Excellent Experience in ISMS, Information/Application and Network Security

Architecture, Policy, Governance and Standards, State and local regulations and
internal audit compliance, Payment Industry related regulations (PCI-SSC
directives)
Broad Knowledge Expertise in Information, Network Application Security
Compliance /Certification, Security Operations
Strong Deep Knowledge of SDLC phases, Tech Tools around that, creation of
Environment for Support and Drive Team
Security Architecture Engineering team in performing vendor bake offs, P vendor
assessments and driving project team members until the solutions are deployed.
Managing Design / Drive Team to implement IT Infra Info Security Quality Processes
(ISO 27001, PCI-DSS v3.2.x, PA-DSS)
Create / Help Create/ Manage / Maintain / Update - Process, Quality, Documents,
Standard for IT Infra and Info Security Objective, and maintain up to date scenario
as per business objective, driving PCI-DSS, PA DSS, Cyber Security and other
required audit / document compliance, and work as Inter Auditor
Creation of run-books and other documentation for various projects and operational
tasks, BCP, DR, Work place recovery, Power maintenance activities.
Process / Audit / Quality / Doc implementation for any of IT related organization
process / framework under - ISO 27001:2013 or latest / COBIT 5 / GDPR/HIPAA / PCI
DSS V. 3.2 / ITIL
Create Plan Drive Security Compliance tasks for Organization Critical Area - Risk
Compliance Process Maintenance (Calendar for Audit, VA, PT, Assessment external /
internal, AppSec) Management Report / Client Handling
Project Management for ---Security configuration as required (AV solution SIEM
tools and Log Management SolarWinds Solutions)
Mitigating Internal Audit findings by implementing the required remediation also
creating documentation as required.
Plan security tools to help support the Information Security team and other
security related projects.
Lead forensic investigations and Computer Security Incident Response by
coordinating efforts between HR, Legal, Compliance, Global Security, etc. In case
of Gag
Managing / Drive for - Risk Assessment (Asset, Access, Threat, Vulnerability) Risk
Closure drive, VA , PT, Network , Cyber Security, Patches, Security Notification
Management / Drive Team to close
Collaborating and working with respective business units and driving remediation
and providing consulting service related to vulnerabilities.
Possess excellent communication, interpersonal, people management, relationship
management and analytical skills. Experience of working under cross-cultural
environments.

Desired Candidate Profile

Excellent Technical skills with proven hands-on experience (min 3 yrs)
Deep Knowledge of IT Systems, SDLC, IT Process Knowledge, Info/IT/ Network Security
Understanding, Design Implementation @ Respective Area
Required Certification - CISM/CISSP/ ITIL V3 Foundation Certified / ISO
27001:2013 /CPISI /PCI DSS V 3.2.1Excellent Experience in ISMS,
Information/Application and Network Security Architecture, Policy, Governance and
Standards, State and local regulations and internal audit compliance, Payment
Industry related regulations (PCI-SSC directives)
Broad Knowledge Expertise in Information, Network Application Security
Compliance /Certification, Security Operations
Strong Deep Knowledge of SDLC phases, Tech Tools around that, creation of
Environment for Support and Drive Team
Security Architecture Engineering team in performing vendor bake offs, P vendor
assessments and driving project team members until the solutions are deployed.
Managing Design / Drive Team to implement IT Infra Info Security Quality Processes
(ISO 27001, PCI-DSS v3.2.x, PA-DSS)
Create / Help Create/ Manage / Maintain / Update - Process, Quality, Documents,
Standard for IT Infra and Info Security Objective, and maintain up to date scenario
as per business objective, driving PCI-DSS, PA DSS, Cyber Security and other
required audit / document compliance, and work as Inter Auditor
Creation of run-books and other documentation for various projects and operational
tasks, BCP, DR, Work place recovery, Power maintenance activities.
Process / Audit / Quality / Doc implementation for any of IT related organization
process / framework under - ISO 27001:2013 or latest / COBIT 5 / GDPR/HIPAA / PCI
DSS V. 3.2 / ITIL
Create Plan Drive Security Compliance tasks for Organization Critical Area - Risk
Compliance Process Maintenance (Calendar for Audit, VA, PT, Assessment external /
internal, AppSec) Management Report / Client Handling
Project Management for ---Security configuration as required (AV solution SIEM
tools and Log Management SolarWinds Solutions)
Mitigating Internal Audit findings by implementing the required remediation also
creating documentation as required.
Plan security tools to help support the Information Security team and other
security related projects.
Lead forensic investigations and Computer Security Incident Response by
coordinating efforts between HR, Legal, Compliance, Global Security, etc. In case
of Gag
Managing / Drive for - Risk Assessment (Asset, Access, Threat, Vulnerability) Risk
Closure drive, VA , PT, Network , Cyber Security, Patches, Security Notification
Management / Drive Team to close
Collaborating and working with respective business units and driving remediation
and providing consulting service related to vulnerabilities.
Possess excellent communication, interpersonal, people management, relationship
management and analytical skills. Experience of working under cross-cultural
environments.

