Info Security Architect Mercury Insurance
Brea, CA

Job Description

Essential Job Functions:

The essential function of this position is to be accountable as an information security architect for supporting the information security program within IT and business initiatives including:

* Providing Information Security subject matter expertise and security consulting to IT projects and initiatives using information security standards, best practices and approaches.
* Developing Information Security requirements across the enterprise for data protection, network protection, and application protection and compliance with regulatory requirements for protection of information.
* Conducting threat analysis for systems or applications including analysis of current and known security exposures, planning for remediation of exposures, staged and planned penetration testing, vulnerability assessment and analysis of results.
* Conducting research on best practices, emerging technologies and threats as it relates to Information Security
* Act as subject matter expert on security related control testing and control remediation

Education:

* Worker characteristics are normally acquired through the successful completion of a 4-year college degree in information technology or a related field.
* CISSP certificaiton or equivalent is highly desired. .
* SANS certifications or equivalent are highly desired.
* CISA or additional security certifications are desirable

Minimum qualifications:

* Must have a minimum of eight (8) years of experience in information security

Knowledge and Skill (Strongly Preferred)

* Detailed knowledge of secure architectures and their design
* Working knowledge of Firewall Configuration, Intrusion Detection, Firewall Monitoring, System Monitoring
* Excellent knowledge of network security (Routing, switching, TCP/IP, DNS, Architecture, WLAN)
* Strong knowledge of Encryption / Tokenization / Key Management
* Excellent knowledge of Operating systems and platforms (UNIX, Windows, Virtualization, Secure configurations)
* Strong knowledge of Virus, Worms and Other Malware (Prevention and Detection)
* Strong knowledge of access control technologies
* Working experience and ability to conduct network vulnerability testing and remediation
* Working experience and ability to conduct Threat Analysis
* Working experience conducting Incident Response
* Working knowledge of privacy laws and the PCI DSS
* Knowledge of Security Policy, Standard, Guideline, Process Development
* Ability to work with all levels of personnel within the IT department and departments external to IT, in a dynamic and challenging environment.