Responsible for the operation of portions of the information security scheme, necessary to protect CITGO information assets. Possess a good knowledge of area of responsibility. Solve most security related problems with minimum assistance. Perform hardware/software process and policy evaluations, implantations and risk assessments.. Participate in team planning activities; occasionally assume responsibility for planning system security assessments, evaluations, and projects. Participate in the risk assessment and change management process. Job requires carrying a pager and/or cell phone
College Degree and 3 years of experience is required.
1. Initiate and conduct information system security, risk assessments to determine areas of vulnerability to CITGO information assets; determine information asset owner's acceptable level of risk and recommend policies, procedures and technology to eliminate vulnerabilities to bring risk down to acceptable levels. Initiate project planning to implement safeguards adopted by the completed risk assessment.
2. Implement and maintain information system security schemes to provide confidentiality, integrity and availability of CITGO information assets at Houston and remote sites. Ensure that assets are protected through monitoring and incident response. Coordinate information system scheme upgrades with IT and information asset owners to ensure exposure to the organization's information assets is maintained at acceptable levels. Responsible for the development and support of the corporate identity management application which manages security and data flows across multiple critical systems including but not limited to SAP, LENEL gate access, and Windows Active Directory.
3. Analyze technological advances with existing product lines and emerging technologies as well as information asset owner and company requirements to select the appropriate policies, procedures, hardware and software to provide effective protection over an extended period of time for Houston and remote sites. Ensure compatibility within the entire CITGO security scheme and integrate with minimal impact to end users of information asset systems.
4. Implement and maintain information asset protection policies and procedures assisted by technology to protect CITGO information assets in accordance with the acceptable risk levels determined by information asset owners. Investigate and integrate industry and discipline best practices to ensure CITGO information asset protection policies and procedures provide an effective level of protection consistent with acceptable risk levels. Evaluate software application security requirements and develop custom security roles and access for protection of CITGO assets.
5. Participate in the planning process of all CITGO information asset projects. Create plans, provide estimated target dates, and track project progress.
6. Participate and assist in ongoing information security awareness programs to educate CITGO management, employees, and information asset owners on information asset protection policies and procedures to ensure each employee understands his/her role in protecting CITGO information assets.