System Security Coordinator & Manager – IT Security Risk & Compliance- Parsippany

The Security Systems Coordinator is responsible for the administration & maintenance of all security related software applications. This will include, but is not limited to, application revisions, group & user management, database administration, coordination of software deployments & upgrades, as well as end user technical support. This position is also responsible for the configuration and documentation of all security network devices. The Security Systems Coordinator will partner with other business areas and user groups as needed for software deployments, upgrades, and service outages.

Security Applications & Database Administration and Maintenance

The administrative and maintenance duties include, but are not limited to the following:

• Group and User Policy Management
• Database support, information archiving and purging, back-up protection
• Coordination of upgrades and service outages
• Application revisions and enhancements
• Report Designing
• Liaise with the IT Department for security software deployments, upgrades, etc.

These applications include, but are not limited to the following:

• Asset Protection Information System (APIS)
• Card Access (ProWatch)
• Digital CCTV Recording / Remote Viewing (Loronix/Nextiva/PelcoNet)
• Visitor Management
• Visual Fusion
• Metal Scan
• Voice Recording
• Radio over IP
• Showcase Digital Locking
• KeyWatcher and Tour Pro Systems
• Security SharePoint Team Sites
• Workplace Status Website
• Department Intranet Site

Security Systems User Support

Responsible for ensuring user groups of the Security Systems are provided proper systems access for their business requirements. Provide technical guidance to end users and team members. Act as the primary technical support for systems with no outside vendor. Provide technical assistance and support to outside vendors to resolve failed equipment issues.

Security Network Administration

Responsible for configuration, documentation, and network monitoring of global security network subnets to ensure systems are joined to the Tiffany network successfully during installation, and provide accurate information for monitoring and troubleshooting of network response failures.

Security Systems Special Projects

Support special and/or unplanned projects, at management’s discretion, such as bulk system design changes, deployments, and end user testing of system implementations. Offer suggestions for process improvements and support extended and/or non-traditional business hours, as necessary, for service and system maintenance.

Required Qualifications:

• Advanced computer knowledge in the following areas (2+ Years):
• • Windows Operating Systems (Windows XP, Windows 7)
• • Microsoft Applications (Word, Excel, PowerPoint, Visio, FrontPage, Access)
• Technical understanding of database design and queries
• Must possess highly effective analytical and problem solving skills
• Strong understanding of network architecture, and group policy management
• Ability to execute software and hardware deployments
• Proficient technical understanding of physical security systems (2+ Years)
• Ability to work non-traditional business hours and overtime, as necessary
• Excellent time management skills, detail oriented, and the capacity to handle shifting priorities with minimal supervision
• Highly effective communication skills, both verbal & written
• Ability to interact with individuals in various levels throughout the organization
• Well organized, self-motivated, with strong interpersonal skills

Preferred Qualifications:

• Advanced knowledge in SQL 2005, SQL 2008, Server 2003, and Server 2008
• Four year college degree
• Technical or Security Industry certification such as PSP or CPP
• IT certifications/courses such as networking, database, etc.
• Knowledgeable in AutoCAD
• Website programming knowledge (HTML, ASP)

Tiffany & Co. is currently seeking a Manager – IT Security Risk & Compliance to develop and maintain risk management systems and processes. This role will identify and analyze areas of potential risk to information and infrastructure assets and provide guidance to business decision-makers with development of mitigation strategies. He/she will ensure that adequate and effective security processes and controls are followed and aligned to deliver compliance with security policy and regulatory requirements.

The Manager – IT Security Risk & Compliance will be responsible for implementing and maintaining the risk management process, including establishing standardized processes and procedures for risk assessment and risk treatment of mitigation. S/He will produce reports or presentations that outline findings, explain risk positions, or recommend changes and oversee analysis of current or proposed business operations to identify areas of potential loss or damage and quantify impact. The Manager will develop and implement the sustainable security compliance program, which includes all legal, privacy and regulatory requirements and conducts assessments to identify non-compliance. Additionally, this role will work with engineering leads and architects to develop tools and processes to review and report on compliance for security and privacy.

This position will provide guidance to business decision-makers on issues and development of risk mitigation strategies while developing and maintaining policies, processes and standards to reduce risk, minimizing business disruption and ensuring business continuity and disaster recovery. S/He will manage Information Security staffing, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions. This position will establish and maintain regular written and in-person communications with the organization’s executives, department heads, and end users regarding pertinent IT activities.

To be qualified for this position you must have:

• Bachelor’s degree and 5 plus years related work experience or equivalent combination of education and experience.
• Strong technical knowledge in Risk Identification and mitigation.
• Strong technical knowledge of applicable regulatory requirements including Sarbanes-Oxley (SOX), and ideally the Payment Card Industry Data Security Standard (PCI-DSS), with general knowledge of applicable data privacy practices and laws.
• Proven, in-depth technical knowledge of Information Security principles and process and writing IT policy.
• Proven experience in a Governance, Risk & Compliance (GRC) framework.
• Background applying and assessing ISO/IEC 27000-series security controls.
• Strong leadership qualities, ability to harness the commitment & contribution of team members outside of direct span of control.
• Demonstrated understanding of project management principles.
• Demonstrated experience creating a sustainable compliance office.
• Excellent written and oral communication skills.
• Excellent interpersonal skills and customer service skills.
• Ability to conduct and direct research into risk/compliance issues and products as required.
• Ability to present ideas in business-friendly and user-friendly language.
• Fiscally responsible decision making with the ability to perform general mathematical calculations for the purpose of creating business cases and budgets.
• Highly self-motivated and directed.
• Attention to detail.
• Proven analytical, evaluative, and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Extensive experience working in a team-oriented, collaborative environment.
• Master of Business Administration in technology preferred.
• CISSP, ISA, CRISC preferred.