Develop and maintain security architecture and security policies, principles, and standards.
Work with assigned business units and other risk functions to identify security requirements,
using methods that may include risk and business impact assessments, including business
system analysis and communication, facilitation, and consensus building
Define, develop, and validate baseline security configurations for operating systems,
applications, and networking and telecommunications equipment, including policy assessment
and compliance tools, network security appliances, and host-based security systems
Assist in the coordination and completion of information security operations documentation
Work with IT leadership to develop strategies and plans to enforce security requirements and
Report to management on residual risk, vulnerabilities, and other security exposures, including
misuse of information assets and noncompliance
Play an advisory role in application development projects to assess security requirements and
controls and to ensure that security controls are implemented as planned
Collaborate on critical IT projects to ensure that security issues are addressed throughout the
Work with infrastructure team members to identify, select, and implement technical controls
Develop security processes and procedures, and support service-level agreements (SLAs) to
ensure that security controls are managed and maintained
Advise security administrators on normal and exception-based processing of security
Research, evaluate, and recommend information-security-related hardware and software,
including developing business cases for security investments
Provide second and third-level support and analysis during and after a security incident
Assist security administrators and IT staff in the resolution of reported security incident