Information Security Engineer

Position Code08-192Position ScheduleFull Time EmployeeLocationWest Des MoinesJob ResponsibilitiesPosition Summary: Support all activities related to the development, implementation, maintenance, adherence and governance of the Information Security Framework; covering the informational assets of the organization.Essential Functions: 30% Create, update and maintain multiple systems documentation including but not limited to risk assessments, privacy impact assessments and security plans. Perform information security site reviews to determine appropriate levels of information security infrastructure.20% Perform risk analysis and compliance audits to validate implementation and compliance to existing security standards, state and federal legislation or regulations and contract requirements as appropriate. 20% Evaluate security and privacy risks balancing business drivers, best practices and external drivers. Provide proactive solutions or recommendations through collaboration across business units. 10% Coordinate plans of actions and milestones (POA&Ms) so they are completed timely and submitted as required.10% Assist in the implementation and ensure compliance of IFMC strategic information security vision with the development of communications and marketing plans for information security initiatives to raise security awareness and compliance.10% Lead computer security incident response efforts including but not limited to performing digital forensics, preparing executive summaries, recommending mitigation strategies and tracking remediation efforts. Minimum Education & Other RequirementsRequirements:Bachelor’s degree in Computer Science, Engineering, Information Security or related discipline: equivalent experience acceptable. 7-10 years of work experience in IT in one or more areas of infrastructure, application development, database and systems management; three or more years of experience must be in and information security role.Previous experience conducting full information security risk assessments based on industry accepted standards (ISO, CoBIT, NIST)5-7 years experience with system or network administration with at least 2 of the following technology groups; Microsoft Windows and Active Directory, Oracle/SQL, UNIX/Linux, network infrastructure (TCP/IP, routing and switching, firewalls, IDS/IPS) Desirable licenses / certifications: CISSP, SSCP, GIAC, CISM.Ability to perform intermediate PC functions including spreadsheet formulas and functions, queries, tables, merges and special reports. Will perform some troubleshooting. Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures or governmental regulations. Ability to write reports, business correspondence and procedure manuals. Ability to effectively present information and respond to questions from management, clients, customers and the general public.Ability to define problems, collect data, establish facts and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.Positions working on specific contracts may require U.S. Citizenship.Because the nature and immediacy of the work, the ability to maintain regular and predictable attendance is essential. Behaviors: Analytical Thinking Judgment Technical Expertise Directing Others Planning/Organizing Relationship Building TeamworkPhysical and Mental Demands: Ability to stand, walk, or hear over 2/3 of the time; sit, use hands to finger, handle or feel, reach with hands and arms, climb or balance, taste or smell under 1/3 of the time. Repetitive motion using arms, hands, and fingers up to 15 minutes at a time.Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures or governmental regulations. Ability to write reports, business correspondence and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, customers and the general public.Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists. Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form. Work Environment: Noise level is moderate.Sensitivity level of information handled in position: high Additional Comments/Requirements Please apply at: www.ifmc.org