American Credit Acceptance

Description

Summary/ Objective The Senior Information Security Engineer III role leads the identification, analysis, and management of security related risks across the organization. This role will conduct risk assessments and security architecture reviews on new products and processes, lead any analysis and prioritization efforts to improved incident management and cyber security, ensure consistent and robust security risk management practices are being followed based on the defined framework and methodology, develop security related risk strategies, programs, policies and processes, assess Cyber Operations (incident management, threat intelligence, forensic analysis, etc.) conduct Compliance Assessments (PCI, GLBA, HIPAA, etc.) and mentor junior level analysts. Essential Functions

• Responsible for developing integrations between enterprise identity management and target systems
• Investigates and implements process and performance enhancements to existing code base
• Works with Identity Management architect to design new integration's
• Develops and executes functional test scripts
• Generates work estimates for use in project planning activities
• Supports application change process
• Report on development activity status to senior team members
• Provide application usage guidance for L1 support staff
• Submit, update, and track support requests with software vendors
• Follow project management and SDLC disciplines to insure structured and effective implementations
• The preferred candidate would be current in the latest development technologies including Java & J2EE, Active Directory, Web application server implementation/deployments, LDAP, and Identity Management with a history of hands-on development skills in these areas.

Other Duties and Responsibilities:

• Design and Implementation
• Design, develop, and test custom implementations
• Investigate vendor-provided connectors for future integrations
• Create, maintain, and execute test plans for new and modified components
• Participate in code and configuration review processes
• Provide development guidance to junior team members
• Follow SDLC process and team best practices in all activities
• Maintain up-to-date knowledge on all internal best development practices as it relates to IT Security.
• Work with internal/external developers as required making sure they are following and implement IT security best practices.
• Develop as needed coding to support IT security based applications utilizing the IT security application tools.
• Operational Support /Management
• Support all audit, SSAE16 and other related data inquires.
• Maintain training materials for system users
• Investigate issues reported by L1 support and provide remediation guidance
• Support change process to migrate updates to Production
• Required to handle as required on-call support for identity management systems.

Qualifications

• Bachelor degree in Management Information Systems (MIS), Computer Science or related field
• 7+ or more years of Information Security or IT audit experience
• In-knowledge of intrusion detection/prevention systems and network architecture;
• Knowledge of asset, configuration, and data security management best practices
• Knowledge of Cloud Security Methodologies and deployment approaches, and ability to engage in security discussions pertaining to Private/Public Cloud Providers, and IaaS, PaaS, and SaaS models
• Knowledge of threat vector analysis, modeling, and attack trees in designing cyber security controls
• Experience in, or knowledge of Audit and Assessment of 3rd Party Providers, including onsite assessment, SOC Reviews, and reviews of BITS SIG, or Cloud Security Alliance (CSA) documentation

Preferred Qualifications

• Experience in in information security technology such as firewall, intrusion detection systems (IDS), Identity Access Management (IAM), anti-malware and SIEM technologies
• Knowledge of Network and TCP/UDP architecture
• Strong written and verbal communication skills, ability to effectively communicate across all levels of the Company and attention to detail
• Prior experience in a compliance and regulatory environment related to security and privacy including security compliance standards across industries such as; GLBA, PCI, ISO 27001, HIPAA, SOC, SOX
• Certifications: CISSP or CISA preferred.

Work Environment and Physical Demands - This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines. Position Type/Expected Hours of Work - This is a full-time position with a work schedule of Monday-Friday with some schedule variations of weekday, weekend, and sometimes monthly on-call duties as needed. Travel - This position will require up to 5% local travel. Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice. EEO Statement

ACA provides equal employment opportunities (EEO) to all applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. ACA complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. California Privacy Notice As an employer of California residents, we are dedicated to protecting your privacy rights. Any personal information you provide during the application process will be used solely for permitted internal purposes and will be handled in accordance with applicable privacy laws. By applying to this position, you consent to the collection, use, and disclosure of your personal information as described in our Employee Privacy Notice.