Job Description :
Role: VP POC
Duration: 1+ year
Location: Dallas, TX or Buffalo grove, IL
Role Description:
The Service Delivery Advisor is a visible role within organization ensuring effective application security and compliance to internal & external requirements.
The candidate should be a technical subject matter expert and work with peers in the Enterprise security and audit teams to advise business stakeholders and various application development teams on proper security in their Software Development Lifecycle, advise on scanning and vulnerability remediation in applications and strategic use of infrastructure technologies to provide layers of defense.
He/she will provide guidance on the risks to the enterprise based on the results of identified vulnerabilities and threats, in addition to potential mitigation strategies. The candidate will provide appropriate updates to IT management and assist in responding to audits as necessary. The successful candidate must have demonstrated experience specific to technical application secure coding techniques, information security best practices, as well as an understanding of healthcare and retail business processes and regulations.
Specific responsibilities include, but are not limited to:
Participating in weekly meetings with the vulnerability management team, line of business, towers, and application owners to discuss status and progress of assigned vulnerabilities.
Ensure proper alignment of vulnerability assignments to by line of business, tower and application groups.
Drive the creation and closure of vulnerability remediation plans.
Evaluate user needs and system functionality, and help develop IT security strategies associated with security scanning and detection.
Contribute and influence application security policies across PBM IT and the larger enterprise.
Partner with auditors during compliance and regulatory reviews.
Education & Experience:
Bachelor's degree in Computer Science or equivalent work experience required.
Minimum of 7-10 years of professional experience in computer security or a related technology field.
Previous experience should include roles in IT operations, programming, or other technical role.
Knowledge, Skills & Abilities:
Strong communication skills are required to facilitate meetings with both technical and business audiences, often across multiple functional departments, related to security topics.
Understands ITIL, service management and quality management practices
Must have background and understanding of networking and network security technologies such as Firewalls, IDS/IPS, Proxies, Content Filtering, Application security, monitoring/management, Vulnerability management, risk and compliance.
Intermediate TCP/IP networking knowledge (including networking architecture, firewall configuration, and DMZ layout
Advanced Web technology knowledge (i.e., HTTP, HTML, SQL)
Advanced knowledge of the detection, exploit, and prevention of software vulnerabilities (i.e., SQL Injection, XSS, buffer overflows)
Understanding of compliance requirements such as PCI, SOX, etc.
Professional certification(s) a plus but not a requirement.
Demonstrated proficiency working on all phases of SDLC.