SP + Job - 31025156 | CareerArc
  Search for More Jobs
Get alerts for jobs like this Get jobs like this tweeted to you
Company: SP +
Location: Chicago, IL
Career Level: Associate
Industries: Construction, Housing, Real Estate




The Information Security Administrator will provide daily support for management of security administration and help to ensure the confidentiality, integrity and availability of SP+' information assets, with an overall focus on ensuring secure operations of corporate computer systems, servers, applications and network connections. We are currently seeking qualified candidates with a focus on Compliance Administration (PCI, SOX, FACTA), the Administrator role will support IT security initiatives and compliance through monitoring, analyzing, auditing and managing security related components of the corporate and field IT environment. The Information Security Administrator's role will also focus on the creation and/or maintenance of policies, standards, baselines, guidelines and procedures, as well as conducting vulnerability audits and risk assessments. This position also includes developing, planning and managing any required remediation efforts brought about by detailed security assessments conducted by the Information Security team.



  • Facilitate compliance with government and regulatory requirements such as Payment Card Industry-Data Security Standards (PCI-DSS), Fair and Accurate Credit Transactions Act (FACTA), and Sarbanes-Oxley (SOX)
  • Perform periodic audits to sustain compliance with internal security policy and remediation of compliance gaps as identified in security related testing procedures
  • Monitor user access controls, manage changes to ensure that access control rights are appropriate to business needs and terminate network and application access as appropriate
  • Ensure that all security risks identified through security assessments are managed and communicated clearly and effectively to IT and Business Unit Management
  • Develop, implement, operate and maintain in-house software security tools – to include anti-virus (AV), intrusion detection/prevention (IDS/IPS), file integrity monitoring, change management, privileged access, vulnerability & patch management – develop recommendations to keep or expand the current information security tool set
  • Use existing information security tool sets to monitor networks and their components (firewalls, routers, access points, computers, servers) for security related events and/or vulnerabilities the could expose the organization to excessive risk
  • Run monitoring software on storage, application and network drive environment, to locate data that should not be stored in those systems or data that can be stored and is not sufficiently secured
  • Participate in all phases of the risk assessment process from categorization to monitoring – provide detailed analysis of recommendations needed for the organization to reduce level of overall risk and exposure
  • Maintain the risk register for the organization and use these findings to drive process improvement across the information security landscape
  • Perform audit processes as required for SOX, PCI and other compliance standards as appropriate based on defined security controls in place within SP+
  • Assist in ensuring that the company's employees appreciate the benefits of security to the organization by contributing to the Information Security Training & Awareness program



In addition to the qualifications listed below, the candidate must have excellent communication skills (written and verbal), project planning and prioritization skills. Must be self-motivated and detail-oriented with a strong sense of urgency, and be a creative problem solver.

Required Experience

  • 2-3 years of experience in an Information Security Department
  • 2 + years direct hands on experience with security systems tool sets such as anti-virus, firewall configurations, intrusion detection, log detection/inspection, vulnerability management, patch management, identity & access management, privileged access management
  • 2 years of administration, implementation and troubleshooting skills encompassing baseline security control framework
  • Experience in creating security baselines / authorship of information security policies, procedures, standards and baselines
  • Experience in a regulatory or audit position focusing on PCI and SOX compliance for at least a year, using a risk-based approach would be advantageous, as well as experience with security hardening and creating security baselines for network equipment , servers, applications
  • Experience with standards such as ISO 27001/27002, NIST, COBIT, or other security frameworks

Education and Certifications

  • Bachelor's Degree, preferably in computer sciences, information systems or relevant experience
  • Preferred certifications: CompTIA, Security+, Certified Information Security Auditor (CISA)
  • Desired certifications: Amazon Security Engineer, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Payment Card Industry Professional (PCIP), Payment Card Industry Internal Security Assessor (PCI ISA)

Other Qualifications/Competencies

  • Strong analytical and problem solving skills for resolving security issues
  • Good organizational, project planning and prioritization skills to balance work and projects
  • Good interpersonal skills to interact with customers, team members and support personnel, as well as excellent written and verb al communication skills
  • Strong skills implementing and assessing the security posture of an organization based on company defined security controls and baselines
  • Ability to work in a team environment

SP+ is an equal opportunity employer committed in policy and practice to recruit, hire, train, and promote, in all job classifications, without regard to race, color, religion, sex, age, national origin, citizenship status, marital status, sexual orientation, veteran status, disability or other classes protected by federal or state law. SP+ does not tolerate harassment of or retaliation against any employee or applicant on the basis of these characteristics, or because the individual exercised his or her EEO rights.

 Apply on company website