vulnerability response.
• CompTIA Security certification.
• Analytical skills, problem solving, critical thinking and attention to detail.
• Communication skills, effectively present information, educate and train employees, respond to questions from internal and external sources.
• Proficient in MS Office suite.
• Ability to adapt, think outside of the box.
• Proven experience in managing compliance programs and conducting audits.
• Strong understanding of network architecture, database security, and IT systems.
• Knowledge of advances threat detection and response technologies