24 Hour Fitness, INC. IT Security Administrator in Carlsbad, California
LOCATION 1265 Laurel Tree Lane Suite 200 Carlsbad CA 92011
The Information Technology (IT) Security Administrator is responsible for developing and implementing a 24 Hour Fitness-wide IT security plan, along with metric based reporting for security plan implementation and compliance. This position performs system analysis techniques and procedures, including consulting with users, to determine hardware, software or system security specifications. This position designs, develops, documents, analyzes, and creates testing or modification of security systems or programs in accordance with user and/or system design specifications. This position develops methodologies to track interdependencies of critical assets with entities outside the organization and inventorying and classifying critical assets (data, hardware, and software). This position develops and monitors an organizational security architecture plan and performs end-to-end IT security assessments and ensures discrepancies are corrected.
ESSENTIAL DUTIES & RESPONSIBILTIES Estimated % of Time Spent
- Policies and Procedures
Develop and administer the entity-wide Security Plan using the existing documentation industry standards, and federal government legislation (e.g. ISO 27001:2005CIS CSC 20, SOX, PCI, etc.).
Develop and maintain IT Security Systems and Infrastructure Security Plans.
Develop and maintain Personnel Suitability Procedures for access and operate sensitive computer systems.
Review and maintain internal security policies and procedures. 10%
- Compliance and Enforcement
Develop and maintain methodology to track Security Plans for each sensitive/critical major application and general support system within the organization.
Update and maintain organizational Certification and Accreditation documentation.
Perform, assist with, and document investigations of internal policy infractions. 20%
- Infrastructure Support and Initiatives
Implement and maintain IT Security Architecture Plans.
Develop and maintain the entity-wide Concept of Operation Plan (COOP) update for critical operations. Evaluate the critical technology processing needs of the related services.
Develop methodology to track interdependencies of critical assets with entities outside the primary organization.
Research, develop, document, and implement tracking and inventory methodologies for maintaining inventory of critical assets (hardware and software).
- Audit and Assessment
Supervise and aAssist with internal and external assessments of 24 Hour Fitness's IT Security posture..
Design, implement, document, and evaluate computer security programs.
Become an expert on external regulatory, compliance, and legal requirements. 3015%
- Incident Response
- Participate as a member of the Computer Incident Response Team (CIRT). 520%
- Security Training and Awareness
Produce end user documentation, and training materials.
Present training both in-person and online to employees.
Other duties as assigned by manager. 15%
The IT Security Administrator reports to the Information Security Manager. This position is the internal liaison to other functional managers on security issues. Assists with audits, and investigations as directed.
Knowledge, Skills & Abilities
Experience working with an ISO 27001:2005a CIS CSC 20 computer security programs.
Familiar with Payment Card Industry (PCI) standards and assessment process.
Experience with both Sarbanes Oxley (SOX) and internal audit processes.
Experience with network and host-based intrusion detection and prevention.
Understanding of forensic analysis.
Proficient in Firewall, Unix, Microsoft Systems, and Application security and auditing.
Experience with writing computer security policy documentation.
Strong verbal and written communication skills.
Minimum Educational Level/Certifications
- Associate's degree in related field, or relevant professional experience.
Minimum Work Experience and Qualifications
- 5+ years experience in a related field.
Physical Demands/ Environmental Conditions
- Normal day-to-day business operations including using a keyboard, walking, bending and reaching.
- Travel is not routine but may be required.
Knowledge, Skills & Abilities
Proficiency in a scripting language (Python, Ruby, Perl, etc.)
Familiarity with penetration testing techniques and tools.
Experience with auditing and gathering evidence is support of audit findings.
Experience writing reports of findings related to audits and tests.
CISSP and/or SANS GIAC certification is strongly desired.
The company will sponsor If the candidate does not possess the CISSP certification upon being hired, and the candidate will be required to obtain the certification within one calendar year of being hired.
Work Experience and Qualification
Previous experience in either a publicly traded company, or government entity.
Experience with vulnerability scanning.
Exposure to software security testing.
Understanding of application and system logging and analysis.
FUNCTIONAL GROUP Information Technology