IT Risk and Security Consultant-Los Angeles

Job ID: 7126Location: Los Angeles, CADepartment: 45HEducation Required: Bachelors DegreeExperience Required: 5 - 7 YearsPosition Description: The ideal candidate will be well-versed in IT security architecture and controls required to protect the confidentiality, integrity and availability of an organization's assets. They would have started their career in an IT organization focused on server, network, and Internet security infrastructure supporting critical applications providing service to the business. After 2-3 years of developing their fundamental understanding of IT infrastructure, application and security technology, they would have transitioned into more of an IT risk management and consulting position. This position would require the candidate to understand industry standards and methodologies for obtaining the business security requirements, assessing IT security controls, providing management with identification and resolution of key risks, and handling of security incidents. The ideal candidate would also have a deep understanding of IT compliance requirements from an industry (e.g. SAS70) regulatory (e.g. SOX, HIPAA, GLBA, EU Data Privacy) and standards (e.g. ISO 27001, CoBIT, COSO, ITIL) perspective.Position Requirements:- Provides coaching and consulting to new G-IT initiatives and projects to ensure alignment and compliance of these projects/initiatives with the G-IT risk framework. Ensures adherence through audit and reviews of critical projects, applications and processes.- Supports G-IT risk management processes (e.g. incident analysis, quality measurement)- Implements G-IT security architectures locally and ensures early recognition of new ITdevelopments and/or risks. Ensures effective incorporation or resolution through appropriate standards and processes- Applies security technologies (e.g. Identity & Access-Mgmt, Intrusion detection, Internet Security, etc.)- Locally implements and supports Risk Awareness campaigns, compliance assessments and the exception of G-IT risk policies and standards - Supports internal and external audits and compliance initiatives- Manages security incident responses and supports (CSIRT) / monitors and assesses security events- Provides computer forensics and investigation services to legal, HR and corporate investigation departments- Designs, implements and manages IT Security monitoring and logging controls and procedures- Provides infrastructure vulnerability assessment and management services to ISPs- Ensures alignment with regulatory and compliance frameworks- Provides consultation for multiple areas of risk and security to project efforts within various areas in IT or external service providers- Consults on and provides security solutions, security advisory and risk mitigation consultancy for local and global IT projects (in conjunction with IT architecture, IT service management and IT operations)- Develops, implements and operates an IT Security threat analysis and vulnerability assessment program- Implements and manages Information Security programs, including policies, governance processes, awareness programs and compliance audits- Develops and maintains the core security processes and ensures that they are robust (i.e. meet Sarbanes-Oxley and COBIT standards), singular, consistent, secure, understood and scalable across the regions. Applies security mgmt practices, policies and standards- Implements and manages information security programs, including policies, governanceprocesses, awareness programs and compliance audits- Provides extensive security engineering and consulting services for broad areas of IT risk and security to IT, Zurich business units and Business Segments and external service providers.- Sets and defines IT Security standards and practices.- Interacts with contacts across the global enterprise for providing IT Security engineering and Consulting services.Position Attributes:-IT security controls (e.g. Firewall, Intrusion Detection & Prevention, Identity & Access Management, Encryption, Backup and Restore, High-Availability, Malware, etc.)-System Development Life Cycle and Project Management Data and voice network (e.g. WAN, LAN, VPN, TCP/IP, etc.)-Service management processes in the areas of service support (e.g. Incident, Problem, Change, Release and Configuration management) and service delivery (e.g. Service Level, Availability, Capacity, Financial, IT Service Continuity management)-Operational and data center requirementsStrong business acumen. -Able to participate in and facilitate discussions with complex content-Composes reports with almost no grammatical errors and can communicate proficiently to stakeholders and business executives-Ability to multi-task delivering various IT risk and security services to stakeholders.