Job Description

If youre passionate about innovation and love working in an environment where you can constantly improve and adopt new technologies to drive business results, then Nationwides Information Technology team could be the place for you!

Key responsibilities include the following:

* Coordinate with and support endpoint product owner on development of initiatives related to endpoint security
* Develop, implement, and maintain security policies on key endpoint-related tools
* Coordinate with other teams in the CSOC and I&O to understand unique Nationwide requirements that will necessitate adjustments to security policies. Coordinate with IRM and other teams to implement policies that maximize security while maintaining effective business processes and minimizing gaps in security
* Maintain high level of understanding of industry best practices involving endpoint security tool policies, and implement/update/maintain within Nationwides environment
* Maintain a high level knowledge of Nationwides endpoint security tools, including operations, capabilities, and limitations
* Maintain relationships with vendors associated to primary endpoint security tools. Maintain the primary relationship related to security-focused policy development
* In coordination with endpoint product owner, develop and maintain key operational metrics that help leadership drive security improvements in the endpoint space
* Develop/maintain positive working relationships with relevant teams within I&O to ensure smooth coordination between security and operations of endpoint security tools
* Coordinate, document, maintain, and review endpoint security tool exceptions and identified risk

Required Skills:

* Technical depth within the field of Information Security, Networking, System Administration
* Understanding of defensive controls (AV, HIPS, proxy, IPS, Application Firewalls, )
* Demonstrated ability to communicate and coordinate across teams and business areas
* Demonstrated ability to locate, research, review, and disseminate information from a variety of internal and external sources
* Demonstrated ability to create a network of contacts within the organization and cyber security industry
* Excellent critical thinking skills

Desired Skills:

* Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
* Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists
* Understanding of incident response process and procedures
* Preferred security certifications SEC+, CISSP

Compensation: F4

Job Description Summary

With full competency, conducts risk assessment tests and evaluations on business processes and solutions to ensure operation in accordance with information risk requirements and identification of vulnerabilities. Creates and produces strategies and complex architecture and engineering solutions to translate user requirements to solutions.

Job Description

Reporting Relationships: Reports to: Manager/Director

Core Duties and Responsibilities:
1. Conducts complex information risk management assessments and presents results to management and ensures visibility of significant risks. Coordinates with other risk management functions throughout the organization for appropriate impact analysis.
2. With full competency, interfaces with the user community to understand their information risk needs and requirements; develops, recommends and enhances information risk management policies and standards, including controls, processes and procedures to ensure that information is protected and available to the business in a timely fashion
3. Identifies and conducts moderately complex audits and assessments of information risk business practices, violations and infractions. Identifies, evaluates and executes technical analyses functions to ensure all applicable information risk management requirements are met. Analyzes moderately complex incidents, events and violations employing statistical and trend analyses and reports results. Develops and implements corrective action plans.
4. Responsible for the engineering, planning, design, implementation and testing of complex enterprise risk management technologies. Responsibilities include research and development of new risk management technology and engineering best practices, as well as the implementation of complex and comprehensive mitigating solutions for enterprise and line of business applications.
5. Studies data from intrusion detection systems to analyze anomalous events and complex risk infractions that exploit vulnerabilities
6. Identifies risks and exposures by participating in reviews, evaluations and risk assessments. Determines the causes of violations at the highest technical level and suggests procedures to halt future incidents
7. Analyzes and resolves complex issues regarding information risk management
8. Ensures high-level integration of application and/or infrastructure development with information risk management policies and strategies. Establishes the framework for the Nationwide and/or business line's information assets through information risk management architecture, policies, standards, certification and technology. Provides integrated systems planning and recommends innovative technologies that will enhance the current information risk management systems and support overall IT goals and strategy
9. Provides the expertise and technology based solutions for long-range planning in the areas of information risk management mitigation solutioning. Conducts studies, investigates the latest technology developments and analyzes impact and current/future systems requirements. Performs installations of information risk management products by participating in the testing and analysis of the current business and systems environment, using technical tools and utilities, performing product customization, and developing implementation and verification procedures to ensure successful implementation of information risk components. Can include applying hardware engineering and software design theories and principles in researching, designing and developing moderately product hardware and software interfaces
10. Independently undertakes projects requiring additional specialized technical knowledge in information risk management
11. May act as a resource for direction, training and guidance for less experienced staff.
12. Performs other duties as assigned.

Typical Skills and Experiences:

Education: Undergraduate studies in computer science, management information systems, or related field is preferred.

Knowledge: Must have knowledge in risk components, principles, procedures and practices. Must have proven knowledge in information controls and audit methodology for business systems and data processing environments. Must have knowledge in information risk trends. Must have a detailed familiarity with applicable operating systems. Must have an in-depth understanding in insurance and financial services business models and operations. Understanding of project management concepts and techniques required.

Certification/ Designation: (See role guide)

Experience: Six years progressive work experience in information risk and/or information systems audit. Project management experience is preferred.

Skills: Planning and organizational skills. Speaking and writing abilities for interaction with all levels of technical, operations, and applications area management, and vendors. Must have the ability to analyze complex system components and implementation strategies, and make recommendations. Must have the ability to interact effectively with IRM team members, customers and management. Must possess decision-making skills for technical risk problem identification and solution recommendation.

Values: Regularly and consistently demonstrates the Nationwide Values and Guiding Behaviors.

Staffing Exceptions: Staffing exceptions to the above minimum job requirements must be approved by the: Vice President and Human Resources.

Job Conditions:

Overtime Eligibility (FLSA) : Not Eligible (exempt)
Working Conditions: Normal office environment. Non standard and/or extended work hours as required.
ADA: The above statements cover what are generally believed to the principal and essential functions of this job. Specific circumstances may allow or require some associates assigned to the job to perform a somewhat different combination of duties.

Job Evaluation Activity: Created April 2010 JDC/JL