This position is responsible for defining the strategic direction for the IT security program and network infrastructure for the Insurance Companies (ACICF, ACSIC or MEEMIC). Direct and oversee the development, deployment and support of infrastructure, applications and technology initiatives, both from an architectural and operational perspective in conjunction with existing standards and methods of delivery.
This position collaborates with other technology teams to deploy technology architectures and solutions. Provide leadership for the implementation of information security strategies and IT Controls. Responsible for disaster recovery and business continuity planning. Develop and maintain standards and procedures required to comply with internal and regulatory requirements. Manage and enhance our network/database infrastructure by providing leadership and accountability to the Network Engineering and Database administration teams. Perform security assessments, application vulnerability assessments, and compliance auditing across multiple platform and application environments.
Providing direct oversight of all aspects of Insurance Company IT infrastructure including company data center, local, and wide area network, switches, routers, firewalls, SAN, server hardware/peripherals, PCs, operating systems, VMware environment and database administration/security.
- Supporting, monitoring, testing and troubleshooting hardware and software problems pertaining to Wide and Local Area Network.
- Managing firewalls, VPNs, and any other security hardware or software equipment.
- Ensuring adherence to ITS architectural standards for change and release management.
- Ensuring database architecture is optimized and aligned with core applications.
- Recommending and scheduling repairs and improvements to the disaster recovery processes.
- Serving as SME in technology field providing expert knowledge of equipment, protocols, technologies, services, and monitoring tools.
- Managing the establishment and implementation of network security plans, policies, systems and schedules. This includes leading risk management plans to protect corporate assets and ensure compliance with contractual and regulatory security obligations.
- Planning and overseeing integration of new technology, security management methodologies, security system administration, system and network vulnerability assessment and intrusion prevention.
- Responsible for long-term strategic planning to ensure network capacity meets current and future network requirements.
- Developing and managing capacity and growth projection forecasts.
- Developing operational practices and metrics to maintain the highest level of availability for the network solutions implemented.
- Hiring, training and scheduling staff required for efficient network operations.
- Managing, developing, and tracking performance of ITS Engineering, PC LAN Tech, Helpdesk and Database Administration staff.
- Teaming with business and IT resources to support all cross-functional project initiatives.
- Perform additional duties as directed.
Bachelor’s Degree in Information Technology, Computer Science, Computer Engineering or a minimum of five (5) years of related professional experience
Certified Information System Security Professional (CISSP)
Minimum 6-10 years of experience in the following areas:
- Cisco/HP Networking technologies, LAN, WAN, and network security
- Designing, configuring, and implementing network security such as firewalls, IPS/IDS, PKI, VPN, and data encryption.
- Systems infrastructure, virtualization, networked data storage, client application delivery.
- Data protection/backup and disaster recovery technologies.
Minimum 3 years of experience in the following areas:
- Information security assurance, information security review, or risk assessment experience.
- Minimum of three years’ practical experience working with information privacy and security laws (such as Federal Information Security Management Act (FISMA), Payment Card Institute Data Security Standard (PCI-DSS), and data breach reporting laws), generally accepted information security principles, and accepted industry practice.
Minimum 5 years of experience managing people or leading project teams, including proven experience providing effective coaching, feedback and development plans to team members.