Information Security Specialist

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• The Information Security Specialist provides support to the Chief Security Officer (CSO), Chief Information Security Officer (CISO) and Security Program Manager in managing all aspects of the information security program at Docomo Pacific and performs other duties as assigned.
• He/she performs risk and technical vulnerability assessments, data classification, attack and penetration analysis, policy compliance and communications.
• The role also involves implementing processes to protect data confidentiality, integrity and availability, as well as maintaining the technical mechanisms that enable these controls.
• The Information Security Specialist is responsible for identifying process risks, weaknesses, and controls, making recommendations and plans to address vulnerabilities. He/she is also responsible for identifying compliance deficiencies and incidents.
• The person in this position is involved in interacting with technical and business management and personnel to meet business requirements in a secure manner, as well as conducting research on security products to improve the posture of the organization.
• The Specialist will respond to compliance queries from third-party partners, third-party audits, DoJ, internal audit, legal, and NTT Docomo.
• The Specialist evaluates new products, service offerings, and new internal applications to ensure that information assets are handled in accordance with laws, regulations, and organizations information security policies and standards.
• The Specialist actively participates in the daily coordination and remediation of all security incidents and security related tasks.
• He/she is responsible for monitoring and ensuring that end-users adhere to information security policies, standards and best practices.
• Developing and/or assisting in the creation of documentation, tracking progress and performance, implementing process improvement effectiveness, and regularly communicate program updates.
• Conduct technical security research (as needed).
• Provide security guidance to internal teams.
• The Information Security Specialist assists in the development and adherence to security documentation and diagram needs for management as well as the internal and external audits.
• Participates in risk assessment and prevention activities and initiatives where physical security systems are an identified option for mitigation.
• The Specialist is also responsible for the compilation and analysis of data for proper reporting and metrics for the CSO and CISO.
• Interface with IT department and other technology departments for security implementations.
• Monitor vulnerability reports and coordinate with perspective technology departments to mitigate vulnerabilities.
• The Specialist, along with the Security Program Manager, designs action plans for policy creation and governance, system hardening, monitoring, incident response, disaster recovery, and emerging cyber security threats.
• Assist fellow Security Specialist with management of Security Onion and other security tools/applications.
• The Security Specialist plans and designs security solutions and capabilities that enable DPAC to identify, protect, detect, respond, and recover from cyber threats and vulnerabilities.
• The Specialist defines and develops security requirements using risk assessments, threat modeling, testing and analysis of existing systems. He/she develops security integration plans to protect existing infrastructure and to incorporate future solutions.
• The Specialist is also responsible for developing and maintaining key network diagrams and asset inventories, in conjunction with the appropriate technology organizations, for the compilation and analysis of principle equipment and other security-related documentation for the CSO and CISO.

COMPETENCY:

To perform the job successfully, an individual should demonstrate the following competencies.

• Design Demonstrates attention to detail and strives for excellence.
• Problem Solving Identifies and resolves problems in a timely manner.
• Interpersonal Skills We bring energy and passion to our work and always aim to be respectful and communicate openly with team members and other departments.
• Written Communication Able to read, write, and interpret written information while being reliable and transparent.
• Safety and Security Observes safety and security procedures; determines appropriate action beyond guidelines; reports potentially unsafe conditions; uses equipment and materials properly.

QUALIFICATIONS:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodation may be made to enable individuals with disabilities to perform essential functions.

NECESSARY KNOWLEDGE/SKILLS/ABILITIES:

• Information Security Specialist is required to either hold a bachelors degree in computer or information sciences, Cybersecurity, or other similar field or have appropriate related experience obtained by job functions and additional security subject matter training.
• The information Security Specialist should have 5 years of Information Technology experience.
• The Specialist must have a working knowledge or US regulatory compliance requirements, NIST standards, and security frameworks such as Cyber Security Framework, ISO, SOX and PCI DSS.
• The Specialist must have superior verbal and written communications skills to communicate with all associates in the company as well as executives and departmental management.
• A clear understanding of cloud computing services/deployment architecture
• Active in the security industry.
• Knowledgeable in current security threats, vulnerabilities, trends, attack patterns, and mitigations.
• Understanding of ITSM and ITIL framework
• Understanding of technical aspects of system integration in a mixed technology environment.
• Understanding of common services (web, mail), protocols (SSH, VPN, SFTP, DNS), Microsoft365, Virtualization (VMWare ESXi), VDI (VMWare Horizon), CCTV, EDR (Sentinel One), Tenable.io, KnowBe4, CIS Workbench, Azure Sentinel, Graylog, Security Onion, NinjaOne, and other architectures (enterprise and cloud).
• Experience in performing technical assessments of network, operating systems, application security, and auditing IT processes.
• Project management skills

NECESSARY TRAITS:

• Spirited personality
• Ability to work well in a team setting with a diverse group of individuals.
• Understand role within team but take initiative.
• Ability to work under pressure but maintain a calm and approachable demeanor.
• Must be a self-motivated individual that is empowered to make decisions as required.

EDUCATION AND/OR EXPERIENCE

• High school diploma or general education degree (GED) required.
• Information Security Certifications, from accredited bodies, are required. At a minimum, the Certified in Cybersecurity professional certification from ISC2. A Certified in Information Systems Security Professional (CISSP) certification from ISC2 is preferred.

COMMUNICATION SKILLS:

• Ability to read and interpret documents such as security rules, operating and maintenance instructions, and procedure manuals.
• Ability to effectively communicate complex, technical requirements to an audience that may not have a technical background. These communications may be in meetings, training, presentation, or one on one settings.
• Ability to write routine reports and correspondence.
• Ability to speak effectively before groups of employees of the organization.
• Ability to converse professionally and with empathy with an emphasis on owning and solving issues whilst building excellent rapport.

WORK SCHEDULE:

This position is a standard full-time role and during select times individuals will be asked to work a flexible schedule based on department and company needs.

PHYSICAL DEMANDS:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to use hands to finger, handle, or feel objects, tools, or controls; reach with hands and arms; talk, hear, stand, walk, and sit. The employee is occasionally required to crouch, kneel, balance, bend/stoop, climb, push/pull objects and drive. The employee must be able to lift up to 25 pounds regularly and up to 50 pounds occasionally. Specific vision abilities required by this job include close vision, color vision, distance vision, peripheral vision, depth perception, and the ability to adjust focus.

As a condition of hire, background checks are required of all prospective hires of DOCOMO PACIFIC. Depending on the nature of your employment, a security clearance may also be required from the organization or other vendors. In the event an employee does not receive favorable results, the hiring offer may be rescinded.

Docomo Pacific is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.