IT Systems Administrator III

Giesecke Devrient is a growing, German international security technology company operating in the fields of digital security, financial platforms, and currency technology. G D ePayments manages and secures billions of digital identities throughout their entire life cycle. Our products and solutions are used by commercial banks, mobile network operators, car and mobile device manufacturers, business enterprises, transit authorities and health insurances and their client’s every day to secure payment, communication and device-to-device interaction. G D ePayments is a technology leader in its markets and holds a strong competitive position.

Job Summary:

The Information Security Administrator III has overall responsibility for the administration of the Information Security program for Giesecke Devrient America, Inc (G D). This includes the ongoing administration of G D’s security certifications for ISO 27001, PCI, and internal information security compliance. Serve as the subject matter expert in data security and act as a consultant in assisting other departments with IT Security process and documentation. Investigate findings to determine root causes and recommend necessary preventative actions to mitigate reoccurrence of the associated risks. Must have ability to provide 24x7 for possible Security or IT related emergencies and/or escalations.

Qualifications and Skills:

Education and Experience

• Associate degree in Computer Science or Information Systems
• 5 years IT/Information Security experience, preferably in a financial service or similar industry
• CISSP and/or CISA certification required
• Audit and Compliance experience (PCI, ISO)

Knowledge Skills and Abilities

• Solid knowledge and understanding of IT Security Standards (ISO 27001) and IT Process Standards (ITIL, COBIT)
• Strong computer skills (MS Office, Visio, TCP/IP, Nmap)
• Solid understanding of the key technical and organizational concepts of Information Security-related Systems (firewalls, intrusion detection, virtualization technologies, encryption, VPN, etc.).
• Ability to develop and defend technical recommendations and budgetary plans and communicate them in non-technical “business language”
• Ability to communicate information security issues clearly and appropriately to audiences with diverse technical backgrounds, without creating unnecessary urgency
• Role may require up to 15% travel

Essential Functions:

• Administer and preserve G D Security Certifications through the administration and ongoing enhancement of the Information Security Management System with a primary focus on ISO 27001, Cryptographic Key Management and PCI Logical Security requirements. Ensure Information Security controls are relevant, properly documented and maintained for ongoing recertification and governance activities. Part of the role is to maintain a system that fosters appropriate, demonstrable, auditable and coordinated security procedures, and practices that are compliant with related laws, regulations, policies and professional standards.
• Provide daily supervision of IT Security staff and tasks.
• Responsible for effective and comprehensive administration of the cryptographic key management program, which includes the generation, exchange, storage, use, replacement and documentation of cryptographic keys. Possess a full understanding of key management servers, symmetric and asymmetric keys, and public key infrastructure (PKI).
• Ensure compliance with all applicable internal and external Information Security requirements through coordination of internal and external Logical Security audits.
• Maintains a system that fosters appropriate information security training and awareness. Responsible for developing and maintaining a system that encourages the routine use of risk assessments and risk management planning related to the information security features of systems, tools and networks.
• Responsible for assessing, reporting and assisting in the remediation of IT security vulnerabilities for IT systems and applications that are part of G D operations.
• Responsible for designing, documenting, training and testing of the corporate IT Security Incident Response Plan.
• Responsible for maintaining status information regarding the configuration files for information security appliances, software and equipment (monthly firewall rule target/configuration comparison etc.)
• Independently contribute ideas and process improvements and look for creative solutions and better ways of doing things, in order to meet goals of continuous improvement
• Identify, analyze, and address problems in order to resolve issues whenever possible in a way that minimizes the negative impact on the organization
• Work with the ISF (information security forum) materials and tools including participation in local ISF chapter meetings
• Analyze issues not only from a local point of view but should also consider the global scope of G D operations
• Performs other duties as assigned
• Complies with all policies and standards

BENEFITS INCLUDE

Medical (PPO and HDHP with HSA), dental, Vision, PTO, paid holidays, 401k with employer match, short/long term disability, life insurance, healthcare and dependent care flexible spending, EAP, commuter benefits, education assistance and more.