security

now browsing by tag

 
 

IT Senior Security Manager

Position Description

Combine two of the fastest-growing fields on the planet with a culture of performance, collaboration and opportunity and this is what you get. Leading edge technology in an industry that’s improving the lives of millions. Here, innovation isn’t about another gadget, it’s about making health care data available wherever and whenever people need it, safely and reliably. There’s no room for error. Join us and start doing your life’s best work.(sm)

The Security Manager serves as a senior information security subject matter expert and manages the day-to-day operation of the client’s Information Security program.  The Security Manager is an Optum Enterprise Information Security process expert and they act as a central point of contact and liaison for security process issues, questions and engagement.  The Security Manager will be responsible for collaborating with senior leadership, team members and key business stakeholders in the planning, delivery, reporting and operation of the Information Security Management System and serve as the HIPAA Officer for the client.

Primary Responsibilities:

  • Manages security and serves as a point of contact for architecture, infrastructure and network and multi-platform environments
  • Responsible for verifying security is a primary focus for the business
  • Responsible for compliance of staff with HIPAA and other state and federal security standards
  • Coordinate, supervise and is accountable for the daily activities of overseeing information security across the client
  • Lead activities to develop and maintain compliance with applicable security policies
  • Interface with state and related stakeholders to insure interfaces and interoperability development and operations are in compliance with applicable policies
  • Interface with Optum Enterprise Security

Required Qualifications:

  • 5 or more years experience with information security, audit and risk concepts 
  • 2 or more years experience with information security policies and standards
  • 2 or more years experience with security architecture
  • Systems or Network engineering experience
  • Experience with IT compliance and control standards: HIPAA/HITECH, NIST 800-53, HITRUST, MARS-E 2.0
  • Strong ability to articulate information security, audit and risk concepts to audiences of varying technical backgrounds
  • Experience engaging and influencing senior business executives and senior IT executives
  • Proficiency in MS Office (Word, Excel, Outlook, PowerPoint, Access, Visio)
  • Strong consultative and presentation skills
  • Current CISSP or CISA certification is a requirement

Preferred Qualifications:

  • Healthcare industry experience
  • Assertive (yet diplomatic) personality and the ability to handle change
  • Familiarity with highly regulated industries
  • Familiarity with the regulatory environment affecting data in a Health Care Services environment

Technology Careers with Optum. Information and technology have amazing power to transform the health care industry and improve people’s lives. This is where it’s happening. This is where you’ll help solve the problems that have never been solved. We’re freeing information so it can be used safely and securely wherever it’s needed. We’re creating the very best ideas that can most easily be put into action to help our clients improve the quality of care and lower costs for millions. This is where the best and the brightest work together to make positive change a reality. This is the place to do your life’s best work.SM

Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.

Job Details

  • Contest Number743698
  • Job TitleIT Senior Security Manager- Columbia, SC
  • Job FamilyInformation Technology
  • Business SegmentOptum Technology

Job Location Information

  • Greenville, SC
    United States
    North America

Additional Job Detail Information

  • Employee StatusRegular
  • ScheduleFull-time
  • Job LevelDirector
  • ShiftDay Job
  • TravelYes, 25 % of the Time
  • Telecommuter PositionYes
  • Overtime StatusExempt

View full post on National Cyber Security Ventures

Security Engineer -New York, NY

Security Engineer -New York, NY

Responsibilities

Check Point’s mission is to provide industry-leading security solutions that redefine the security landscape. We achieve our mission by constantly developing innovative and cutting edge technology solutions focused on real customer needs, while challenging ourselves to grow and excel.

If you want to be part of the fascinating and fast growing Cyber Security industry, where your unique talent and value will be recognized, Check Point Software Technologies is where you want to be.

Join now and become a part of the success story that secures tens of thousands of organizations of all sizes around the globe.

Join Check Point’s leading sales team and take your career one step ahead!

  • Provide pre-sales technical support to Check Point Channel/Account Managers and strategic Check Point Customers, developing POC’s & architecting revenue generating services that drive sales
  • Conduct technical meetings with customers and partners to highlight our products and solutions. Perform design work for end users, partners, and resellers
  • Conduct technical pilots and competitive reviews
  • Hold on-going education sessions with our Partners
  • Perform limited post-sales support

 #

Desired Background

  • BS, EE/CS degree or technical school certificate
  • 5 years in networking standards and protocols (Ethernet, routing, Unix, Network Mgr., Internet Protocol addressing)
  • Strong data communication experience
  • Working knowledge of system design
  • Strong security and networking background
  • Some travel required
  • Check Point experience and certification preferred

 EOE M/F/Veterans/Disabled

View full post on National Cyber Security Ventures

Integrating #cyber security with #business #continuity

Cyber security is a top concern for nearly all companies. While addressing cyber security is clearly a technology-centric issue, recent incidents show it is no longer only a technology issue.

