Job Summary

Serves as the subject matter expert supporting multiple disciplines of IT security including IT security risk management; handles development of policies/procedures ensuring that the company meets federal and State regulatory guidelines; maintains security log management and review; investigates incident response; manages the secure operation of the company’s computer systems, firewalls, servers, and network connections; oversees the enterprise antivirus, and the management of end user accounts; recognizes areas of improvement within the environment, and balances those initiatives with organizational goals

Principal Duties & Responsibilities

• Takes a lead role coordinating troubleshooting initiatives, installations, implementations, administration, and maintenance of the security of the computer systems in a multi-platform environment, such as mainframe and distribution including the design and operation of the company’s identity store
• Works with regulatory analysts, privacy, internal audit, and external auditors to determine applicability of risks, remediation, and correction; responds to audit questions and addresses regulatory issues
• Works as part of the development team to maintain the security and regulatory compliance of systems architected, built, installed, and used by the company
• Researches, analyzes, and recommends the implementation of software or hardware changes to rectify any infrastructure security deficiencies or to enhance security performance
• Manages and maintains security systems including firewalls, virus protection systems, Web filters, computer forensic systems and network, and host-based intrusion detection and prevention systems
• Creates, audits, and reports the enforcement of policies, procedures and associated plans for system security administration, and user-system access as defined by company standards
• Contributes to the design and implementation of the disaster recovery plans for security of the company’s computer systems, databases, networks, servers, and software applications
• Contributes to the creation of user access guidelines and processes
• Oversees or conducts penetration testing of all systems in order to identify system vulnerabilities
• Designs, implements, and reports on security system activity, and performs end-user activity audits
• Monitors server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity, and makes recommendations based on those findings, or configures and maintains systems that so perform
• Recommends and classifies the severity of security fixes and patches, discovered vulnerabilities, disaster recovery procedures, and any other measures required in the event of a security breach
• Conducts research on emerging products, services, protocols, and standards in support of security enhancement and development efforts; tests new security software and/or technologies
• Ensures that planned testing activities are performed and technical criteria are met
• Monitors services provided by vendors to ensure that service levels meet requirements
• Analyzes infrastructure activity and problems to discover and prevent systematic errors; recommends network design changes/enhancements for improved systems availability and performance
• Investigates the adherence of associates, employees, vendors, and contractors to the appropriate section of the Aflac Information Security Policy and recommends appropriate sanctions for violation; performs and documents forensic investigations as part of personnel actions
• Plans and monitors the installation of distributed infrastructure systems
• Performs other related duties as required

Education & Experience Required

• Minimum Required Bachelor's Degree Computer Science, Information Security, Information Systems, Risk Management or related field
• Minimum Required Five or more years of job related work experience
• Minimum Required Working knowledge of information security policies, controls, and processes as well as infrastructure (networks, servers), databases, and Internet technologies
• Minimum Required Working knowledge of information security related laws, regulations, and industry standards (e.g., FFIEC, GLBA, HIPAA, and PCI DSS). Ability to translate these requirements into enterprise wide regulatory compliance and risk management processes in support of the Information Security program
• Minimum Required Experience in Financial Services or Insurance industry

Education & Experience Preferred

• Preferred Certification CISSP or other IT security related certifications within a given field

Or an equivalent combination of education and experience.

Job Knowledge & Skills

• Networks (TCP/IP
• Schematic Architecture Design
• Data Access and User Administration
• Data Security
• Development Requirements Definition
• Network Security
• Security Risk Management
• Server Hardware + O/S Management
• Systems Security and User Administration
• Systems Security Maintenance
• Systems Security Policies and Procedures
• Systems Security Testing and Auditing
• Information Security Technology
• Server Hardware + O/S Management

Competencies

• Acting with Integrity
• Communicating Effectively
• Pursuing Self-Development
• Serving Customers
• Supporting Change
• Supporting Organizational Goals
• Working with Diverse Populations

Working Conditions

The statements below describe the general nature and level of the work and are not an exhaustive list of all responsibilities, duties, and skills required.

Normal office environment (virtual or in-person)

Travel

≤ 10%