Desired Candidate Profile

Excellent Technical skills with proven hands-on experience (min 3 yrs)
Deep Knowledge of IT Systems, SDLC, IT Process Knowledge, Info/IT/ Network Security
Understanding, Design Implementation @ Respective Area
Required Certification - CISM/CISSP/ ITIL V3 Foundation Certified / ISO
27001:2013 /CPISI /PCI DSS V 3.2.1

�?� Support the effective operation of Jumio ISMS within region or function
andassociated independent security certification activities
�?� Manage the process of gathering, analyzing and assessing the current andfuture
(local / regional) threat landscape, as well as providing a realisticoverview of
(local) risks and threats in the enterprise environment.
�?� Supporting the development and management of (local / regional)
securitygovernance processes and relevant forums that provide visibility
andtransparency of Jumio�??s cyber security risk position with relevant
riskmanagement stakeholders around the business in alignment with the globalISMS.
�?� Serve as an active and consistent participant in the (local /
regional)information security governance process.
�?� Work with the Governance Risk and Compliance team, CISO function,technology and
business stakeholders to define metrics and reportingstrategies that effectively
communicate successes and progress of thesecurity program.
�?� Support CISO function to develop budget projections based on (local /regional)
short- and long-term goals and objectives.
�?� Work with various stakeholders to identify information asset owners toclassify
data and systems as part of a control framework implementation.
�?� Monitor and report on (regional / local) compliance with security policies,
aswell as the enforcement of policies within the business.
�?� Propose changes to existing policies and procedures to ensure
operatingefficiency and regulatory compliance and/or amendments to existing
policiesand procedures to fit local needs.
�?� Provide security communication, awareness and training for local, regional
orfunctional audiences
�?� Assist (local) resource owners and IT staff in understanding and respondingto
security audit failures reported by auditors.
�?� Support security related incidents and participate in problem and
changemanagement forums.
�?� Manage outsourced vendors that provide information security functions
forcompliance with contracted service-level agreements.
�?� Consult with (local) IT and IT operations staff to ensure that security
isfactored into the evaluation, selection, installation and configuration
ofhardware, applications and software.
�?� Recommend and help coordinate the implementation of technical controls
tosupport and enforce defined security policies.
�?� Provide support to security champion networks, security guilds and act
ascascade point of contact into the location, region or function within scope�
Qualifications, Experience & Skills Required:�
�?� A minimum four years in an information security role.
�?� A bachelor's degree in information systems or equivalent work experience;an
M.B.A. or M.S. in information security is preferred.
�?� A CISSP, CISM, or CISA certification from ISC or ISACA is desirable.
�?� Experience of working within successful, dynamic Information SecurityManagement
Systems
�?� Experience in developing and maintaining policies, procedures, standardsand
guidelines.
�?� Experience with common information security management frameworks,such as
Payment Card Industry Data Security Standard (PCI DSS) PCI DSS,International
Standards Organization (ISO) 2700x, National Institute ofStandards and Technology
(NIST) Cybersecurity Framework, and AdaptiveSecurity Architecture (Gartner).�
Experience of continual, full life cycle, risk management activities� �?� Excellent
knowledge of information security concepts, protocols, industrybest practices and
strategies.
�?� Strong desire and hunger to learn as much as possible along with awillingness
to adapt and evolve to meet the needs of the subjects wemanage
�?� You�??ll need to have some passion and energy for the subject, we wantpeople
that care about shaping positive outcomes and enjoy working withinfast paced
dynamic environment.
�?� Strong communicator, get your message across well and clearly, peoplewant to
listen to you� �?� Sophisticated thinking, such as understanding concepts,
generating originalideas, and using logical approaches to address complicated
problems.
�?� Documentation and presentation skills, analytical and critical thinking
skills,and the ability to identify needs and take the initiative are vital
requirementsof the role holder..

he IT Security Manager performs two core functions for the enterprise. The first is
overseeing the operations of the enterprise�s security solutions through management
of the organization�s security analysts. The second is establishing an enterprise
security stance through policy, architecture and training processes. Secondary
tasks will include the selection of appropriate security solutions, and oversight
of any vulnerability audits and risk assessments. The IT Security Manager is
expected to interface with peers in the Systems and Network departments as well as
with the leaders of the business units to both share the corporate security vision
with those individuals and to solicit their involvement in achieving higher levels
of enterprise security through information sharing and co-operation.

