The Information Security (IS) Specialist is responsible for the day-to-day monitoring, remediation, and coordination of information security processes. This critical role works in conjunction with the Director of IT and select vendors to identify threats and ensure their timely remediation in collaboration with the broader IT team. The IS specialist is a hands-on, key player in keeping our client and firm data available and secure.

Primary Responsibilities and Duties

• Use vendor notifications and system reporting tools for security monitoring and carrying out vulnerability remediation priorities.
• Monitors and responds to security alerts and incidents. Cooperates with the larger IT team to examine any security incidents or breaches to determine their root cause and carry out the determined remediation.
• Ensures IT’s compliance with existing policies and procedures including verification of completed backups and secure data storage.
• Coordinates implementation of approved changes to improve the following areas:
  • Cybersecurity measures and controls; protocols for protecting digital files and information systems against unauthorized access, modification and/or destruction.
  • The firm’s vulnerability management program using scanning tools to monitor, report on, and remediate vulnerabilities on firm devices.
  • Remediation of audit findings.
  • Disaster recovery testing.
  • The firm’s incident response process.
• Proactively maintains and monitors:
  • Vulnerability scanning tools, threat remediation tracking and reporting.
  • Intrusion protection and detection systems.
  • Access permissions in accordance with the firm’s established information security policies.
  • Periodic user entitlement and account reviews.

• Coordinates internal and external testing with vendor partners including designing and executing phishing tests. Helps develop security awareness training and makes it available to firm users.
• Helps evaluate information security compliance and risk to recommend improvements. Understands industry best practices and conducts continuous research on emerging threats, products, services, protocols, and standards in support of security enhancement and development efforts.
• Participates in information security internal/external audits and exams providing requested data and information. Manages any required remediation.
• Assists in the IT vendor selection process and leads periodic third-party vendor assessments, specifically to verify that vendors comply with existing firm information security standards.

Qualifications

Three or more years of experience working in information security. Bachelor’s degree in Information Technology or related field is required.

It is critical that applicants have solid experience working with modern firewalls, Microsoft 365 Security Suite and current versions of Windows Servers/PC operating systems as this role continually works to resolve vulnerabilities in these systems.

Core Skills and Experience Required:

• Experience working with Information Security Systems with a focus on cloud-based enterprise tools such as Microsoft Defender, Microsoft SCCM, Mimecast and KnowBe4.
• Knowledge of database fundamentals and scripting tools.
• Experience with administering Microsoft 365 Active Directory (Entra) and Exchange Online in a sophisticated, high use environment.
• In-depth knowledge of networking principles and architecture.
• Exceptional customer service aptitude: ability to demonstrate a high degree of professionalism and maintaining positive interactions with all clients and colleagues.
• Commitment to continual process improvement.
• Ability to adapt to ever-changing priorities and deadlines.
• Ability to work well under pressure and handle multiple tasks simultaneously.
• Excellent verbal and interpersonal communication; organizational, time-management and problem-solving skills.
• Flexibility to work extended hours as needed.

To apply, please submit your cover letter and resume to Susan van Vollenhoven at svanvollenhoven@pierceatwood.com