Mainframe Data Security Auditor
Basic knowledge of security and good security best practices
- 5+ years of experience in ACF2, RACF, or Top Secret. Experience/familiarity with multiple external security products a definite plus. Experience in using security product utilities (e.g., RACF IRRADU00, IRRDBU00, IRRUT200, etc.).
- Understand security exposures and how they are remediated. Familiarity with major auditable items under ACF2, RACF, and Top Secret.
- Provide mainframe audit consultation, training, and knowledge sharing to clients and internal associates.
- Ability to organize, clarify and identify environmental security status and potential remediation steps.
- Work across organizational boundaries to deliver a quality product to our clients (internal and external).
- Can architect complex systems and break up into logical components.
- Understands the financial implications of the decisions being made from a technology perspective.
- Provide customer support by preparing ad hoc reports and giving presentations.
- Regularly lead self and others and/or established as Product SME and/or established as specialist.
- Monitor the environment for adherence to security standards.
- Proficient at TSO, JCL, IBM UTILITIES, JES2, ISPF, SDSF and/or IOF, Utilities (IEBGENER, IEBCOPY, IDCAMS, etc.), SMF, FTP.
- Knowledge of basic z/OS Operating System concepts.
- REXX, DFSORT, FILEAID knowledge a plus. Ability to automate reporting and review the reports effectively and efficiently.
- Familiarity with SOC-1, SOC-2, SOX, PCI, ISO2700x audits. Awareness of requirements imposed by various compliance regulations such as HIPAA, FISMA, GDPR.
- iSeries security knowledge a plus.
- Experience with Microsoft tools—Word, Excel, Power Point, Project, Notepad, etc.
- Strong written and verbal communication skills.
- Persistently promote security best-practices.
- Able to work independently, be a self-starter, and be able to identify and implement process improvements.
- Able to effectively plan detailed audit-related project work, including projection of effort and hours.
- Able to organize work effectively, work on multiple projects concurrently, follow-up on open items, and bring closure to projects.
- Strong organizational skills with the ability to manage multiple concurrent project deliverables and the ability to work as a global team.
- Must show initiative and be self-motivated to achieve individual and team goals.
- Strong analytical skills and problem-solving skills.
- Comfortable with working in fast-paced, dynamic environment having multiple customers and mainframe environments. Includes high-volume new customer migrations requiring time sensitive knowledge acquisition with customers.
- Evaluate existing security environments, and remediate security exposures. This will likely include both existing and new customer environments, potentially becoming a stand-alone service offering.
- Work with technical and non-technical teams, including cross-training and knowledge transfer with other team members.
- CISSP, CISA, CISM or ITIL Certification a plus
- Bachelors or Masters Degree Preferred
Other mainframe security products a plus