The integration of technology into all areas of credit union operations means that all functions will be impacted in the event of a cyber security response. Similarly, an event impacting business continuity may also have security implications. Today’s level of integration makes it nearly impossible to delineate between cyber and business continuity problems.

The time has come for credit unions to think outside the box and integrate these two important functions. Integrated cyber incident and business continuity programs can deliver benefits that go well beyond dollars and cents.

Consider the below steps to ensure integration is both smooth and effective:

Integrate management teams and resources. Many organizations still consider cyber security incident response and business continuity efforts to be separate functions, primarily because the two disciplines have long been thought of as separate and distinct, each intended to ensure an efficient and appropriate reaction to a unique event. Significant efficiencies and benefits can be realized if the relevant resources and processes are integrated, even if the practices have performed well as individual disciplines in the past. Creating a single process not only optimizes process flow and facilitates training, but it also forms a cohesive function, the goals of which are protecting the organization’s reputation and ensuring continuity of operations.

Align policies, procedures and training. Similar management teams and supporting activities exist in both specialties. Combining these teams and processes will yield a more cohesive, streamlined process that is capable of bringing more assets to bear when an event occurs, regardless of the incident type — which is increasingly important as security and continuity-impacting incidents become themselves more and more frequently integrated. For example, it is not uncommon for cyber criminals to attempt to leverage a physical incident to cover phishing or social engineering attacks. Timely involvement of all business-area leadership is crucial, as any sort of incident could raise immediate issues that require decision-making.

Leverage common touch points between business functions. A comprehensive response plan typically includes many “touch points” between IT and business functions. These touch points are usually coordinated through a response team that has common resources for communication, including periodic situation updates, designated response options and identified  potential business impacts. A common framework may help mitigate the impact of negative events.

Coordinate crisis communications. The key to effective resolution is clear, concise communications, regardless of whether a business-impacting event is cyber or physical in nature. If an event requires communication with members of the public, it is essential to identify and follow regulations specifying how and when impacted individuals must be notified. Establishing clear communication protocols and procedures in advance ensures a credit union’s crisis management team will have the information it needs to develop and distribute authorized communications quickly, effectively and cohesively when the time comes. This preparation will pay off in ensuring an organized response to public concerns and inquiries, and will also make it easier to monitor external activity.

Optimize after action reporting. The root cause of an event is not always obvious, and unless identified through a complete and careful analysis, the event could recur. What actually happened, and why? Once the cause of an incident has been identified and remediated, the credit union should update its incident response program documentation to integrate the lessons learned. Regularly updating an integrated plan reduces the potential for mistakes and eliminates duplication of effort.

Risks related to cyber security should be handled similarly to any other business risk. Whatever the specifics of the incident, a single framework and management reporting structure should be in place to identify and control the incident’s potential impacts. Different subject matter experts may be brought in and out to assist, depending on the nature of the specific problem, but leveraging a common framework, training and reporting structure will facilitate the response and help to reduce negative impact to the business.

Start small when it comes to developing an integrated process. Pay attention to the details, taking it one element at the time. In the end, you will learn a great deal about your business and end up with a process that will support your credit union’s needs well into the future.

View full post on National Cyber Security Ventures

Sr. Information Security Analyst

Job Description

  • Extensive experience of enterprise security solutions for infrastructure and application architectures (e.g. Cisco Remote Access, SecureIDS, VPN & Firewalls, SecurID, Checkpoint, Symantec ESM, PKI, Cryptography, NAI Entercept, SIEM, DLP, code analysis, RSA Authentication and Penetration/Vulnerability Testing at Network and Host level)
  • Technical security implementation and analysis experience in a first class international business.
  • Prior relevant experience gained in a security project/consultancy/architect orientated role
  • Experience of managing or supporting Security investigations, including evidence gathering and analysis
  • Experience of managing or supporting computer incident response
  • Experience with intelligence gathering regarding security threats
  • A good understanding of best practice security controls for market leading technologies (e.g. Cisco, DB2, SQL, NT, AIX, MQ)
  • Experience of conducting Risk Assessments using best practice risk management methodologies.

