ORCHARD BRANDS

Information Security Analyst/Project Manager

Position closes on Wednesday, 30 November 2011

Location: Beverly, MA
Company: Orchard Brands
Reports To: Manager of FP&A – DC/IT

Position Summary:  This individual will manage and coordinate the initiatives of the Orchard Brands Information Security Office.  This individual will also be responsible for the Security Awareness Training program and participate in information security audits of the Orchard Brands companies.

 Essential Position Responsibilities:

  • Project Management:

o  Lead security projects including requirements definition, task planning, research, testing, implementation, and management
o  Provide status reports and timekeeping material; performing administrative tasks as required

  • Policy Development and Implementation:

o  Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements – particularly with regard to PCI and other compliance requirements

  • Access Control and monitoring:

o  Maintain documentation relating to access controls within the company's computing environment
o  Monitor access controls and logs; ensure that all anomalies are addressed in a timely fashion and raised to Management as appropriate
o  Provide reports that allow review of user activity

  • Business Partner security:

o  Review proposals for outsourcing business activities to determine whether security controls would be compromised in the course of  outsourcing the proposed activities
o  Establish and design  protection strategies for extranet security, such as contractor access, strategic vendor access and contract reviews

  • Assist with performing medium to high complexity end-to-end security assessments
  • General Security:

o  Develop and use security metrics and statistics on incidents and on-line threats to demonstrate effectiveness, compliance, and return on investment
o  Developing security awareness materials, security presentations, and information security training sessions
o  Monitor security systems and documents possible threats or vulnerabilities.  Evaluates risk and recommends corrective actions to ensure data security

o  Stay informed about the latest developments in the information security field, including new products and services, through on-line news services, technical magazines, professional associations, industry conferences, training seminars, and other information sources
o  Monitor current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy
o  Help coordinate response to information security incidents
o  Respond to reported security violations and assists in Company-wide security awareness Participate as a technical advisor for a variety of ad-hoc information security projects that will be dictated by current business and technological developments

Essential Requirements:

  • Bachelor Degree in Computer Science, Information Systems, Engineering, or an equivalent combination of education, training, and experience
  • Must possess three or more years experience working on medium to large multidisciplinary, security/ risk projects
    Core Competencies 
  • 2+ years conducting Information Security risk analysis/ assessments and application reviews, and providing recommendations
  • Proven project management skills.  Ability to organize, prioritize, and handle multiple tasks
  • Demonstrated experience in computer/network security, operating systems such as Windows, LAN/WAN networking protocols such as TCP/IP, firewalls, IDS/IPS, PKI, and encryption
  • Demonstrated knowledge of information security concepts and methodologies, as well a practical understanding of security principles such as authentication, authorization, access controls, and protection strategies
  • Demonstrated experience working with information security related risks, as well as regulatory, audit, and compliance requirements, such as PCI

Preferred Skills and Experience:

  • CISSP Certification, CISM Certification, and/or CISA Certification
  • PMP (Project Management Professional) certification
  • IT Audit experience
  • Experience working as an external consultant
  • Occasional travel will be required

Orchard Brands offers a competitive salary commensurate with experience and an excellent benefits package including Health/Dental insurance, Life, Long Term and short Term disability insurance, flexible spending accounts, 401K, EAP, and employee discount.  For consideration, please submit your resume, along with a cover letter and salary requirements to jobs@orchardbrands.com.  Orchard Brands is an equal opportunity employer.

VISIT OUR WEBSITES