Information Security Principal Job Description
Information Security Principal Duties & Responsibilities
To write an effective information security principal job description, begin by listing detailed duties, responsibilities and expectations. We have included information security principal job description templates that you can modify and use.
Sample responsibilities for this position include:
Information Security Principal Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Security Principal
List any licenses or certifications required by the position: CISSP, CISA, CISM, CASP, IAT, GSLC, IAM, CE, III, CRISC
Education for Information Security Principal
Typically a job would require a certain level of education.
Employers hiring for the information security principal job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Technical, Engineering, Information Technology, Management, Technology, Information Systems, Architecture, Project Management
Skills for Information Security Principal
Desired skills for information security principal include:
Desired experience for information security principal includes:
Information Security Principal Examples
Information Security Principal Job Description
- Apply expert knowledge and broad understanding of Information Security strategies that will ensure proper security of data in applications undergoing changes in code such as upgrades or patches, replacement of vendors, Ensure that any changes do not interfere with the current security level
- Serve as scrum master for teams (generally 2 teams at PA level)
- Demonstrates strong ability to lead live training courses to other associates
- Ability to effectively use PowerPoint presentations to convey clear agile direction
- Actively participates in Scrum Alliance organizational events and gatherings
- Ability to train new staff on new tools and methodologies to support network security procedures
- Create metrics to track performance improvement using Agile tools
- Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST Special Publications (800-37, 800-53 and others)
- Participates in design of forensics and analysis standards
- Manages production of incident reports
- Expert understanding of virtual infrastructure including VMware Vsphere, ESXi 4.x is preferred
- Minimum of 7 years’ experience in an IT organization, with a focus on system administration, application administration, and information security
- Minimum of 5 years’ experience with SAP Security and Oracle Identity Manager
- Minimum 8 years related experience with mainframe platforms (MVS, VM) and 4 years Unix or Linux experience
- Has a deep understanding of security controls and in-depth knowledge of how security technologies work – web proxies, email gateways, SPAM filters, WAF, DDOS Protection
- At least 2 years of experience with tools used in incident response, computer forensics, or malware analysis
Information Security Principal Job Description
- Work with that leadership to anticipate to understand needs and recommend options
- Ensure compliance with security policies and other regulatory and industry standards
- Information infrastructure integration
- FISMA Compliance of Special Program/SA
- SAP community COOP requirements and assessments
- COOP policies, directives, IT designs, COOP compliance and coordination
- Investigates and resolves incidents and breaches regarding the network
- Direct supervision of Consultants in developing and executing Information Security projects
- Direct client-facing engagement responsibilities
- Serving as both role model and trainer for Consultants, this person demonstrates the attributes of excellent client service and assists team members in developing technical and professional competency
- Three Security certifications or equivalent are required (GSEC, GISF, GPEN, GWAPT, GCIH, GCIA or GCUX or equivalent are required)
- Expert understanding of network protocols and architecture (TCP/IP, ATM, WAN, Bridges, etc) is required
- At least 2 years of study or experience in computer science or cybersecurity-related areas demonstrating a deep understanding of security controls for common operating systems the components of a successful information security program
- At Least 1 year Excel pivot tables, macros, and pulling statistical reports and/or with SQL/PostgreSQL
- At least 2 years of experience writing technical reports for cyber-security related analysis, incidents or assessments
- At Least 2 years of experience of data analysis using statistical models
Information Security Principal Job Description
- Communicating well through clear written and verbal communications, active listening, and transparency
- Leads and improves the division’s capabilities to detect and alert on security events and incidents through constant incremental improvement to the business rules, queries, filters, correlation and alert criteria among relevant security tools/systems
- Identifies appropriate platform and application logging and triggers at design phase to support advanced fraud and cyber detection use cases
- Provide vision and direction to the operational components of security programs including incident management and secure software development
- Implement controls around identity and access management, privileged access usage and monitoring
- Partner with key stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation
- Conduct continual research to maintain knowledge of technology and customer needs
- Advise & consult on technology solutions
- Provide input on policies, practices, and procedures throughout the Security infrastructure
- Provide guidance and assistance to senior level technology and business managers in researching innovative and disruptive technologies
- At Least 1 of experience in Cloud Security and/or Application Security or related fields
- Bachelor's Degree in Business, or Bachelor's Degree in Computer Science, or Bachelor's Degree in Information Systems, or Bachelor's Degree in Engineering, or military experience
- At least 2 years of experience using Agile methodology tools
- Master's Degree in Business, or Master's Degree in Computer Science, or Master's Degree in Information Systems, or Master's Degree in Engineering
- JIRA Certification
- Experience with XACTA is ideal
Information Security Principal Job Description
- Provide security domain expertise to help distributed campus IT security managers
- Remains current on IT Security/Architecture trends
- Perform vulnerability analysis and management and data analysis for all enterprise and cloud enclaves
- The contractor shall generate vulnerability data
- Constantly monitor, log, and track all NGA systems for vulnerabilities
- Conduct vulnerability analysis on each Enterprise network monthly for IAVM compliance and produce an IAVM compliance report
- Conduct analysis for network security compliance in accordance with DISA STIGs
- Provide on-site and/or remote testing in support of FISMA and CCRI through certification scans
- Experience in Assured Compliance Assessment Solution (ACAS) desired
- Manages security systems, and analyzes potential threats and vulnerabilities to client systems
- Ability to brief and discuss with customers on program IA status
- Ability to collaborate with customer entities to support events
- Ability to collaborate with engineering providers to install IAVA patches and document as required
- Support customer recurring vulnerability assessment activities
- Support vulnerability remediation activities
- Ensure systems meet the required customer-mandated directives and follow the appropriate Assessment and Authorization standards
Information Security Principal Job Description
- Performs off-site audits to check on disaster recovery program effectiveness as needed
- Certification and vulnerability data generation shall be run with minimal to zero impact on network and systems performance
- Review, validate, and categorize security events using a variety of information security technologies
- Thoroughly document security investigations for various stakeholders across the company
- Proactive hunting on the network to identify security risks
- Make recommendations and/or implement security controls and countermeasures to prevent or mitigate various security risks
- Be accountable for the patch and vulnerability management process the performance of the matrixed team’s assigned tasks
- Provide technical support and leadership to system owners to propose mitigation and remediation solutions to identified issues
- Providing operational support of our security technology stack as required
- Ability to analyze and learn rapidly changing technologies, designing solutions that are applied as integral to business requirements
- Support the assessment
- Will examine potential security violations and determine if the installation campus area network (I-CAN) IA policy has been violated, breached, circumvented to make an assessment and report to the IAM
- Will review and verify user accounts, based upon user access and user logins
- Responsible for maintaining the IA policy in accordance with Tier 0/1 CNDSP for the web proxy to include any changes to the Master Block List
- Must stay abreast of DOD-Approved system security tools and products
- Will diagnose, resolve and document network system security problems in response to security incidents