It's a great time to join AAA The Auto Club Group!JOIN THE TEAM COMMITTED TO DRIVING YOUR CAREER FORWARD**Job Type**:Full timeExempt/Non Exempt:Salary**Job Description**:Position DescriptionPrimary Duties and Responsibilities (details of the basic job functions):Provides senior level support to the information security team and closely works with the other members of the team to develop and implement a comprehensive information security program, including defining security policies, processes and standards. Works with the IT department to select and deploy technical controls to meet specific security requirements and defines processes and standards to ensure that security configurations are maintained. Provides support and oversight to security standards to ensure boundary control, integrity of information and security monitoring technologies are reducing risk for ACG enterprise. Closely works with Directory of Enterprise Information Security and senior leadership teams to ensure security for ACG information.Develops a common set of security tools/controls, defines operational parameters and analyzes tool output. Provides oversight to security staff on deploying tuning and running vulnerability scanning and penetration testing tools. Provides support to the coordination and remediation required by Audit and keeps current on existing and proposed security-standard-setting, state and federal legislation and regulations pertaining to information security.Supervisory Responsibilities (briefly describe, if applicable, or indicate None):noneRequired Qualifications (these are the minimum requirements to qualify)Education (include minimum education and any licensing/certifications):- Bachelor and/or Masters degree in Computer Science, Information Systems, Business Administration and/or equivalent security certification (CISSP, SSCP, GIAC, CEH, etc).**Experience**:Extensive experience in/with:- Reporting unresolved network security exposures, misuse of resources or noncompliance situations using defined escalation processes.- Assisting and training team members in the use of security tools, the preparation of security reports and the resolution of security issues.- Developing and maintaining documentation for security systems and procedures.- Responding to security incidents and resolving and/or escalating reported incidents as appropriate- Monitoring system logs, SIEM, DLP tools and network traffic for unusual or suspicious activity and interprets these activity, making recommendations for resolution.- Investigating and resolving security violations by providing post event analysis to illuminate the issues and possible solutions.- Implementing and/or coordinating remediation required by audits, and document exceptions as necessary.- Researching threats and vulnerabilities and where appropriate, taking action to mitigate these issues.- Conducting penetration tests and vulnerability assessments on information systems and infrastructure.- Supporting information security architectural requirements.- Developing a common set of security tools defining operational parameters for their use and conducting reviews of tool output.- Working with/mentoring less experienced staff on deploying, tuning and running vulnerability-scanning and penetration-testing tools.- Providing second- and third-level support and analysis during and after a security incident.- Participating in security investigations and compliance reviews, as requested by internal or external auditors.- Maintaining an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security.- Participating in the enterprise architecture (EA) community, and providing strategic guidance during the EA process.- Researching, evaluating, designing, testing, recommending and planning the implementation of new or updated information security technologies.Knowledge and Skills:- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.- Mainstream operating systems (for example, Microsoft Windows and Red Hat Linux) and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.- Information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.- Network infrastructure, including routers, switches, firewalls, and the associated TCP/IP network protocols and concepts.- Regulatory requirements such as PCI, FFIEC and Gramm-Leach-Bliley Act- Current systems' software, protocols and standards- Excellent presentation, persuasion, written and interpersonal skills to include procedure and technical material, report/proposal preparation and oral presentatio
