The Global Security and Privacy (GSAP) team is responsible for developing, implementing, and administering Catalina’s global security and privacy compliance program. With security, risk and privacy concerns so prevalent, Catalina’s GSAP organization’s mission is to protect Catalina’s brand by identifying and reducing risk across the enterprise to improve levels of privacy, cybersecurity, and resilience. GSAP will identify risks, recommend solutions, and handle investigations, breaches, and incidents to ensure Catalina has a trusted and private environment that provides Catalina and Catalina clients the freedom to innovate, grow, pursue strategic goals, and to do business anywhere and anytime.
This position will report to the Manager, Security Architecture/Engineering. The role is mainly focused to address Catalina cloud infrastructure and applications as well as support security operation functions. The successful candidate will join a team of highly qualified individuals who collaborate and support each other. The candidate will have the opportunity to grow their knowledge in security but in privacy as well.
- Build, test, and implement information security technologies, including infrastructure and supporting applications related to data protection, network security, and end-point security i.e. NSG’s, VPN’s
- Manage complex projects through both pre-production and implementation phases by collaborating with internal teams, infrastructure management, and business groups
- Under general supervision, be responsible for creating security solutions to prevent internal or external attacks or attempts to compromise Catalina’s email, data, cloud and web-based systems.
- Perform investigations and researches attempted or successful efforts to compromise systems security and designs countermeasures as necessary.
- Evaluate, configure, review/analyze, and support security tools (Qualys, Rapid7, Blackduck, Veracode,etc.)
- Conduct security assessments to identify risks and make recommendations to mitigate those risks
- Identify and make recommendations to configure and optimize server and desktop operating systems and enterprise patch management systems
- Implement controls and configurations aligned with security policies and legal, regulatory and audit requirements
- Participate in root cause analysis of critical events for improving preventative and reactive processes
- Work with other business areas to explain security concepts, make recommendations, and help drive security initiatives
- Support, and enhance security operation processes to include but not limited to
- Vulnerability Management
- Incident Response
- Privilege access
- Managed Security Service Processes
- Privileged Access
- Email, Web Browsing and other endpoint protections
- Provide support as needed to assist Security Architect and Security Analyst
- 3+ years of experience designing, administering, and/or maintaining the security of cloud environments such as MS Azure, AWS, Google Cloud
- In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and SANS Top 25
- Experience with data security requirements in the cloud aligned with FISMA, CJIS, HIPAA, NIST, GDPR or other rigorous security compliance standards
- Self-motivated, well-organized, able to communicate and collaborate with teams of various competencies, and able to meet aggressive deadlines
- Extensive hands-on experience with security design and build out of cloud environments
- Ability to demonstrate several key security practices in access control, application security, network security, security architecture, and security strategy
- Experience with cloud architecture and components including compute, storage, and networking as well as scripting experience (tools, process, methods, troubleshooting) and deployment concepts such as continuous integration
- Implementation experience with enterprise security solutions such as WAF, IDS/IPS, Anti-DDOS, DLP, and SIEM, and NextGen FW.
- Network and web protocols and packet analysis tools
- Experience in all stages of Incident Response
- Cyber risk analysis (threat assessments)
- Experience working with, and influencing, business leaders in promotion of consistent practices and policy
- Strong ability to communicate the importance of privacy by design as a business differentiator and core value, beyond legal compliance
- Bachelor’s or master’s in computer science or related field, depending on position level
- Cloud and security industry certifications such as AWS and Azure, CISSP, CCSP, and others as applicable
- Must be able to speak, read, and write English; effective verbal and written communication and skills
- Education: BA degree preferred but may be substituted with experience
- Certifications: CISSP, CISM, CEH, or any relevant security certification preferred
- Minimum years of experience: 3 years
- Some travel may be required.
Catalina is a recognized leader in highly targeted, personalized digital media that drives, tracks and measures sales lift for leading CPG retailers and brands. Powered by the most extensive shopper database in the world, Catalina's mobile, online and in-store networks personalize the consumer's path to purchase, delivering $7.9 billion in relevant consumer value each year. Catalina has no higher priority than ensuring the privacy and security of the data entrusted to us and maintaining the consumer trust paramount to the continued success of our business partners and Catalina. Based in St. Petersburg, FL, Catalina has operations in the United States, Europe and Japan. To learn more, please visit www.catalina.com or follow us on Twitter @Catalina.
The intent of this job description is to describe the major duties and responsibilities performed by incumbents of this job. Incumbents may be required to perform other job-related tasks other than those specifically included in this description.
All duties and responsibilities are essential job functions and requirements and are subjected to possible modification to reasonably accommodate individuals with disabilities.
We are proud to be an EEO employer M/F/D/V. We maintain a drug-free workplace.