Responsible for Information Security (InfoSec) globally including; restaurant InfoSec solutions, Content Management, Group Policies, Logging and all other security tools. This position is also responsible for all InfoSec documentation and leading all incident investigations.This position will perform both investigative and regulatory vulnerability and rogue system scans and analysis.
In addition to following Chipotle’s policies and procedures, principal accountabilities include, but are not limited to:
• Ensuring that systems sufficiently and consistently perform and fulfill current and future needs in a cost effective manner.
• Is consulted upon by Network Engineer for Firewall policies.
• Is responsible for compliance documentation scans and analysis as required by internal IT Governance and external authorities and regulatory bodies.
• Manages and is primarily responsible for the following InfoSec tools: Content Management solution, Host and Network IPS, Logging and event correlation/SIEM, Antivirus/Malware, File Integrity Monitoring, Vulnerability Scanning. Endpoint Encryption, Endpoint Application Whitelisting, Patching, Rogue host and network scanning.
• Fulfilling 3rd level escalation for Security issues and Incidents. Responsible for Incident Response and all related documentation.
• Ensuring smooth implementation of new security applications and changes to the systems through sound testing procedures, capacity planning and impact analyses.
• Creating, maintaining, documenting and communicating security policies and procedures for corporate, restaurant and mobile systems.
• Keeping up-to-date on trends and technological innovations to keep all systems current and as cost effective as possible. Regularly checks InfoSec websites for information on outbreaks and new attack vectors.
• B.A./B.S. in related field or an equivalent in education and experience
• Security +
• CISSP Preferred
• Knowledge of and the ability to use a PC as well as Microsoft Office Suite
• Knowledge of and the ability to use Microsoft Windows OSs, Active Directory Services, Basic Linux, Basic Cisco commands, network protocols; LANs, WANs, and related security protocols.
• Knowledge of Network and Host security components, Monitoring and operations. Ability to use the various tools listed above to perform scans, tests and incident response and event correlation.
• Ability to investigate and report on anomalies and incidents to their logical and truthful conclusion.
• Solid testing knowledge and demonstrated ability to perform and analyze results in a complex networking environment
• Excellent written and verbal communication skills
• Ability to multi-task, and serve as a project lead or team player in a fast-paced environment with the ability to jump in and help out in areas outside of expertise if necessary
• Ability to manage priorities and projects
• Four (4) years experience working with hardware and software
• Project management experience preferred