Back to Job Search

IT Security Operations Specialist II

  • Location: Scottsdale, Arizona, 85255
  • Job Type:Permanent

Posted 9 days ago

Administers security applications and systems. Delivers accurate documentation in support of the organization’s PCI and other security framework requirements to ensure information security compliance. Collaborates across the IT, Risk, & Legal business segments on various security and compliance driven activities.

Essential Duties and Responsibilities:
• Administer the annual PCI audit through collaboration with stakeholders; including but not limited to meeting facilitation, reporting, evidence collection/tracking, and development of responses.
• Administer the PCI compliance portal
• Analyze security vulnerability scan results; prioritizes vulnerabilities; and collaborates with IT partners to mitigate risks to an acceptable level.
• Assist the information governance team in the formation and execution of information management framework, policy, and standards for data loss prevention, privacy, data classification, and retention of digital information.
• Recommend, implement (as appropriate), and audit/validate on-going compliance/governance policies in support of information in new and existing technology such as Microsoft O365.
• Implement information security best practices which align with industry standards in support of the IT business segment strategy.
• Collaborate with the Security Operations Center (SOC) to provide support/assistance; assists with creation of repeatable process documentation.
• Ensure adherence to IT security and enterprise governance standards, processes and controls.
• Increase end user security awareness by participating in the delivery of information security best practices and threat remediation.
• Participate as a member of the Incident Response Team (IRT); focus on security event response, forensic investigations and incident recovery.
• Assist employees, vendors or other customers by answering questions related to security governance policies, processes and procedures.
• Stays current on the latest security and IT industry technologies, trends and strategies.
• Completes work in a timely and accurate manner while providing exceptional customer service.
• Other duties as assigned.
• This position requires a minimum of 3 years information security experience with progressive complexity and responsibility.
• A minimum of 3 years’ experience with information security and compliance, software development life cycle (SDLC), change management required.
• Corporate retail experience is preferred.
• Demonstrated knowledge of PCI standards is also preferred.
• Proven knowledge of information security tools, including, but not limited to, intrusion prevention, vulnerability scanning, syslog, firewall policies, reverse proxy and authentication (F5 Web Application Firewall, digital Hands AWS Logging/Alerting; Splunk Security Incident & Event Management, Firepower Intrusion Detection System, Password Vault, Tenable/Nessus Vulnerability Scanner; O365 Security & Compliance Center) is necessary.
• Demonstrated critical thinking a plus.
• Ability to communicate across all levels of the organization, present complex ideas concisely and clearly articulate technical ideas to a non-technical audience both verbally and in writing is necessary.
• Demonstrated ability to work efficiently under pressure, accurately meet deadlines, present a professional demeanor and work well independently is essential. In addition, troubleshooting and organizational skills with a can-do attitude and the ability to adjust to changing requirements are essential.

• Maintaining confidentiality, treating others with respect and upholding Company values is key.
Educational Requirements:
• This position requires a bachelor’s degree in Computer Science, Business, Criminal Law or related field.
• Security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), CompTIA Security+, or Systems Security Certified Practitioner (SSCP) highly desired.
• Microsoft security or administrator certifications a plus.