Information Security Engineer

Overview

The Information Security Engineer is responsible for protecting the organization's enterprise information systems, business applications, data assets and people by identifying and mitigating security risks. This role involves conducting comprehensive risk assessments, coordinating with SBU POC leads regarding incident response and remediation efforts, administering security tools, monitoring networks for security breaches, and ensuring compliance with regulations such as DPA of 2012 and ALI Group company policies. Roles maintains functional accountability to ALI Group Information Security Officer while maintaining an administrative reporting line to the ALH IT Director.

Security Monitoring and Incident Response

• Monitor the organization\'s data, IT infrastructure, and systems for security breaches and investigate violations
• Lead the incident response to potential security incidents by providing detailed analysis, collaborating with cybersecurity incident response teams, and recommending remediation actions
• Conduct root cause analysis and prepare comprehensive incident reports

Vulnerability Management

• Perform regular vulnerability assessments and penetration testing to identify security gaps
• Collaborate with IT teams to remediate identified vulnerabilities
• Track and report on the status of vulnerabilities and remediation efforts

Security Policies and Procedures

• Work with the ALI Group Information Security Officer and CIO on the implementation of security policies, procedures, and guidelines
• Ensure the implementation of policies and procedures are aligned with business objectives
• Ensure compliance with relevant standards and regulatory requirements
• Conduct regular reviews and updates of security policies for relevance to ALH business

Security Awareness and Training

• Develop and deliver security awareness training programs for employees
• Promote a culture of security awareness within the organization
• Provide guidance and training on security best practices

Compliance and Risk Management

• Ensure compliance with relevant laws, regulations, and industry standards (e.g., DPA 2012, GDPR, PCI-DSS)
• Conduct risk assessments and provide recommendations to mitigate identified risks
• Maintain documentation for compliance audits and assessments

Collaboration and Communication

• Work closely with IT and other business units to ensure security measures are integrated into all aspects of the organization\'s operations
• Communicate security issues and recommendations to senior management and stakeholders

Security Management and Implementation

• Plan, implement, manage, monitor, and upgrade security measures for the protection of the organization\'s data, systems, and networks
• Ensure that the organization\'s data and infrastructure are protected by enabling the appropriate security controls

• Bachelor’s degree in computer science, Information Technology, Engineering, Cybersecurity, or a related field
• Relevant certifications (e.g., CompTIA Security+, CEH, CIS, ISACA certifications) are a plus
• 5-7 years of experience in information security or a related field
• Proficiency with security tools and technologies such as firewalls, IDS/IPS, SIEM, and antivirus software
• Good understanding of risk management framework, methodologies and mitigation strategies
• Good appreciation and knowledge of network security, application security, and data privacy & protection principles; strong analytical and problem-solving skills
• Good appreciation and understanding of the security triad – CIA (Confidentiality, Integrity and Availability)
• Ability to learn quickly and adapt to new technologies and processes
• Detail-oriented with a proactive approach to identifying and addressing security risks
• Ability to coordinate with different business units and stakeholders for incident response and remediation efforts

• Associate

• Full-time

• Information Technology

• Hospitality