The Senior Information Technology Security Analyst will be responsible for all aspects of Information Technology Security within Hershey Entertainment & Resorts (HE&R). This person will ensure the secure operation of the HE&R Information Technology systems, servers and network infrastructure. This person will also be responsible for the maintenance and enforcement of the Information Technology Security Policies and Procedures, performing risk assessments and ensuring the disaster recovery policies and procedures are maintained. The Senior Information Technology Security Analyst will oversee the various Audit requests and Risk Assessment that are performed within Information Technology and operations each year. This position will ensure that PCI compliance is maintained and work with the security technology in place along with vendors to achieve this.
PLEASE NOTE: The anticipated start date for this position is early 2018.
- Oversight of the PCI, HIPPA, and other compliance mandates. This requires an ISA Certification which gives the authority to facilitate the Self Certification process with PCI.
- Facilitation of a HE&R security program that follows a framework where the Risk is Identified, the remediation steps, and the frequency is outlined. This will require working with Information Technology and Departmental staff to review system audits, make recommendations to enhance controls, and provide direction for the security program.
- Oversight of the Security Technology within HE&R. This includes working with software vendors to ensure our direction aligns with industry standards and direction. Some of the technology used is Anti-Virus, IDS, IPS, Log Event Management Incident response, CCURE physical security access control systems, Computrace, Data Leakage Protection software, Messaging Security, and other industry leading technology.
- Working with Corporate Security to ensure that the technology is supported. This would include Incident Management software support, access control system support and knowledge of camera technology.
- Oversight of Incident Response for the company. This includes real-time response on event logs throughout the organization, Disaster Recovery testing and documentation, and facilitation of table top exercises on a regular basis to test the documented processes.
- Minimum of 5 years of related experience working in Information Technology, preferably within the Information Security field.
- Bachelor’s degree, preferably in an Information Technology, Information Security or Business related function. A minimum of ten (10) years related work experience can be substituted if no degree is obtained.
- Must have a valid driver’s license.
- Information Security Certification highly preferred – CISSP, CISM
- Strong knowledge of Internet and network security technologies such as: TCP/IP, firewalls, Anti-Virus, SIEM, Web Proxy, VPN, Encryption technologies, server configuration, and application security.
- Strong knowledge of third-party security or audit tools
- Strong familiarity with Information Security frameworks, guidelines and standards such as NIST, ISO, FFIEC, PCI, GLBA, etc.
- Excellent verbal, written and interpersonal communication skills
- Proven ability to work independently and as part of a team
- Proven customer support skills
- Strong problem solving and decision making skills
- Team Lead experience helpful
Physical Demands & Working Conditions:
- The work schedule for this position will include normal business hours between Monday-Friday (8AM-5PM). Additional evening/weekend hours may be required based on operational need.
Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time.
Hershey Entertainment & Resorts is an Equal Opportunity Employer