Senior Information Security Administrator

Job Summary:

The Information Security Administrator is responsible for administering and enhancing the Information Security Program within Giesecke & Devrient America (GDAI), ensuring compliance with PCI DSS, NASPO, SOC 2, ISO 27001, and other relevant regulatory frameworks. This role includes ongoing certification management, risk assessment, policy enforcement, and governance oversight to maintain compliance and security best practices. The incumbent will act as a subject matter expert (SME) in data security, advising and collaborating with various departments on IT security processes, documentation, and risk mitigation strategies.

Key Responsibilities:

Security and Compliance:

• Administer and enhance GDAI's Information Security Management System (ISMS) with a primary focus on ISO 27001, PCI DSS, NASPO, SOC 2, and related compliance frameworks.
• Ensure security controls are effective, documented, and aligned with regulatory and industry standards for ongoing audits and certifications.
• Maintain and update security policies, procedures, and governance frameworks in accordance with evolving risk landscapes and compliance requirements.
• Conduct internal security assessments, gap analyses, and external audits to ensure compliance with PCI DSS, NASPO, SOC 2, and ISO 27001.
• Serve as the primary liaison with auditors, regulators, and certification bodies for security compliance matters.
  
  
  

Cryptographic Key Management:

• Oversee and manage the Cryptographic Key Management Program, ensuring adherence to industry best practices for key generation, exchange, storage, usage, rotation, and documentation.
• Maintain and support Public Key Infrastructure (PKI), symmetric/asymmetric key systems, and cryptographic protocols
  
  
  

Risk Management & Incident Response:

• Develop and enforce risk-based security measures, conducting risk assessments to identify vulnerabilities and threats.
• Ensure a proactive security posture by continuously monitoring and mitigating emerging threats to IT infrastructure and applications.
• Lead incident response efforts, investigating security breaches, determining root causes, and implementing corrective actions.
• Track and report on security incidents, ensuring remediation and compliance with breach notification requirements.
  
  
  

Security Awareness & Training:

• Develop and manage a Security Awareness Training Program to educate employees on best practices, policies, and compliance requirements.
• Foster a security-first culture by promoting proactive risk management and secure operational practices.
  
  
  

IT Security Operations & System Oversight:

• Maintain, monitor, and audit security configurations, including firewall rules, intrusion detection systems, VPNs, and endpoint security solutions.
• Ensure the integrity and security of information security appliances, software, and security-related configurations.
• Support vulnerability management efforts, assisting in remediation planning and execution.
• Work with IT teams to implement and enforce network segmentation, secure access controls, and encryption standards.
  
  
  

Job Requirements:

Education & Certification:

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or related field.
• CISSP, CISA, CISM, PCI ISA, or similar security certification preferred.
  
  
  

Technical Expertise:

• 5 years of IT/Information Security experience, preferably in a financial services, manufacturing, or high-security environment.
• Strong understanding of security frameworks: ISO 27001, PCI DSS, NASPO, SOC 2, ITIL, COBIT.
• Experience with firewalls, intrusion detection systems, SIEM tools, endpoint security solutions, and encryption technologies.
• Solid knowledge of cryptographic key management, PKI, and security controls.
• Proficiency in MS Office, Visio, TCP/IP, vulnerability scanners (e.g., Nmap), and security analysis tools.
  
  
  

Analytical & Problem-Solving Skills:

• Ability to identify, assess, and remediate security vulnerabilities effectively.
• Strong analytical skills to develop security strategies and defend technical recommendations.
  
  
  

Other:

• Ability to communicate complex security concepts to both technical and non-technical audiences.
• Capable of working independently and collaboratively with cross-functional teams.
• Strong ability to balance security priorities with business operations.
  
  
  

Other Requirements:

• Must be available 24x7 for security emergencies or critical escalations.
• Ability to participate in industry forums and contribute to continuous security improvement initiatives.