The Successful Applicant

  • Knowledge of forensic investigation and evidence gathering techniques
  • Knowledge and experience of US Banking Regulations (Federal Reserve Board).
  • Experience of working in financial services sector (especially banking) and knowledge of the security requirements for this sector.

View full post on National Cyber Security Ventures

From #denial to #opportunity – The five #stage #cyber security #journey

From #denial to #opportunity – The five #stage #cyber security #journey

The digital economy is brimming with commercial opportunity for those that embrace new technologies and innovative business models.

Regrettably, one sector which has been quick off the mark to grasp the opportunity is the criminal community.

Cybercrime is already more common than traditional criminal offences. The global outbreaks of WannaCry and Petya earlier this year showed the astonishing speed and scale at which even unsophisticated attacks can spread and underlined how ill-prepared even some big organisations are to protect themselves from criminal cyber activity.

Progress lies in accepting that cyber security is not a single destination but a complex journey. Broadly speaking, there are five stages along the way.

Stage One: Denial – ‘there is no threat’. The hard truth is that all organisations face low-level cyber threats every day, even if they don’t realise it. Criminals don’t only target big business but increasingly go after SMEs and individuals, soft targets that can provide a pathway into more valuable hunting ground.

Every business is a target and must put in place the basics – after all, standard software updates would have defeated WannaCry at first contact.

Stage Two: Worry – ‘let’s spend on the latest security systems and solutions’. The immediate reaction from the board is to throw money at the problem, along with the appointment of a Chief Information Security Officer (CISO).

However, technology isn’t necessarily the priority. Because the weakest link is often human, education is a priority. Once people understand how they fit into the big picture, they can protect themselves and the company, and become a major line of defence.

Stage three: False confidence – ‘we’re sorted, bring it on’ There is no 100 per cent protection against cybercrime. For example, criminals are now turning their attention to the supply chain, where contractors could unwittingly unlock access to their client organisations. Then there is ‘whaling’, a highly targeted form of phishing aimed at impersonating senior people and use their identity to undertake fraudulent financial transactions.

The way to combat false confidence is to relook at policies, question assumptions and investments, and identify emerging risks and issues. Consider all possible scenarios – ransomware (would you pay a ransom, and how?), data breaches, distributed denial of service attacks, sabotage and fraud. Now is the time to plan and prepare for incidents and practise your responses.

Stage Four: Hard lessons – ‘there’s no such thing as absolute security’. Even the best prepared and protected will still experience a security breach. Perhaps new security solutions are a poor fit with the existing IT infrastructure, leaving vulnerable gaps. On balance, it’s better to go with a security product that’s only 80 per cent right, but works with what you already have and employees can use easily.

This is a good point to consider cyber security insurance. The act of choosing/buying a policy will prompt you to think through potential weaknesses and, if the worst happens, you’ll have access to expert help and the resources you need to get the business back on track.

Stage Five: True leadership – ‘we can’t do this alone’. True leaders will accept that this is how the digital world is, and set out to share information and collaborate with their peers to make it ever harder for criminals to succeed.

The cold reality is that every organisation is a target. The best defence is not what you buy but how you behave. And businesses which treat cyber security not a destination but as a journey will be strongly positioned to protect themselves in the evolving digital economy.

View full post on National Cyber Security Ventures

Ignorance Of #Cyber Threat Creates #Conundrum For Small #Business #Data #Security

Ignorance Of #Cyber Threat Creates #Conundrum For Small #Business #Data #Security

McAfee Labs recently published its 2018 Threats Predictions report, and after a year of high-profile cyberattacks and data breaches, analysts say the threat won’t let up in the new year. A rising challenge for the enterprise is the fact that cyberattackers are becoming increasingly sophisticated in their methods. According to McAfee, while companies are embracing innovations like machine learning to safeguard their systems, attackers, too, are using these same tools.

“Machine learning can process massive quantities of data and perform operations at great scale to detect and correct known vulnerabilities, suspicious behavior and zero-day attacks,” McAfee said in its report. “But adversaries will certainly employ machine learning themselves to support their attacks, learning from defensive responses, seeking to disrupt detection models and exploiting newly discovered vulnerabilities faster than defenders can patch them.”

