CaridianBCT is a global leader in the blood bank and transfusion medicine industry, investing in research and development focused on enhancing blood quality, safety and supply. It provides technology, products and services to blood centers, hospitals, and scientific, clinical and biotech researchers.
Driven by its vision, For Better Blood and Better Lives, CaridianBCT’s mission is to improve lives through innovation, quality and services delivered by our people, products and processes in blood component technologies.
It is the largest medical device manufacturer headquartered in Colorado. Based in Lakewood, Colorado (just west of Denver), CaridianBCT employs approximately 2,200 people in 32 countries and has sales in more than 96 countries.
Learn more about the company on its website at www.caridianbct.com
Job Summary
Work independently to apply business insight and technical expertise within the area of information security for electronic and non-electronic means of storing, accessing, and exchanging information. Participate in a highly collaborative and diverse environment working closely with partners throughout the company and with the information-security professional community of practice.
Essential Duties and Responsibilities
Perform analyses to assess potential and actual risks, threats, and vulnerabilities that pertain to the protections of company a) information that is proprietary, confidential and/or otherwise requires protection from unauthorized access, and b) electronic devices upon which the company or its employees rely, for business purposes, to be free from compromise in availability, reliability and security.
Contribute to the definition of corporate policies to protect company information and electronic devices.
Identify and implement solutions and related measures to protect corporate information and electronic devises, including use of techniques such as business practices, electronic controls, compliance monitoring, and enforcement. Scope includes internal assets and information, perimeter controls, and confidential information that resides outside of the corporate perimeter.
Assess individual devices (servers, workstations, PDAs, smart phones, network devices, etc), departments, and network segments for security risks and standards compliance.
Detect, identify and respond to the data security breaches.
Review and inform company stakeholders on compliance with security and privacy related laws, regulations and industry standards and practices in place and pending.
Develop and maintain role-based access controls (RBAC).
Understand and develop procedures to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information.
Work with computer user department and development staffs to request programming changes. Plan data security for new or modified software, accommodating issues such as employee data access needs and risk of data loss or disclosure.
Review and audit unusual requests for computer access and/or account changes.
Conduct security training for ITS by agreed upon date(s).
Prepare data-use records for administration.
Answer questions about computer security from internal and external (e.g., auditors) sources.
Construct quality work plans and deliverables from minimal definitions and work on multiple assignments simultaneously.
Outline valid deliverables and execute to meet the communicated dates.
Establish and maintain change and project management to support transition processes.
Minimum Qualification Requirements
Education:
College degree in Computer Science, Information Technology, or Business
Experience:
Minimum of five to seven years with progressively more responsible duties in the full life cycle and broad spectrum of information security.
Two to five years of experience in information security planning, design, product selection and implementation, testing, documentation, and auditing, including implementation and verification of security software and patches.
Three to five years of experience with VPNs, firewalls, two-factor authentication, proxy servers and related perimeter-protection techniques and technologies.
Two years of experience in protecting electronic end points other than personal workstations.
In-depth knowledge of security standards and experience in their implementation.
Experience with the architecture associated with identity management.
Experience with the implementation of encryption.
Experience in building scripts to run as pre-scripts and post-scripts on agent platforms, including process flow, script composition, return codes, and accessing user and system fields.
Skills:
Advanced knowledge of the techniques used to cause, detect and prevent or remediate security problems and end-user devices, computers and network systems.
Demonstrated skill in performing post-incident computer forensics without destruction of critical data.
Sufficient technical expertise to recognize the applicability of emerging technologies to CaridianBCT’s business needs and to direct evaluations, cost/benefit analyses, and implementations of new technology.
Knowledge of the business functions supported.
Demonstrated effective oral and written communication skills with the ability to communicate technical information to non-technical personnel.
Ability to design, implement, operate and maintain technical solutions to information security-related problems.
Advanced knowledge of business protection systems and technology associated with information security.
Advanced knowledge of information security best practices and regulations.
Ability to install and configure security software in computer networks.
Certificates, Licenses, Registrations:
CISSP and CEH certifications are required.
Equipment:
Working knowledge of AIX and Windows operating systems, Oracle and SQL Server DBMS, network architectures including a solid understanding of multiple protocols, anti-virus and intrusion-detection and prevention equipment and software, voice and data communications.
ADDITIONAL INFORMATION
The work environment characteristics and physical demands described are representative of those an employee encounters and must be met while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is occasionally exposed to work near moving mechanical parts and fumes associated with the manufacturing process. The noise level in the work environment is usually moderate.
The employee must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include Close vision and Ability to adjust focus. While performing the duties of this job, the employee is regularly required to sit and talk or hear. The employee is frequently required to stand; walk; use hands to finger, handle, or feel and reach with hands and arms. The employee is occasionally required to climb or balance; stoop, kneel, crouch, or crawl.
We are proud to be an Equal Opportunity Affirmative Action Employer. We maintain a drug-free workplace and perform pre-employment substance abuse testing and background verification checks.