Responsibilities

Strategy & Planning

� Create and maintain the enterprise�s security architecture design.

� Create and maintain the enterprise�s security awareness training program.

� Create, maintain and govern Deluxe�s security documents (policies,

standards, baselines, guidelines and procedures).

� Create and maintain the enterprise�s Business Continuity Plan and

Disaster Recovery Plan, where appropriate.

Acquisition & Deployment

� Maintain up-to-date knowledge of the media and entertainment IT security

industry including awareness of new or revised security solutions, improved
security processes and the development of new attacks and threat vectors.

� Select and acquire additional security solutions or enhancements to

existing security solutions to improve overall enterprise security as per the
enterprise�s existing procurement processes.

� Oversee the deployment, integration and initial configuration of all new

security solutions and of any enhancements to existing security solutions in
accordance with standard best operating procedures generically and the enterprise�s
security documents specifically.

Operational Management

� Ensure the confidentiality, integrity and availability of the data

residing on or transmitted to/from/through enterprise workstations, servers and
other systems and in databases and other data repositories.

� Ensure the enforcement of enterprise security documents.

� Supervise all investigations into problematic activity and provide on-

going communication with senior management.

� Supervise the design and execution of vulnerability assessments,

penetration tests and security assessments.

� Advise on and manage to completion industry best practice remediation

based on internal and external Security assessments

� Perform regular security awareness training for all employees to ensure

consistently high levels of compliance with enterprise security documents.

� Engage in ongoing communications with peers in the Systems and Networking

groups as well as the various business groups to ensure enterprise wide
understanding of security goals, to solicit feedback and to foster co-operation.

Position Requirements

Formal Education & Certification

� College diploma or university degree in the field of computer science

and/or 5 years equivalent work experience.

� One or more of the following certifications:

o GIAC Security Essentials Certification

o ISACA Certified Information Security Manager

o CompTIA CySA

o (ISC)2 CISSP

o ISACA CISA

Knowledge & Experience

� Extensive experience in enterprise security architecture design.

� Extensive experience in enterprise security document creation.

� Experience in designing and delivering employee security awareness

training.

� Experience in managing of staff of 3 to 5 individuals

� Experience in security controls specifically content protect.

� Strong understanding of Media and Entertainment best practices � MPAA

� Strong understanding of IP, TCP/IP, and other network administration

protocols.

� Familiarity with Common Weakness Enumeration (CWE), Common

Vulnerabilities and Exposures (CVE), Common Platform Enumeration (CPE), and Common
Vulnerability Scoring System (CVSS)

� Working technical knowledge of Windows Operating System Internals

(Kernel, Registry, File systems (NTFS, FAT), Windows APIs)

� In-depth knowledge of Linux, Unix operating systems. Kali Linux

experience a plus.

� In-depth knowledge of networking and communication protocols and devices

(routers, switches, firewalls)

� Familiarity with Python, PowerShell, Bash

� Familiarity with Encase Forensic software a plus

� Familiarity with Vulnerability scanning tools, Burp Suite, Nexpose,

Nessus

� Familiarity with virtualization technologies, such as VMWare and

VirtualBox

� Basic knowledge of the NIST Cyber Security Framework

� Excellent written and verbal communication, organized thought processes,

polite and respectful of others, adapts presentations to the audience, aware of
confidential nature of information.

� Excellent understanding of enterprise IT systems, software development

languages, ITIL, ITSM

� Thoroughly thinks out and evaluates alternatives, innovative problem

resolution, pro-active approach, initiative to resolve problems.

� Produce high quality oral and written work product presenting complex
technical matters clearly and concisely.

� Excellent problem-solving skills.

� Works with little direction and supervision, timely completion of

projects, makes time for unplanned assignments, adapts to changing priorities.

� Perceived fairness; tolerance; honesty; confidentiality; consistent in

application of policies and procedures.

Personal Attributes

� Proven analytical and problem-solving abilities.

� Ability to effectively prioritize and execute tasks in a high-pressure

environment.

� Good written, oral, and interpersonal communication skills.

� Ability to conduct research into IT security issues and products as

required.

� Ability to present ideas in business-friendly and user-friendly language.

� Highly self motivated and directed.

� Keen attention to detail.

� Team-oriented and skilled in working within a collaborative environment.