SUMMARY

This role will work independently and be responsible for the daily operation and continuous tuning of Information Security systems to maintain and improve the overall security of the IT environment. The role will lead efforts to work across the lines of business to encourage their participation in sound security practices, risk management, and compliance. This role will regularly interact with members of IT, Legal, Finance, external partners and IT auditors. This role is part of the Information Security job family and will include opportunities for growth in areas such as; Information Security system design and architecture, cloud system security integrations, and secure application development initiatives.

WHY Jewelers Mutual:

We are a financially secure, exceptionally positioned, and intellectually curious company driven by our core values of Agility, Accountability and Relevancy! We continue to raise the tide of the jewelry industry we’ve served since 1913 through our innovative people, our unyielding customer commitment, and evolution of our products and services to be the most trusted advisor to all we serve.

With a generous benefits package, office locations throughout the United States, and a mantra of “making your mark today”, consider evolving your career and shining bright with Jewelers Mutual Group!

Essential Duties and Responsibilities include the following. Other duties may be assigned.

• Assist efforts in the development of IT security architecture, controls, processes, standards, policies and procedures that are aligned with enterprise policies, regulations, and industry best practice
• Take a leadership role around incident response; apply industry best practices on identifying security-related issues, work with other IT areas to establish and maintain effective procedures and controls, partake in off-hours support rotation
• Conduct risk assessments; work with business areas to identify risks in existing business processes and their use of IT services, analyze identified risks to inform and improve business processes and security awareness training curriculum, analyze proposed changes and initiatives in the environment
• Quickly and transparently communicate issues and new risks
• Ensure readiness for internal/external audits; test/evaluate information security administrative, technical, and physical controls and report findings
• Conduct daily Information Security log review and event analysis
• Measure IT security through metrics and communication to stakeholders
• Develop, document, and maintain procedures for assigned information security systems
• Research information security best practices, vulnerability/exploit trends, & new information security technology
• Lead smaller projects and initiatives that support information security practices and policies
• Define security requirements in line with standards
• Advocate for compliance with security policies and associated, legal, and contractual requirements

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Qualifications

• Bachelor’s degree from a four-year college or university
• 2 – 5 years of experience in Information Technology or related security, audit, identity management subject areas
• Strong background in business process analysis and project coordination.
• Excellent verbal communication skills to effectively communicate information to technical and non-technical resources.
• Ability to manage information security projects (or initiatives) while maintaining high levels of quality and effectiveness.
• Ability to influence multiple project teams as a subject matter expert
• Inquisitive thought process and desire to understand the how’s and why’s of the environment
• Ability to lead and influence others in support of Information Security programs
• Comfortable with working through ambiguity to clarify requirements and develop effective solutions
• Understanding of Information Security Best Practice and practical execution of security concepts
• Understanding of Cyber Security, US and International regulations, and ISO27K practices and principles
• Understanding of common technical, data, and security principles

Certificates, Licenses, Registrations

Certified Information System Security Professional (CISSP), Comp TIA Security , GIAC Security Essentials (GSEC) preferred

Physical Requirements

• Prolonged periods sitting at a desk and working on a computer.
• Occasionally required to stand; walk; use hands to finger, handle, or touch objects or controls; and talk or hear.