Details: Job Summary and Mission This job contributes to Starbucks success by providing business and technical advice on a wide variety of information security issues, concerns, and problems. Ensuring all business applications developed in-house or developed by outsiders, on behalf of Starbucks, include adequate control measures. Collaborating on committees and task forces throughout Starbucks. This job requires an in-house subject matter expert who diligently assists with the improvement of security on information systems at Starbucks A visible internal spokesperson of the Information Security Department, charged with gaining widespread support of and compliance with information security requirements.Models and acts in accordance with Starbucks guiding principles.Summary of Key Responsibilities:Responsibilities and essential job functions include but are not limited to the following:Provides in-depth technical advice for investigations of information security incidents including internal frauds, hacker break-ins, and system outagesAssists with the documentation of information security incidents as well as the analysis of the circumstances enabling or permitting these same incidents to take placeParticipates on a Computer Security Incident Response Team (CSIRT) that responds to various security incidents such as denial of service attacks, virus infestations, and internal fraudsAnalyzes selected commercially-available information security products and services to determine which of these should be adopted by, or tested by StarbucksProvides users and management with technical support on matters related to information security such as the criteria to use when selecting information security products and answers a wide variety of questions about information security)Acts as a technical information security reviewer of requirements statements, feasibility analyses, conceptual designs, and other documents produced during the systems development processReviews proposals to significantly enhance or modify the configuration or functionality of intranets, firewalls, servers, applications, databases, and other important parts of the Starbucks information systems infrastructureProvides special technical guidance to the Information Technology Department staff about threats, risks and control measures associated with new and emerging information systems technologiesActs as a technical resource to users, user department management, and others within Starbucks who are seeking more information about information securityParticipates in, and acts as a technical leader in, periodic information systems risk assessments including those associated with the development of new or significantly enhanced business applicationsReviews the cost-effectiveness and practicality of existing information security procedures and systems, and makes suggestions for the improvement of these same procedures and systemsDevelops detailed proposals and plans for new information security systems that would augment the capabilities of, or enable new capabilities for Starbucks networks or shared information systemsPrepares and periodically updates draft information security policies, architectures, standards, and/or other technical requirement documents needed to advance information security at StarbucksInterprets information security policies, standards, and other requirements in light of specific internal information systems, and assists with the implementation of these and other information security requirementsAssists with the selection, installation, and adoption of automated tools that enforce or monitor the compliance with information security policies, procedures, standards, and similar information security requirementsConceives of and proposes new approaches that will allow greater standardization and more effective management of information security measuresProvides technical advice to those who install, administer, and update computer-based access control systemsWorks with the Internal Legal Department and the Physical Security in the development of procedures which capture and securely preserve evidence of computer related crime and/or abuse, so that this evidence may later be used for legal or disciplinary purposesAssists with internal efforts to inventory and control intellectual property (including restricting unauthorized copying of software)Monitors current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy, so that Starbucks is warned in advance and is ready to be fully compliant with these requirementsStays informed about the latest developments in the information security field, including new products and services, through on-line news services, technical magazines, professional associations, industry conferences, training seminars, and other information sourcesParticipates as a technical advisor for a variety of ad-hoc information security projects that will be dictated by current business and technological developmentsReviews proposals for outsourcing business activities to determine whether the benefits that the vendor alleges are likely to be achieved, whether the vendor is in a position to adequately handle Starbucks business or if the controls would be compromised in the course of outsourcing the proposed activities
No comments:
Post a Comment