Director for Information Security

Oneida Innovations Group is a tribally-owned enterprise of the Oneida Indian Nation, an innovative and experienced Indian Nation owning and operating several multifaceted business enterprises, each focused on delivering exceptional customer experiences and service. Summary: The role of the Director for Information Security is to ensure the secure operation of the organizations computing environment. This responsibility is multi-faceted and focuses on the following areas:Overseeing the organizations security technology; firewalls, anti-virus, intrusion detection systems (IDS), security information and event management (SIEM) solutions and SPAM filters. Auditing the organizations vulnerability management which entails confirming servers, network equipment, appliances, desktops, anti-virus firewalls and POS terminals are patched and maintained. Act as the key contact for all annual audits; including but not limited to the PCI SAQ-D process, OINMICS, Financial and the annual risk assessment. Identify, analyze and resolve security breaches and vulnerability issues in a timely and accurate manner. Schedule and direct the activities of the data security team.Duties & Responsibilities:Develops, implements, maintains, and oversees enforcement of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices.Administers policies and procedures for identifying, reporting, and resolving security violations.Benchmarks, analyzes, reports on, and makes recommendations for the improvement of data security. Supports Vice President for annual reporting on the effectiveness of the information security program, including progress of remedial actions.Effectively leads the IT Department''s security planning; including fostering planning projects, and organizing and negotiating the allocation of resources.Oversees provision of data security services.Effectively collaborates with stakeholders to define security requirements for new technology implementations.Directs research on potential security solutions, protocols and standards in support of procurement efforts, security enhancements and development efforts.Assists in managing the financial aspects of the IT Department, including purchasing, budgeting, and budget review. This includes business case justifications and cost/benefit analysis.Effectively negotiates and administers data security related vendor, outsourcer, and consultant contracts and service agreements.Effectively manages IT security staffing, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions.Deploys, manages and maintains all security systems and their corresponding or associated software; including firewalls, intrusion detection systems, security and information event management, cryptography systems, and anti-virus software.Ensures the preparation and maintenance of disaster recovery plans and procedures to provide continuity of operations for information systems that support the operations and assets of the organization.Develops, implements, maintains and oversees enforcement of policies and procedures and associated plans for system security administration and user system access based on industry standard best practices. Periodically tests and evaluates the effectiveness of information security policies, procedures and practices.Manages connection security for local area networks, Web site, intranet, and e-mail communications.Designs, performs, and/or oversees penetration testing of all systems in order to identify system vulnerabilities.Designs, implements, and reports on security system and end user activity audits.Monitors server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interprets activity and makes recommendations for resolution.Recommends, schedules (where appropriate), and applies fixes, security patches, disaster recovery procedures, and any other measures required in the event of a security breach.Assesses need for any security reconfigurations (minor or significant) and executes them if required.Remains current with emerging security alerts and issues.Conducts research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.Downloads and tests new security software and/or technologies.Recommends, schedules, and performs security improvements, upgrades, and/or purchases.Ensures on-call security support to end-users.Provide consulting services for IT security related items in relation to OTS.Minimum Requirements:College Degree in Computer related field or eight years related work experience with five to ten years related work experience in Manufacturing, Financial, Health Care, Casino, Hospitality and/or Entertainment industry or other high volume, complex, highly regulated demanding customer oriented IT environment. A certification as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Wireless Security Professional, Certified Information Systems Auditor (CISA) and/or, other related technical certification is desired.Previous working knowledge and experience achieving compliance to the Payment Card Industry Data Security Standards (PCI DSS), and HIPPA requires are required.Broad hands-on knowledge of firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and -depth technical knowledge of network, PC, and platform operating systems, including Cisco Internetwork Operating System, LINUX, IBM OS/400 (i5/OS), Microsoft Windows Server and Desktop Operating Systems.Working technical knowledge of current systems software, protocols, and standards, including Microsoft Exchange, Microsoft SQL Server and SharePoint.Expert knowledge of TCP/IP and network administration/tuition and keen instincts to pre-empt attacks.Hands-on experience with devices such as switches, hubs and routers.Knowledge of applicable practices and laws relating to data privacy and protection.High level of analytical and problem-solving abilities.Ability to conduct research into security issues and products as required.Strong interpersonal and oral communication skills.Highly self-motivated and directed.Strong organizational skills.Excellent attention to detail.Ability to effectively prioritize and execute tasks in a high-pressure environment.Must have valid driver''s license.Experience working in a team-oriented, collaborative environment.Remarks: This job description is intended to be illustrative of the position''s duties and should not be construed to be an exhaustive statement of the essential functions of the job.Oneida Innovations Group is an equal opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, national origin, age, disability, marital status, veteran status, sexual orientation, gender identity, genetic information or any other protected characteristic under applicable law. - provided by Dice

Created: 2025-10-04