Network and Security Compliance Officer

**Job Purpose**

The Network and Security Compliance Officer plans, executes, and manages multi-faceted projects related to security standards compliance, risk management, mitigation and response, control assurance, and user awareness. Individuals also select and implement appropriate tools for necessary surveillance and monitoring of the computing environment.

Primary responsibilities will include the analysis of the organization’s infrastructure at all locations in order to identify gaps in security standards compliance. They participate in capacity planning, support the creation and the maintenance of systems and network disaster recovery plans and monitor all related activities. They also screen the network for attempted intrusions as well as design and implement appropriate network security measures and procedures.

Individuals develop network, system, and physical security policies and procedures such as user log-on and authentication rules, security breach escalation procedures, security assessment procedures and use of firewalls and encryption routines. They perform security assessments and security attestations.

Individuals act as project team members, depending on the scope of the project. They demonstrate a high level of knowledge surrounding IT procedures, risk assessments, and general system and network security. They are also skilled in the use of auditing tools and software aids for the investigation of network problems. They must keep abreast of new technologies and may identify and implement new technologies and processes that maintain the security and compliance of the IT infrastructure.

To enforce security policies and procedures, they monitor data security profiles on all platforms by reviewing various log files, security violation reports and investigating security exceptions. They update, maintain and document security controls and provide direct support to the organization and internal IT groups.

**Duties and Responsibilities**
- Create and update information security policies and procedures
- Conduct internal audits to ensure that non-conformities are identified and remediated
- Develop metrics/KPIs to report on security and privacy compliance performance
- Maintain compliance with security standards and licensing requirements including ISO 27001, MGA, PCI-DSS and GDPR
- Coordinate preparation for annual ISO, MGA, and other certification audits
- Administer third party security programs including vulnerability scans, security information and event management (SIEM), File integrity monitoring (FIM) and penetration testing
- Identify opportunities for improvement in security practices and operational processes
- Responsible for the Security Awareness and other mandatory security training programs
- Participate in Incident Management and Risk remediation activities
- Active participation in Vulnerability Assessment process and SIEM process. Conduct regular review of vulnerability and security log reports, create mitigation actions, monitor for completion
- Collaboration with Legal and other departments to ensure continued regulatory and contractual compliance with information security requirements
- Ensures security best practices are followed for production environments
- Support procedures for managing alerts, reports and incidents
- Address security incident reports and handle first response and action
- Documenting, tracking and investigating information security events, requests, and incidents
- Maintaining and monitoring SIEM systems including creating scheduled reports and alerts
- Monitoring IDS/IPS alerts and investigating issues with relevant IT teams
- Monitoring bot mitigation alerts and advising on proper action.
- Monitoring and investigating alerts in the data leak prevention system.
- Monitor systems for any anomalies, proper updating, and patching
- Monitor vendor websites for potential threat alerts and software upgrades
- Maintains system documentation and configuration data for regulatory and audit purposes
- Researching and recommending new security protocols and technologies
- Other duties as assigned.

**Competencies, Skills, and Experience**
- Communicate effectively in English, both oral and written form.
- A strong technical understanding and hands-on experience with computer networks
- Ability to clearly communicate with technical and non-technical stakeholders
- Ability to work independently and with mínimal supervision as well as a team member
- Expert knowledge in the areas of risk assessment, strong understanding of secure communications, secure data storage, secure systems development, secure systems deployment and documentation
- Ability to rely on extensive field experience and judgment to plan and accomplish set goals
- Familiarity with a variety of the information security, networking, and governance concepts, practices, and procedures
- Able to quickly absorb a high volume of company specific knowledge, understanding new technologies and their