INFORMATION SECURITY SPECIALIST

Responsibility / Main competences

He is responsible for designing, implementing and maintaining a comprehensive security policy with the objective of safeguarding all company information.
Among its competencies is:
Assess and based on risks, design, implement and maintain policies, measures and computer security systems for the Organization.

Names of similar positions

Security analyst, computer security specialist.

Occupation mission

Provide a framework of methodology and standardization of information security to the organization and its projects, detecting early causes of deviations, implementing and managing systems, policies and computer security regulations.

Activities carried out

• Manage information security, applying existing regulations and standards, guiding it in the implementation of security policies and in the implementation of security controls and the Information Security Management System (ITSM), aligning activities programmed within the framework of existing and applicable standards.
• Develop and implement security policies and procedures. Monitor compliance.
• Manage incidents and risks to ensure business continuity, protecting critical assets.
• Apply the methodologies, technologies and tools that exist in the different areas involved, such as cryptography, formal models, forensic analysis, etc. , as well as in the areas in which computer security has its application: networks, operating systems, applications.
• Periodically develop tasks of pentest (penetration testing) and all types of ethical attack (Ethical Hacking) in order to identify and measure vulnerabilities and then manage solutions.
• Establish a Disaster Recovery plan (disaster recovery strategy)
• Establish a contingency plan for interrupted energy supplies.
• Perform risk analysis in new technologies
• Assist developers in resolving vulnerabilities.
• Determine, Detect and Respond to physical security incidents desktop support responsibilities.
• Perform risk management activities (planning, detection, mitigation).
• Align the programmed activities to the framework of existing standards (ISO 27001, COBIT, ISAE3402, SOX, others).

Studies

Informatics Engineering; Bachelor's degrees in systems or computing, preferably with a specialization or training in security applied to information systems (ISO 27001, COBIT, ISAE3402, SOX), as well as ISO9000.

6. Necessary knowledge, according to job level

• Proven experience in architecture and implementation of security projects of all IT departments.
• Extensive knowledge of the application and vulnerabilities at the infrastructure level. Ability to explain these risks to developers.
• Ability to evaluate technical and functional specifications within the software development process, identify potential threats or areas of weakness.
• Cryptology knowledge: Encryption, Symmetric / asymmetric encryption, Public key, Private key, etc.
• Knowledge in web infrastructure, cloud computing and virtualization
• Knowledge of web attacks, SQL injection, XSS, XAS, CSRF, LFI / RFI, etc.
• Operating Systems Security (windows server / linux / unix).
• Knowledge of antivirus, malware, adware, spyware, riskware, etc.
• Network security knowledge, Firewall, proxy, connection filtering, packet analysis, attack detection, etc.
• Knowledge of Physical Security and legal aspects.