Information Systems Security Engineer

 

The Information Systems Security Engineer will assist the Director, Information Security & Data Protection with routine daily security activities and possess a high level of expertise and working knowledge of Information Security and related compliance disciplines e.g., Payment Card Industry (PCI), Personal Identifiable Information (PII), Sarbanes-Oxley (SOX 404), etc.. These skills will be utilized to assist the Information Security group to build upon existing infrastructure standards for design, process, conduct and continuity of security operations and compliance. The Information Systems Security Engineer works closely with other members of the Information Security team, technology teams and business units, and always prepared to participate in or assist broader initiatives spanning all other areas of information security. 

 

Responsibilities and DutiesAt the direction of the Director, Information Security & Data Protection, the  Information Systems Security Engineer contributes to and assists with the design, implementation and security monitoring of Wyndham Vacation Ownership’s overall security programs e.g., PCI, SOX 404, PII, Engineering Standards, etc., structure, design, security metrics reporting and information security assurance improvement processes as it applies to a multifaceted enterprise networked computing environment, to include, but not limited to: Mainframe, Firewalls, Windows 2000/2003/XP (client and server), Exchange 2000/2003, Active Directory, PeopleSoft, Oracle, SQL, SMS, IIS, Apache Tomcat, Linux, WebSphere, WebLogic, F5 Big-IP, Storage Area Networks (SAN), LAN/WAN, along with Integrated and Software Development Environments. Assists with the audit review of access controls to ensure system security devices and applications are managed within assigned Wyndham Vacation Ownership’s security standards and requirements. Analyze and solve system security problems and develop solutions. Conducts information security (PCI, PII, SOX 404) and Engineering risk assessments and perform countermeasure assessments and follow-up to ensure exposures have been corrected and/or mitigated. Supports Security Compliance and Security Oversight & Integration functions of the Information Security organization. Educates customers on technical information security provisions and best practices. Evaluate and report on new and emerging information security technologies. Implement, customize and maintain any assigned security products.   Perform ongoing administration of security tools. Review and approve changes in the configuration and change management system to ensure the change does not adversely affect the overall security and operational capabilities of the organization.
REQUIREMENTS


 

Minimum Educational Qualifications Bachelor’s degree in Information Technology / Computer Science, Business or equivalent years of Information Security experience and training. CISSP, ISSAP, ISSMP OCE, CEH, QDSP, Security/INET+, etc., certification or equivalent years of security and compliance experience and training.

 

Minimum Work Experience/Qualifications10+ years in information security engineering within disciplines and environments, to include, but not limited to: PC, PII, SOX 404, Mainframe VM/MVS, Windows NT/2000/2003/XP (client and server), Exchange 2000/2003, Active Directory, Oracle, SQL, SMS, IIS, Apache Tomcat, Linux, WebSphere, WebLogic, Storage Area Networks (SAN), scripting and all relevant utilities. 10+ years broad and in-depth experience and knowledge of information security technologies and principles. Demonstrates superior technical and tactical thinking. Possess good troubleshooting and problem solving ability. Outstanding verbal and written communications skills. Able to work and effectively communicate with IT management personnel, peers and outside vendors.