Information Security Officer (San Francisco, CA)
Position: Information Security Officer
Location: San Francisco, CA
About Us:
MarketTools is the defining provider of on-demand market research. We offer companies and individuals the ability to continuously understand their target customers through innovative approaches based on advanced technology, research expertise, and global market reach.
MarketTools offers a full range of research applications and services that scale with customer requirements—from answering a highly targeted question to investigating broad and complex market opportunities. All of our services, from leading web solutions that allow customers to design and deploy their own surveys to customized research studies, are supported by sophisticated research methodologies and advanced analysis tools. MarketTools directly manages an online panel community of over 2.5 million individuals worldwide. Through Zoomerang™, the pioneer in online surveys, MarketTools provides the leading self-service platform and services for fast feedback.
MarketTools provides organizations ranging from small businesses to Fortune 500 companies with unique access to their target markets—to uncover unmet needs, reduce time to market and capture market share. Learn more at www.markettools.com and www.zoomerang.com.
Under the direction of the Director of IT, the Information Security Officer is responsible for the development and delivery of a comprehensive information security and data privacy program at MarketTools, Inc. Key duties, responsibilities and competencies cover Policy, Education and training, compliance and enforcement, incident response, risk assessment, contract reviews and incident prevention. The role includes being the official contact regarding information security for MarketTools.
Responsibilities:
- Responsible for implementing, managing, and enforcing information security directives.
- Lead information security awareness and training initiatives to educate the workforce
- Ensure the ongoing integration of information security with business strategies and requirements
- Ensure access control, Business continuity, incident response and risk management needs of the organization are properly addressed.
- Work with and manage vendors, outside consultants, and other third parties to improve information security within the organization.
- Perform incidence response to contain, investigate, and prevent future computer security breaches.
- Develop, publish, and maintain comprehensive company wide information privacy and security plans, policy, guidelines and procedures.
- Monitor information security trends, understand potential threats, vulnerabilities and control techniques
- Identifying the operational risks and perform ongoing risk assessment, reporting, and remediation.
- Reviewing security and IT Related portions of contracts/agreements with our service providers and clients to reduce our exposure and ensure our compliance.
- Researching the regulatory requirements and related industry best practices.
- Assist in preparing the organization's disaster recovery and business continuity plans for information systems
- Perform research, vendor selection, evaluation, and implementation of security technologies for Servers, Networks, and Applications
Qualifications:
The ideal candidate possesses in-depth technical skills and strong business expertise balancing his efforts between hands on technical activities and higher level business conversations with non-technical individuals.
This position will require end-to-end security expertise including; working with department heads to define policy, interfacing with customers, guiding internal Operations and Development staff, and performing technical implementations
The successful candidate is expected to roll up their sleeves, be self motivated, very hands on, and obtain results with minimal guidance.
- Bachelors degree
- 8+ solid years experience in information security and information technology focusing on internet technologies (ASP, OSP, etc).
- Experienced in the management of both physical and logical information security systems.
- Strong technical skills (application and operating system hardening, vulnerability assessments, security audits, TCP/IP and UDP/IP, intrusion detection systems, firewalls, etc.)
- Outstanding interpersonal and communications skills, written and verbal.
- Past experience working with Executives with the ability to explain technical information to non-technical people.
- Prior experience bringing a company to “ready to IPO” (compliant) state
- Excellent documentation skills
- Ability to weight business risks and enforce appropriate information security measures.
- In-depth knowledge of industry best practices, risk management policies and industry standard compliance controls. PCI, ISO 17799, SAS, etc.
- Experience developing and administering an information security policy
- Strong foundation and in-depth technical knowledge in security engineering,
- computer and network security, authentication and security protocols,
- and applied cryptography
- Extensive experience in web-application security including application-level vulnerability testing.
- Experience with IT risk management policies and regulatory compliance controls.
- Must possess strong expertise using packet analyzers (Sniffers), Scanners and vulnerability testers for technical troubleshooting and security analysis.
- CISSP certification or other equivalent level security certification/accreditation is required
- Experience with batch, vbs, perl, or equivalent scripting language for automating system administration.
- Experience with Windows and Linux operating systems, Java and .Net programming environments.
- Strong understanding of Windows, Linux, and Network OS penetration vulnerability testing, auditing, and patching.
- Ability to implement network ACLs, configure AD Security, windows group policy, and system shares and file security.
 
This job ad has expired. Click here for active job ads.
|