If there’s one thing the enterprise has learned this year, it’s that a data breach can happen to any business — including small businesses (SMBs). Or, according to the latest data, many small businesses haven’t learned this lesson.

In this week’s B2B Data Digest, PYMNTS dives into new research about small businesses’ data security and cybersecurity efforts. Small businesses seem quite confident in their ability to protect themselves and their customers’ data, but according to researchers, that confidence is likely misguided.

—60 percent of SMBs said they don’t follow PCI DSS or HIPPA rules when storing customer credit card and banking information, according to new research from Clutch. The firm surveyed 300 small businesses about how they store data in the cloud and found that the majority aren’t following the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPPA) as required by law. Clutch warned that fines for non-compliance with these rules can reach into the millions of dollars.

—54 percent of SMBs that store medical data in the cloud admit they don’t follow storage industry regulations, meaning these businesses could be putting sensitive company and consumer data at risk, Clutch also found.

—90 percent of SMBs are at least “somewhat” confident in their cloud storage’s security, a 3 percent increase from 2016 figures. That statistic is troubling, considering so many small businesses are actually lagging in cloud data security, according to the survey.

—60 percent of small firms say they use encryption to safeguard data in the cloud, the most common security measure cited by SMBs in Clutch’s survey. More than half (58 percent) said they train employees in data security, and 53 percent said they use two-factor authentication, though Clutch warned that businesses should be using more cybersecurity strategies than these three methods alone.

—74 percent of SMBs don’t have cyber liability insurance, according to separate research from Insureon. The small business insurance company surveyed 2,500 members of the small business community Manta, and the results suggest that the SMBs that aren’t following data storage regulations may not only be at risk for fines, but could face added-on consequences if they go uninsured.

—25 percent of small firms have consumer data that is susceptible to an attack on their business network, Insureon found, while nearly a sixth said they have already experienced a data breach.

—82 percent of small businesses told Insureon they don’t feel they’re at risk for a cyberattack or data breach, echoing similar sentiments found by Clutch: SMBs could be ignorant to their cybersecurity threats, despite many having already experienced an attack. Insureon President Jeff Somers said in a statement that the research is “surprising, considering the amount of media circulating about mass data breaches and cybersecurity. Many small business owners have their whole life savings tied up in their businesses, and they don’t understand how vulnerable they are to a cyberattack.”

View full post on National Cyber Security Ventures

Iranian #Hackers Have Set Up a #News Outlet to #Court Possible #Targets, #Security Firm Says

Iranian #Hackers Have Set Up a #News Outlet to #Court Possible #Targets, #Security Firm SaysAn Iranian cyber espionage group known as Charming Kitten is believed to be behind a campaign targeting academic researchers, human rights activists, media outlets and political advisors focusing on Iran, according to a report published earlier this week by Israel-based threat intelligence company ClearSky Cyber Security. The group has also set up a news outlet […] View full post on AmIHackerProof.com | Can You Be Hacked?

Security Specialist

Source: National Cyber Security – Produced By Gregory Evans

Description
Bay State Computers, Inc. is a professional services firm and a leading provider of Information Technology (IT) services and products to the U.S. Federal Government and Industry. Bay State brings together experienced IT professionals and the latest state-of-the-art technology tools, practices, and products to support projects and task order requirements for our customers. For more information about Bay State visit our website, connect with us on LinkedIn, or follow us on Twitter.

We have an exciting opportunity for a Security Specialist to join our team. Accountable for leading an Access Control Facility (ACF2) mainframe remediation project. The project will consist of working with the government CISO, and senior DXC management to resolve policy issues, and ACF2 changes. The Senior Security Specialist will understand mainframe internals, ACF2 administration, National Institute of Standards and Technology (NIST) and Department of Defense (DoD) Security Technical Implementation Guides (STIGs) security requirements and have project management experience.

