2014-03-07

**Information Services Consultant—Dallas, TX—Contract Opportunity**

Did you know that CompuCom’s employee benefits start on the first day of employment? Join **CompuCom** and enjoy our generous, DayOne Benefits(SM)!

We are seeking a Sr. Information Services Consultant with a strong focus on cost-effectively meeting the Information Security needs of CompuCom internally as well as CompuCom business units and, through them, our clients, assist in the management of enterprise security architecture as well as provide technical support and advice on a wide variety of information security responsibilities, issues and problems.

This includes Audit, Compliance, Incident Response, Vulnerability Management, Risk Assessment, Documentation, User Awareness and being a Subject Matter Expert in these and other areas related to Information Security. Perform forensic investigations as may be needed by and at the direction of the CompuCom Legal team. Lead and/or work on teams and task forces throughout CompuCom to assist with the improvement of security of information systems, processes and procedures as well as to ensure compliance with all established policies, standards and regulations relevant to CompuCom and our clients.

**Position Details**:

**Audit, Compliance and Risk**

* Using AT101, AT601, AT801 and the PCI-DSS as guidelines, develop and execute audit test plans of the control environment for services CompuCom delivers to its clients in order to determine whether the controls and processes are both properly designed and operating effectively. Coordinate activities with external auditors to ensure audits are performed efficiently and in a timely manner;
* Lead, coordinate and/or drive remediation activities in order to correct deficiencies or reduce to an acceptable level via compensating controls any risk that may identified as a result of an audit;
* Assist with client proposals, including the review of and proposed changes to RFPs and MSAs to minimize risk to CompuCom;
* Participate in the review of information security Waiver Requests, working with the requestor to find alternative solutions that could minimize the risk to CompuCom while meeting the needs of the business;
* Assess applications developed in-house or purchased from vendors as well as those services obtained from third parties to ensure they include adequate controls.

**Incident Response**

* Lead and/or participate in incident response activities as directed and as outlined in CompuCom’s Security Incident Response Policy and Procedure;
* Review and update the corporate incident response documentation, process and procedures to ensure continuous improvement.

**Security Vulnerability Management**

* Monitor for vulnerabilities relevant to the CompuCom IT Environment;
* Organize and conduct monthly Security Vulnerability Management Meetings;
* Participate in the Security Vulnerability Management process, offering advice and recommendations in order to ensure risk from vulnerabilities is kept to a minimum.

**Vulnerability Scanning**

* In conjunction with the Security Vulnerability Management process, coordinate and schedule scans of CompuCom’s internal address space and applications for vulnerabilities using approved tools;
* Ensure that approved scanning tools have at least the minimum level of access needed to identify vulnerabilities that may exist for the device environment;
* Ensure that approved scanning tools are configured to perform all necessary tests in order to have an accurate and complete risk profile for the devices while at the same time not performing tests without prior approval that are known to have the potential to introduce instability or compromise a system, for example DoS attacks;
* Generate and publish reports of vulnerabilities; using these reports, assess level of compliance with the Security Vulnerability Management process;
* Assist infrastructure and application owners to understand vulnerabilities discovered and plan remediation.

**Forensic Investigations**

* At the direction of the CompuCom Legal team, perform forensic investigations using approved tools.

**Information Security Documentation**

* Working with team members and business unit representatives, develop and publish information security policies, processes and procedures that support compliance with industry standards and regulations relevant to CompuCom and that otherwise reflect information security best practices;
* Update existing information security policies, processes and procedures to ensure the policies remain current with industry standards and regulations;
* Review security related documentation produced by other teams for accuracy and completeness; where appropriate, assist with identifying the security requirements.

**User Awareness**

* Working with other team members and business unit representatives, develop user awareness programs and initiatives as it relates to Information Security. Where needed, provide specialized security training or assist in identifying and assessing sources of training outside of CompuCom;
* Perform analyses of CompuCom Security User Awareness training in order to gauge utilization and effectiveness; make recommendations to improve training;
* Develop innovative ways to communicate Information Security standards and best practices to end users and business leaders.

**Subject Matter Expert**

* Keep abreast of security, compliance and privacy standards, laws and regulations that are relevant to CompuCom;
* Develop proposals on how new and existing standards and technologies could be used to reduce risk to CompuCom and/or improve the competitive position of CompuCom;
* Communicate Information Security knowledge to internal as well as external parties.

**Other**

* Participate in the Change Management process and weekly meetings;
* Active participation in Project Management for any project that may require such a formal approach;
* Mentoring less experienced team members;
* Perform additional duties as may be deemed necessary by CompuCom management.

**Qualifications:**

* Bachelor’s Degree in Information Systems or the equivalent in the form of proven experience
* CISA Certification
* CISSP Certification
* PCI QSA
* Excellent understanding of Information Security controls as well as experience achieving compliance using and/or with standards and regulations such as ISO27001, PCI-DSS and SOx
* Proven ability to plan, create and implement audit test plans to both perform internal testing of controls as well as to support external audits conducted in accordance with SSAE16, AT101, AT601, AT801 and the PCI-DSS
* Proven ability to develop, create and implement processes that may be complex and/or cross team and organizational boundaries
* Proven ability to create and maintain effective documentation, including policies, processes and procedures
* Excellent understanding of Information Security technologies
* 10 years of proven experience with Information Security in medium to large organizations
* Proven Project Management experience
* Excellent organization skills
* Ability to prioritize workload in order to meet commitments
* Strong communications skills, both verbal and written, as well as the ability to communicate well with people in a variety of positions, roles and levels

With a strong focus on cost-effectively meeting the Information Security needs of CompuCom internally as well as CompuCom business units and, through them, our clients, assist in the management of enterprise security architecture as well as provide technical support and advice on a wide variety of information security responsibilities, issues and problems. This includes Audit, Compliance, Incident Response, Vulnerability Management, Risk Assessment, Documentation, User Awareness and being a Subject Matter Expert in these and other areas related to Information Security. Perform forensic investigations as may be needed by and at the direction of the CompuCom Legal team. Lead and/or work on teams and task forces throughout CompuCom to assist with the improvement of security of information systems, processes and procedures as well as to ensure compliance with all established policies, standards and regulations relevant to CompuCom and our clients.

*Location:* Dallas

*Type:* Contract

*Post Date:* Sat Mar 1 00:52:48 2014

*Ref:* BBBH71990

Show more