Key Responsibilities:

Establish a security remediation project plan
Assist in the creation of a security policy panel
Coordinate changes to ACF2 implementing role based security control
Work with the VITA CISO and Architects to address updates.
Manage and report security incidents during the project
Ensure Audit preparation, facilitation and remediation
Manage Security Risk and Exception to standards management
Ensure knowledge and implementation of security fundamentals, policies and standards (regulatory and contractual)
Escalate and resolve Security Issues
Assist and coordinate delivery of Security Metrics and Reporting in support of the project contractual commitment

Required Experience/Skills:

At least 3 years’ experience working in a risk management, audit, security or technical delivery role
Bachelor or master degree in Computer Science, Computer Studies, Information Security (or equivalent combination of education and experience)
Knowledge of the security and auditing regulations
Exposure to ACF2 and mainframe audits and compliance programs
Experience in mainframe support
Experience in ACF2 administration
Excellent and effective communication skills
Ability to work effectively in diverse, multi-national and virtual environments
Preferred/Desired Skills:
Prior MSS SOC Management experience highly desired.
Prior Security Engineering Experience desired
Desirable certifications include, Security+, CEH, GCIA, GCIH, CISSP or similar.
Education: BS/BA degree or equivalent combination of related work experience desired

Benefits: Full-time employees (permanent or contract employees who are employed for a term greater than 6 months) are eligible for benefits including time-off benefits, such as vacations and holidays, and insurance and other plan benefits.

Location: Richmond, VA

The post Security Specialist appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How #seriously are #SMEs taking their #cyber security?

Source: National Cyber Security – Produced By Gregory Evans

Cyber security is essential for organisations of all sizes. Organisations need to ensure they have taken all the necessary precautions to protect their data.

In the past year, 46% of businesses identified at least one cyber attack or breach, with 875,000 of these victims being an SME. Despite these statistics, a recent survey found that many SMEs don’t believe they are at risk, with 59% thinking that their information would be of little value to cyber criminals.

This mindset is a major issue for small businesses because their lack of interest in cyber security makes them a favourable target for criminal hackers.

Why do criminals target SMEs?

Many small businesses do not put enough money and resources into cyber security. They do not monitor or implement strong enough cyber security defences that will adequately protect their data. Not having these defences in place makes their data more susceptible to attacks.

Although they may not feel that their information has much value to criminals, it very often does. Small businesses still hold personal and financial information, but they do not have the security defences in place that large organisations do. This makes them an easy and attractive target.

When an organisation has been hit by a ransomware attack, the criminals responsible will demand it pays a ransom to retrieve its data. It’s very difficult for small businesses to recover from ransomware attacks, so they are often more willing to pay the ransom than larger organisations would be. Again, this makes them an attractive target for many criminals.

How are SMEs being hacked?

The most common ways SMEs are hacked are by phishing, poor passwords and IT vulnerabilities.

Phishing schemes are fake emails that impersonate someone that you may trust: an online provider, bank, popular website or sometimes a colleague. These emails try to trick you into giving away sensitive information.

Passwords are vital for ensuring the security of your data. If a password is easy to guess or used for multiple platforms, it becomes less secure and easier to hack. Passwords should be unique and complex, and should never be shared..

IT vulnerabilities are a result of a network not having the right security measures in place in order to protect data. These vulnerabilities can lead to malware attacking an organisation’s data.

What precautions should SMEs take?

There are many simple ways an SME can protect itself from a cyber attack. Implementing a firewall is one of the first things an organisation should do, as this will put up a barrier between your data and the hacker, restricting their access.

It is very important to educate your employees to follow cyber security procedures. They should complete staff awareness training to ensure they can identify a phishing email, and follow basic security measures such as regularly changing passwords and adopting security policies.

Installing security software is vital to keep your data secure. Even after you have trained your staff, there is still the chance they may fall for a phishing email. Installing anti-malware software will help protect your organisation from malware that may be contained in these types of email.

Evaluate your cyber security posture

Gain a high-level evaluation of your organisation’s cyber security posture and a documented summary of recommendations for improvements with the Cyber Security Audit.

 

The post How #seriously are #SMEs taking their #cyber security? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

SANS Security East 2018

Source: National Cyber Security – Produced By Gregory Evans

General Cybersecurity Conference

January 8, 2018 | New Orleans, Louisiana, United States

Cybersecurity Conference Description [Submitted by Organizer/ Or Written By Us]

Kick start the new year with our first live training event of 2018! Please join us in New Orleans for SANS Security East 2018 (Jan 8-13), and experience exceptional cyber security training designed to help you advance your career. SANS’ training is unrivaled in the industry, and our passionate instructors are leading industry experts and practitioners. Their practical expertise adds value to the training material, ensuring you will be able to apply what you learn the day you return to work. Choose from more than 20 information security courses taught by world-class instructors, and laissez les bons temps rouler!

The post SANS Security East 2018 appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures