SecurityRecruiter.com's Security Recruiter Blog

Tuesday, March 09, 2010

Global Critical Infrastructure, Nuclear Industry Security Jobs in our Pipeline

Late last week I share a significant conversation with a leader in a global security consulting firm. The reason this conversation was significant to me is that it is another discussion in an ongoing partnership dialogue that started with this company in Q4 2009 for SecurityRecruiter.com.

I can’t share too much about this confidential conversation but I do want to share that this partner does global high-level physical security consulting that includes enterprise risk management consulting, critical infrastructure security consulting and global nuclear industry security consulting.

What this means for SecurityRecruiter.com is that we hope to be moving in a direction with this partner that will bring nuclear industry security consulting opportunities to us and in turn to you on a global basis.

We anticipate having future critical infrastructure protection jobs in both the US and abroad. These roles will likely require high-level investigative physical security backgrounds that include experience in gathering intelligence around critical infrastructure security and energy industry security on a global basis. These roles will require the ability to gather intelligence as well as the ability to build physical security policies and procedures around nuclear industry requirements.

While I don’t have a timeline for when these searches may hit our desks at SecurityRecruiter.com, last week’s conversation represents a significant building block on the last discussion which took place in late December.

Critical Infrastructure Security Jobs, Nuclear Industry Secruity Jobs, Security Consulting Jobs, Security Recruiter Blog

Monday, March 08, 2010

Teamwork in Sports and Business

Hockey Begins
Just before Christmas (2009), I was talked into buying equipment to play hockey for the first time in my life. If I were a teenager, this would not be a big deal. However, taking on a sport like hockey for the first time above the age of 40 was and is a big deal.



Skating in Circles

I worked in an ice rink in college so I knew how to skate in a one direction circle. Let me tell you that my one direction skating experience did little to prepare me for playing hockey. Not to mention that I hadn’t been on skates with any consistency for many years.



Diving In
When I decide to do something new, I rarely dip a toe in the water. After buying all that equipment it seemed to me that in order to get return on my investment, I would need to play hockey more than one time per week.



The Journey Begins
Playing three times per week on three different teams was my answer. In the very first game of my new hockey career, I stepped onto the ice with a group of highly skilled intermediate players. The results were not pretty but I made it through the entire season with this team and very likely progressed more quickly than I would have if I hadn’t played with the highly skilled guys. In order to not have circles skated around me every time I stepped on the ice with this team, I had no choice but to be inquisitive and to learn the game quickly.



Simultaneously, I joined a novice hockey team. Though I had no idea what I was getting into and breaking into an established team from the outside is never fun, I just knew the novice experience would be easier on my body and my ego than the intermediate experience was. I was right.



Two teams weren’t enough. I found another novice league and ended up playing on Sunday nights, Tuesday nights and Thursday nights. The physical demands of such a schedule for a guy who has a daytime job were intense. Today, three months later, I’m so glad I went through the early pain because I’m really enjoying this game and the fitness benefits it is providing.



Sorry for the long story about how I got started but you needed to know that I’ve been the new guy in more ways than one on each of my teams.



The Intermediate Team
The intermediate team was a brand new team. While there were many talented players, this team failed to win a game. There was no coach and nobody to pull the weaker players aside (I was one) to give them pointers to shorten their learning curves. It was assumed that everybody knew how to play hockey and that teamwork would automatically occur. In many ways it did not.



The White Jersey Novice Team
My white jersey novice team was also brand new team. There is no coach. There is no team direction. Players frequently play out of position. Mostly because I don’t think they’ve ever been told how to play in position. Our lines don’t go onto the ice and come off the ice as a group. Individuals go in for individuals. As a center on a forward line, I constantly have different wings on my right and my left. There is no continuity. Some players on this team pass the puck, most however do not. There are several lone ranger players on this team who want to skate the puck from one net to the other to attempt to score. I say attempt because they rarely make it all the way to the opponent’s net and they very seldom score.



We’ve won one game but we’ve lost the other three very decisively. There isn’t a coach guiding the group as a team or working with players one-on-one to sharpen their individual skills or knowledge of the game. This team is frustrating to play on.



The Read Jersey Novice Team
My red jersey novice team has a coach. The coach determines who will play on each line we’ll put on the ice in any given game throughout the game. As players, we play with the same line all night long. The coach determines when a line needs to come off the ice and when a fresh line needs to go on the ice. The coach makes strategy adjustments throughout the game.



The coach gives pointers to the guys on the bench once he has seen what they do and don’t know while they’re on the ice. The coach objectively watches the action on the ice and the individual players who make up the team. The coach sizes up the other team and makes adjustments to our play based on what he sees that we can’t see when we’re on the ice and in the heat of competition.



This team wins with an average margin of 6-2 on any given Thursday night. This team has been my favorite team from the beginning. It really is a team.



My Hockey Experience Applies to Business
What does my hockey journey have to do with business you ask? Not much to the average person who has never played hockey but to me, my hockey journey has everything to do with business.



This current experience has taught and is continually teaching me how important it is to get the right players positioned to play the right positions and how important it is to have the right leader in place to lead the team.



The wrong players playing together on a team will not consistently produce positive accomplishments. A team that lacks a highly skilled leader will not consistently produce positive accomplishments. However, a team that is thoughtfully built and led by the right leader will produce positive outcomes far more frequently than it comes up short.

Security Recruiter Blog, SecurityRecruiter.com

Wednesday, March 03, 2010

Security Jobs: Information Security Jobs, Los Angeles and San Diego, CA

New Information Security Job Opportunites at SecurityRecruiter.com

In our SecurityRecruiter.com pipeline and soon to be written up are to similar information security jobs with brand name clients in both Los Angeles, CA and San Diego, CA.

Senior Security Engineer, Compliance, Monitoring, Fraud

The San Diego, CA security job is a Senior Security Engineer to work with security monitoring, security compliance and to build a fraud prevention and fraud detection program from the ground up. This client processes millions of dollars per year in on-line financial transactions.

The San Diego role will require a security professional who possesses deep UNIX / LINUX (Red Hat) background and a variety of other skills to include: PCI, EU Data Privacy, ISO 17799, ISO 27001, COBIT, Operating System Hardening, Firewalls, IDS, IPS, Patch Tools, Anti-Virus Tools, Encryption Tools, Data Leak Prevention (DLP), End Point Security Tools, Vulnerability Assessment skills, etc.

This role will accommodate relocation and will compensate in the $130,000+ range with potential of bonus.

Senior Information Security Manager, Monitoring and Fraud

This Los Angeles, CA security job is reserved for a highly polished information security manager who has maintained a very deep understanding of information security and fraud technologies. This security job represents the kind of difficult to fill search that lands on our desks at SecurityRecruiter.com.

A candidate’s business skills, verbal skills, written skills and people management are every bit as important as their technical infrastructure and information security skills. This person who takes on this role will be responsible for building a team of security engineers who will in turn build an on-line financial services fraud prevention and fraud detection system from scratch. This system will ultimately protect customer data as well as the brand, image and reputation of our client.

When Do These Jobs Arrive?

Both job descriptions are on my desk. Working out a contractual agreement with the San Diego organization will be easy as this is an established client. This contract could be signed in the next 24-48 hours.

The Los Angeles search is with a CISO whom I’ve known for several years. We’re working through contracts with the CISO’s HR group.

Security Recruiter Blog, Jeff Snyder, Fraud Monitoring Job, Fraud Prevention Job, Security Architect Job, Security Engineer Job, Security Manager Job

Tuesday, March 02, 2010

Security and Risk Management Consulting on the rise?

During a conversation with a prominent Enterprise Risk Management consultant yesterday, I learned that in the early part of 2009, his business lost a substantial amount of business as a result of projects being cancelled and as a result of his clients giving projects that were intended to be outsourced to internal employees to keep them employed.

Now, the ERM consultant sees the same companies that cancelled projects a year ago asking his firm to take on special projects that have been delayed but need to be addressed. In most cases, his clients do not have enough manpower on board due to (in his opinion) cutting too deeply into their full-time staff in 2009.

One are of growth the ERM consultant sees is in companies that need help to reposition security and enterprise risk management within their organization. They know what they need to do but they don’t know how to break down the silos that too frequently exist keeping departments from truly working together to achieve an enterprise risk management strategy.

This seasoned Enterprise Risk Management consultant’s perspective is that companies need to integrate people and processes in order to ultimately achieve an ERM strategy that delivers value.

Security Recruiter Blog

Thursday, February 25, 2010

Confessions of a Busy Resume Reader

Too Much Data

On a daily basis, my eyeballs look over 20+ resumes. Multiply the 20+ by 20 years and you get a big number. The size of the final number isn’t important but the point is that I see a significant number of resumes in any given week.

I don’t have time to read every resume that crosses my eyeballs so I’ll admit that before reading anyone’s resume, I scan. Call it a time management technique or call it a survival technique. I’m sure that I’m not the only person you’ll send a resume to who is overwhelmed with too much data.

I have a professional security resume writing business but that is not what this article is about. This intention of this article is to tell the resume sender how a busy resume reader actually reads a resume and how to make a resume scanner want to slow down to read your resume from top to bottom.

Make Your Resume Readable and Compelling

You’re probably thinking I’m going to tell you to load your resume with keywords, buzzwords and fluffy verbiage. If you’re thinking that way, you’re mostly wrong and partially right.

Resumes need to carry a significant number of keywords that relate to your specific skill set but don’t go overboard. Keywords alone don’t make a great resume.

Don’t load the top of your resume with fluff. Fluff is that material found in resumes that adds no value and simply makes it harder for the resume reader get to the meat. Resumes scanners don’t read fluff. They skip over the fluff and go straight to where they think accomplishments will be detailed.

Write your resume in an executive summary format that is easily readable and speaks clearly to your accomplishments.

Most Resumes Resemble a Job Description Turned Inside-Out

I didn’t come up with this idea but I do agree. Several years ago, a senior Human Resources executive client of mine pointed out that although I had delivered precisely to his expectations when he retained SecruityRecruiter.com to deliver on a Converged CSO role, but that every resume looked like a job description turned inside-out.

During a phone conversation, Mike began reading the bullets on the one of the resumes I presented. While he was happy with the candidate, I quickly learned that Mike looked at resumes through a microscope. This was the first time I’d delivered candidates to Mike.

He read a bullet and asked me if I though the bullet communicated any level of accomplishment. He read another bullet and asked the same question again. Mike was 100% correct in his assessment. While each bullet he read explained what the security job candidate was hired to do, none of the bullets explained what the security job candidate had actually done to earn their paycheck.

Later that day, I stopped and looked through Mike’s microscope (so to speak) at a dozen resumes owned by security professionals I believe to be some of the most talented security professionals in industry today.

Sure enough, Mike was right. Very seldom did even the best security job candidates deliver a resume that demonstrated accomplishments.

Paradigm Shift

I had been reading and frequently writing resumes for 18 years at the time when Mike opened my eyes. Mike’s detailed scrutiny of resumes caused me to change the way I look at resumes and the way I now write resumes.

Deliver Accomplishments in Your Resume

Every bullet in your resume should be a short story. In other words, stop thinking of a bullet as a short incomplete sentence. Instead, think of a bullet as a mini paragraph. The paragraph should display what you were hired to do, what you actually did and what value your work contributed to your employer.

Here is a bullet on a resume I recently received:

Established partnerships for alternative distribution channels
Could you envision a job description stating that in this role, you will establish partnerships for alternative distribution channels?

Turn this bullet into one that has a beginning, middle and an end. Turn it into a bullet that tells a story, a bullet that shows accomplishment and has meat to it.

Established partnerships tapping into alternative distribution channels. New distribution channels included IT service providers, information security professional services firms and industry trade associations. New partnerships generated $427,000 in additional bottom line revenue for 2009.
What Employers Seek In Security Job Candidates

Employers today are all challenged to get more work done through fewer people. This is true in the security profession and is true across the board in all facets of business.

Security professionals who can tie their activities to accomplishments that positively impacted the businesses ability to do business, rise above those who simply deliver to the job the job description they signed up for.

Write your resume in such a way as to tell the reader what you've accompished, what you've done to add to the bottom line of your employer, what you've done to mitigate risk and to make your current and past employers more secure because of your presence.

Don't hold back in delivering accomplishment in your resume because if you do, your resume may never crack open the door that leads to your next interview.

Jeff Snyder, Security Recruiter Blog

Tuesday, February 23, 2010

Integrity, Security, Risk go Hand-In-Hand….They do don’t they?

Cold and Flu Season

Someone recently asked why I haven’t been writing daily Monday through Friday blogs like I had been in recent months. The answer is complex but I’ll attempt to share it here.

I spent four hours in a car with someone on January 1, 2010. This person was sneezing, coughing and frequently blowing their nose. You probably already know where I’m headed. You can pretty much assume that I was sick in one way or another for all of January.

To this day, I’m still coughing. The moral of this story is pretty simple. Don’t ride in a car with the windows closed when your passenger is sneezing, coughing and blowing their nose.  This risk can be controlled to some extent.

Now For The Tough Part

The first  part of my story is pretty easy to understand. Here is where the story gets more challenging.

I’ve spent a significant amount of time in the early part of 2010 doing collections for the first time in my career.  I have a collections company in my Rolodex for the first time since starting my own business in 1994.

The daily thought process that comes from engaging in collections with unethical people is what I recall Zig Ziglar referring to as “Stinkin Thinkin”. It is a daily battle to focus on forward moving, positive business opportunities and to not get bogged down in “Stinkin Thinkin”. Some days I win this battle and some days I come up short.

Imagine if you’d delivered services to your employer and the employer randomly chose to not pay you for 1/3 of your year’s work. What would you do with such a situation?  I'm working through it for the first time so you'll have to wait until I have more experience with such matters before I'll share advice.
For the first time in two decades of recruiting, we have multiple clients who have consumed our security recruiting services but are now not paying according to the mutually agreed upon contract they signed before consuming our services.

The truth is that it is difficult to come up with forward-thinking, positive and educational blog topics when getting bogged down in dealing with white collar criminals and the things they do.

You think I’m being too harsh? Think again. Just over a week ago I learned that one of the clients who owes us money has been indicted for multiple counts of wire fraud connected to his previous software company.  He is in the security professional services business today.

In the AM hours of the day in which I read about the federal indictment, I told a recruiter friend that it seemed like I had been working with a number of white collar criminals who ought to be in prison. It puzzled me that they were providing security, risk and compliance services to other companies given the way they handle their business affairs.

An hour after our first conversation, this same recruiter friend called me back and asked if I had psychic skills. No, I certainly don’t but it sure seemed that way on that particular day.  He pointed me to the article mentioning the indictment 45 minutes after I told him I thought my client should be in jail.

So, in case you’re wondering who these white collar criminals are, they’re Founders, Presidents and CEOs of security consulting firms and security product companies.

No, not all Founders, Presidents and CEOs of these types of companies are doing shady business but I find it ironic that someone can sell security, risk management and compliance services to another company but then not pay their own bills according to the contracts they sign. Something is wrong with that picture don’t you think?

I know an indictment is not a conviction but I was only surprised for a brief moment when I found out that one of my clients had been indicted. My gut and personal experience working with this person told me that he should have already been invited to prison.

Looking Forward!

In recent weeks, we’ve been fortunate to pick up new security job searches in both the information security and physical security domains. We’re working with brand name companies whose security departments are led by people whom I believe by way of both personal experience and reputation to be upstanding, honest and ethical people.

My Promise To Security Job Candidates

The shady Founders, Presidents and CEOs will continue to surface in our universe but my word to every candidate we serve:
  • We’ll do everything in our power to only represent security job opportunities that are connected to law abiding, ethical and professional people.
  • We’ll represent the positions we have on our desks in a way that is open, transparent and straight-forward.
  • We'll call it like it is and won't candy coat anything. 
  • We’ll do our best to assist security professionals in making outstanding security career decisions, security training decisions, security education decisions and security certification decisions.
Your security professional peers have frequenlty commented on how we do business at SecurityRecruiter.com.  Consider what others have to say about our business practices rather than taking my word for it.  Security Recruiting Testimonials


Monday, February 22, 2010

Recruiting Application Security C++ Java Customer Acct Mgmt, Top Secret Clearance Full Scope Polly, Northern Virginia, Close to Mid $100s

Security Jobs: Northern VA, Appliction Security Job, Top Secret w/ Full Scope Poly

Technical Account Manager, Application Security, C, ++, Java


This role is a Technical Account Manager for a security services company in Northern Virginia. The role is reserved for an application security professional who possesses 10-15 total years of experience.

In 2009, this company nearly tripled its revenues. The Technical Account Manager will have experience developing web applications. The candidate will work on the customer site and will provide technical support for application security.

Specific Responsibilities:

• Oversee and manage resources while providing customer support and issue resolution.
• Review systems to meet acceptable delivery metrics as defined by service-level agreements.
• Determine patterns and scan accuracy and provide feedback
• Interact with customers to further refine processes

Requirements:

• Demonstrate 5 + years experience in QA / software engineering, customer support, services or sales engineering in a software product or services company.
• Demonstrate strong customer interaction and customer service skills including the ability to communicate solutions to customers.
• Demonstrate experience interfacing with and supporting a sales team.
• Demonstrate technical aptitude and knowledge that includes C / C++, Java, Secure Coding Practices, Identifying and Remediating Vulnerabilities
MUST HAVE ACTIVE SECURITY CLEARANCE (Top Secret / SCI Full Scope Poly)
• BS in Computer Science or related discipline.

Compensation in the $140,000+ range
Location: Northern Virginia
Relocation: No
Type: Full Time

Security Clearence Job, Virginia Security Job, DC Security Job, Security Recruiter Blog, Security Job with Clearence, Application Secruity Jobs

Friday, February 19, 2010

Computer Back-Up, How To

After losing a hard drive a few months back, I learned a little bit about backups.  Fortunately, I didn't have to learn alone.  I'm fortunate to know really smart security professionals.  A couple of them were kind enough to help me get back up and running and to share their thoughts regarding an inexpensive and stronger back-up system than I previously had in place.

Back-up suggestions from Matt Parsons an information security consultant.

The hard drive on my computer just crashed yesterday and I was really glad that I did two things. The first thing I did was create a baseline image of my hard drive in July of 2009 with software called Acronis.  The software for home users cost $200 dollars. I am not a spoke person for any of these companies and I am not getting royalties for plugging their products.

This baseline hard drive was clean and had most of the software I use to conduct daily business. This was a full sector by sector backup. The 320 gig laptop hard drive that I bought cost me $200 dollars.

I then used an online incremental daily back up service for all of my data. This cost me around ten dollars a month for a 150 gigs of online encrypted space.

I was a little nervous about the recovery but it was successful and almost seamless. It only took approximately an hour to be back and running fully. All I had to do was remove the bad hard drive with a screw driver and replace it with the backup hard drive and turn the computer on and cross my fingers.

I then logged on with my user name and password to my backup account and recovered the files that I needed. No files where lost because the last full backup was the night before my hard drive crashed.

If any of you have had a hard drive crash and did not back it up how long would you be out of business? If I couldn’t recover this data this would have cost me a few thousand dollars and a pit at the bottom of my stomach. The spare hard drives that had ghost images of my computer on it, definitely had the right return on investment for this problem and situation. Hard drives crashing is not a matter of if, but rather when. I think the total cost of this backup solution was $600 dollars.

I recommend that anyone that does business have a ghost image of their baseline hard drive to hot swap in case of an emergency and an online incremental backup solution like Idrive or Carbonite.

SecurityRecruiter.com, Security Recruiter Blog

Thursday, February 18, 2010

Digital Risk Management, Certificate Program

A February 18 story in The Washington Post suggests that more than 75,000 computer systems at nearly 2500 companies in the United States and around the world have been hacked in what appears to be the largest and most sophisticated cyber attacks by cyber criminals discovered to date.  Click on Washington Post to see the full article if you're interested. 

Digital Risk Management Education

On February 17, 2010, we launched a new page under the Secruity Education section of the SecurityRecruiter.com website offering cutting-edge Digital Risk Management training provided by one of our trusted security and risk management education partners.  How is that for timing?

From our partners at the Technolytics Institute:

"Most organizations rely on digital technology for over 98% of their communication and record keeping. The scope of Digital Risk Man- agement has been hotly debated in many board rooms in the last few years. We believe that Enterprise Risk Management can be defined as a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives."

DIGITAL RISK MANAGEMENT TRAINING MODULES INCLUDE:

1. Corporate Espionage

2. Digital Spying
3. Digital Footprints
4. Social Engineering
5. Computer Crime
6. Information Warfare
7. Computer Hacking
8. Critical Infrastructure Protection
9. Technology Warfare
10. Cyber Terrorism
11. Transient Electro-Magnetic Devices
12. Insider Threats
13. eCrime
14. eDiscovery


Come visit the Digital Risk Management page on SecurityRecruiter.com to learn more about this cutting-edge, timely and forward-thinking educational opportunity.

When employers engage SecurityRecruiter.com to recruit and deliver industry-leading security talent, security professionals who have made themselves stand out from their peers in terms of on-going education, certification and training are the ones who get interviews.

Jeff Snyder, Security Recruiter Blog, Digital Risk Management Training, Digital Risk Management Education, Digital Risk Management Certification, Digital Risk Management Certificate

Tuesday, February 09, 2010

Recruiting a combination of OFAC, FCPA, EU Data Privacy, BE, SDN Compliance skills, Director Level www.securityrecruiter.com

Monday, February 08, 2010

Short-term IT security policy creation consultant job working with ISO standards. Work remotely in the US. www.securityrecruiter.com

Friday, February 05, 2010

A partner needs Mortgage Loan Auditors / Dallas for 1 yr contracts requiring 7-10yrs appraisal review / Fannie Mae guidelines, no relo, www.securityrecruiter.com

Security Jobs: Director of Security, Global Security Policies, Procedures & Compliance

SecurityRecruiter.com has been engaged to identify and recruit a Director of Security for an international company that is challenged to abide by compliance regulations across many country borders. The Security Director will develop security policies and procedures, monitoring practices and mechanisms to mitigate corporate risk while safeguarding corporate assets and the personal safety of employees.

Specific Job Duties Include:

• Monitoring governmental databases to identify individuals who are identified by the US government as Blocked Entities (BE), Specially Designated Nationals (SDN) and lists of excluded personal maintained by HHS and OIG.
• Develop, implement, interpret and manage background checks on potential employees, vendors, subcontractors and clients as required to comply with foreign and US Law. These laws include but are not limited to OFAC, Patriot Act, ITAR / Export Control and FCPA).
• Liaise with domestic and international law enforcement and regulatory agencies as required.
• Support risk analysis of current or new international business opportunities and due diligence of acquisition targets with foreign operations.
• Advise International Travel function by developing and implementing policies for personal safety for international travelers and identifying countries in which business activities may be prohibited by law or in which employees may be at risk. Maintain an internal database of legal prohibitions affecting travel and business activities.
• Support IT by developing, implementing and managing compliance with world-wide requirements regarding the safety, security and transport of electronic data and electronic equipment including EU data privacy.
• Develop, implement, interpret and manage policies to safeguard corporate assets such as electronic data and technology subject to stringent regulations as required by various worldwide laws.
• Support investigations of potential or actual violations of company privacy / security violations or breaches.
• Coordinate physical access controls at company facilities around the globe.

Candidates who are local to Chicago, IL are strongly preferred. However, candidates who do not live in Chicago but who meet the requirements as shown below will be considered. Chicago based candidates can expect travel in the 20% range. Candidates who live outside Chicago should expect a higher percentage of travel.

Job Requirements:

A BA/BS is required and education at the Masters level is appreciated. Candidates will likely have early career experience with a federal (FBI, Secret Service, Department of State), state or local law enforcement agency and will have a significant 5-15+ year background in Corporate Security where their experience was international in nature. Experience with a global Fortune 500 company is highly preferred. Candidates who lack corporate security experience will not be considered.

Required Experience:

• Significant International experience
• Experience with FCPA (Foreign Corrupt Practices Act) regulations
• Extensive experience conducting international OFAC checks and investigations
• Significant experience in creating security compliance policies and procedures and administering such regulations globally.
• Experience in presenting training programs on security topics and in developing security / compliance training materials.
• Experience in developing, managing and implementing budgets.
• Outstanding verbal and written communication skills

IL-Chicago, Other locations considered
$140,000 - $155,000+ Base, Bonus
Bachelor Degree Required, Masters Preferred

Security Recruiter Blog, Security Compliance Job, Converged Security Job, Physical Security Job, Corporate Security Job, Chicago Security Job, Security Director Job, International Security Job, Global Security Job

Thursday, February 04, 2010

Security Jobs: Physical Security Supervisors, New Haven, CT

Security Supervisors
(Physical Security Job)
 
Yale University
Location: New Haven, CT
Type: Full Time

Yale University offers exciting opportunities for achievement and growth in New Haven, Connecticut. Conveniently located between Boston and New York, New Haven is the creative capital of Connecticut with cultural resources that include three major museums, a critically-acclaimed repertory theater, state-of-the-art concert hall, and world-renowned schools of Architecture, Art, Drama, Medicine, and Music.

General Purpose:

Plan, direct, coordinate and supervise a team of security officers in a 24/7 operation with flexible schedules that will be determined based upon operational needs. Ensure customers receive a high level of service. Interact with customers to provide information in response to inquiries about services and to handle and resolve complaints. Assist in the development of security management programs, administrative policies and procedures and security training. Manage projects as assigned.


Position Description:

• Supervise the activities on a specific shift. Conduct personnel inspections. Issue instructions, orders and direction to the security officers. Schedule regular assignments and make changes according to operational needs. Deploy security officers as needed. Provide training and development as needed.
• Assist with the development and implementation of detailed post orders.
• Make daily operating decisions, referring extraordinary problems or situations to a higher authority.
• Plan, assign and evaluate the work of security personnel. Evaluate work standards and methods to ensure efficiency.
• Select, orient, train, assign, schedule, coach, counsel and discipline staff members.
• Prepare incident reports and take recommended appropriate follow up actions. Assist the department's administrators in the analyzing of statistical data.
• Implement security/safety improvements that benefit the University's community as directed by director and assistant director for guard operations.
• Assist in the development and implementation of short- and long-range security action plans, including staffing requirements and equipment needs.
• Prepare status reports of projects and weekly activities and evaluate personnel performance.
• Demonstrate continuous effort to improve operations, streamline work processes, and work cooperatively and jointly with department administration and clients to provide quality seamless customer service.

Qualifications:

• Bachelor's Degree in a related field and three years of related experience or the equivalent combination of education and experience; supervisory experience.
• Exceptional interpersonal and leadership skills.
• Able to make sound decisions and respond quickly in emergency situations.
• Ability to perform a broad range of supervisory responsibilities over others.
• Able to interpret customer needs and provide solutions while adhering to federal, state and University regulation, policies and procedures.
• Excellent oral, written and organizational skills.
• Excellent computer skills.
• Possess and maintain a valid driver's license.

Application: For more information and immediate consideration, please apply online. The STARS req IDs for these positions are 9006BR, 9007BR, 9008BR, 9012BR, 9014BR, 9015BR, 9016BR, 9017 BR, 9018BR, 9019BR, 9028BR .
 
Please be sure to reference source code ISAFE when applying for each of these positions.
 
We invite you to discover the excitement, diversity, rewards and excellence of a career at Yale University. One of the country's great workplaces, Yale University offers exciting opportunities for meaningful accomplishment and true growth. Our benefits package is among the best anywhere, with a wide variety of insurance choices, liberal paid time off, fantastic family and educational benefits, a variety of retirement benefits, extensive recreational facilities, and much more.

Yale University is an affirmative action/equal opportunity employer. Yale values diversity in its faculty, staff, and students and strongly encourages applications from women and members of underrepresented minority groups.

SecurityRecruiter.com, Security Recruiter Blog, Physical Security Jobs, University Security Jobs, Security Management Jobs, Supervisory Security Jobs, Corporate Security Job, Connectricut Security Jobs, New Haven Security Jobs

Tuesday, February 02, 2010

Security Jobs: Director of Security (International Compliance)

In the past I’ve been asked why most of the jobs on SecurityRecruiter.com’s Security Job page are information security jobs or cyber security jobs. The answer is simple. Supply and Demand!

We'd like to have more high-level physical security jobs, corporate security jobs, risk management jobs and compliance jobs.  When our phones ring and a company in need is on the other end, more often than not, they've been challenged to find highly specialized information security talent.  We're working to get all kinds of security jobs to share with you but we have to go where supply and demand takes us.

Today I’ll be writing up a new search that is part information security, part physical security but mostly international regulatory compliance, security policies and security procedures. The role reports to the Chief Compliance Officer of a $650M company and comes in at the Director level.
 
This role is not purely IT Security or purely physical security. It contains elements of both but is primarily a role to align a global company’s risk management, security policies and security procedures with the various compliance regulations that exist across the globe.

This role, like many roles we’re fortunate to work on at SecurityRecruiter.com is a newly created position required as a result of different compliance regulations being created in different parts of the world.

Companies that operate in different countries have complex rules and regulations to understand. Understanding regulations is not enough though. 

This Director of Security will be responsible for building policies and procedures and also for building a training delivery mechanism to ensure that employees of this company around the globe understand how to operate in their unique host nations.

Jeff Snyder, Security Recruiter Blog, Security Compliance Job, International Security Job, Global Security Job, Converged Security Job

Friday, January 29, 2010

Building Relationships with Highly Specialized Recruiters - Proactively

Building Relationships with Highly Specialized Recruiters - Proactively



Article by Jeff Snyder



You buy insurance before you have an accident. You choose a primary doctor when you initiate new health insurance coverage. You identify a dentist before you need a root canal. Isn’t your career important enough to you to proactively identify and promote yourself to recruiters who specialize in recruiting in your skill discipline? Consider making a project out of identifying, approaching and building relationships with recruiters who specialize in recruiting your skill set before your boat is taking on water and sinking. Connect with specialized recruiters before you need them.

In this second part of Jeff Snyder’s Technical Support Magazine series, he discusses a few more useful career development tips.

Identifying specialized recruiters is not difficult





“Headhunters” who specialize in recruiting skills such as Information Security, Disaster Recovery and Business Continuity are not difficult to find. We refer to these recruiters as “specialized” in this article because they are focused in their respective disciplines and don’t generally dabble beyond their areas of specialization. Because of this fact, many different ways exist to identify them.  For example, you’ll find specialized recruiters through business and social networks such as LinkedIn, in directories of specialized recruiters on-line and through search engines. Don’t forget to ask your peers who they know of who is specialized in recruiting your particular set of skills. Once you have found one, which is again the easy part, here are some ways to manage your relationship with them:

Understand what a specialized recruiter’s Corporate clients expect from them



Specialized recruiters are hired by companies that want the industry’s top talent. When a specialized recruiter takes on a search, the parameters of the search are generally very tight and the bar of expectation on the hiring manager’s side of the desk sits very high. Employers who are paying a search fee to a specialized recruiter set higher expectations than employers who fill their own jobs without the help of specialized outside recruiters.  You have to make yourself stand out from the crowd and, you have to be at the top of your profession for a highly specialized recruiter to be able to place you with one of their clients.


Approach a specialized recruiter with a well thought-out plan



Before you reach out to a specialized recruiter to make yourself known, think through your objectives. If you’re going to use email to make a first impression, take the time to write a carefully developed cover letter. Your cover letter should be written in executive summary format. It should be spell and grammar checked. A well-written cover letter will provide compelling enough information in bite-sized portions to make the recipient of the cover letter want to read your attached resume. If you choose to use the phone to make your first introduction, speak clearly, make the purpose of your call easy to understand, spell your name and repeat your phone number slowly and more than one time. Make your first impression one that will cause the specialized recruiter to want to call you back.

Get to know specialized recruiters before you need them


Companies that have highly strategic positions to fill frequently call on specialized recruiters. Looked at from a different point of view, one could say that specialized recruiters often sit on some of the most sought-after and compelling positions in industry. Think of these positions as career building positions that aren’t always advertised and frequently fly under the radar screen. Who lands in these highly sought-after positions? The first professionals to receive calls from specialized recruiters are professionals who have proactively built relationships with highly specialized recruiters at times when the professional isn’t in need of a new job.


Position yourself for well-thought-out career moves

Build relationship with recruiters who specialize in recruiting your skill set and your phone could ring unexpectedly to discuss just the right career move that you weren’t looking for but you might be ready to pursue. Highly specialized recruiters can frequently be your bridge to better opportunity.
 
Jeff Snyder is the President of SecurityRecruiter.com, a search firm highly specialized in information security recruiting. Jeff’s recruiting career started in 1990 in the general IT recruiting space.  His first information security recruiting assignment landed on his desk in the 1995 - 1996 timeframe. SecurityRecruiter.com provides full-time and contract recruiting services, job placement services and professional security resume writing services and is a gateway to various kinds of security education, security certifications and security training opportunities.


Reprinted from NaSPA Technical Support Magazine, 12/09

Thursday, January 28, 2010

Security Jobs: 1099 Web Application Security Consultants, Java Enterprise Background

Web Application Security Consultant, Java


Telecommute, Work from Home, Travel 20-30%

SecurityRecruiter.com’s partner has developed a strong track record of delivering web application security consulting services to its clients in the banking and financial services industries. As a result of delivering exceptional service, they’ve been invited to provide additional services and the team needs to grow.

We’re seeking 1099 lead consultants to lead and participate in delivering web application security consulting services. Our client’s team is made up of highly seasoned software engineering professionals who have 20-30+ years of total experience. Much of that experience includes building large Java enterprise applications.

This team has created a delivery track record that causes clients to invite them back for add-on projects. In this role, a consultant will perform application security assessments through both on-site and off-site engagements. The consultant will lead small review teams and will consult on threats and mitigation approaches.

Most work will be done in a work from home or telecommute fashion. Expect travel in the 20-30% range. When travel occurs, it will happen on weekdays. Consultants will be home on weekends.

Possible work sites:
• Charlotte and Winston-Salem, NC
• Minneapolis, MN
• Philadelphia, PA
• San Francisco, CA

Required Background:

A BS in math, computer science or engineering discipline is preferred. Education at the Masters level is appreciated. Certifications to include the CISSP, CSSLP, EC-Council E|CSP and/or SANS, GIAC Secure Software Programmer - Java (GSSP-JAVA) are highly appreciated.

A consultant must demonstrate the following:

• Deep understanding of web application security threats, risk models and tools.
• Experience with static analysis with Fortify (preferred) or IBM Ounce Labs tools.
• Dynamic analysis, manual source code review, architectural review.
• Deep technical background that includes Java enterprise application technology.
• Strong customer presentation and communication skills.
• Experience leading small technical teams and managing projects.
• Background in helping clients to build security into their software development processes.

The consultant must be able to read and understand Java code, APIs and architecture (JSP, Servlet, EJB, Hibernate, Struts, Ant, etc.). A prior Java programming background is strongly preferred.

Desired Skills

A background that includes Microsoft application technology is appreciated (.NET, classic VB and ASP). Technical project management / team leadership experience is required.

Web Application Security Job, Security Consulting Job, Application Security Consulting Job, Jeff Snyder, SecurityRecruiter.com, Security Recruiter Blog

Wednesday, January 27, 2010

Discount Tire: They’ll Keep Getting My Business, A Customer Service Story


The past couple of weeks have been tough ones with personal illness, illness in my home and illness all around me ushering in the new year. It has been difficult to come up with blogs since I’ve been on the phone less than normal. It is compelling conversations with security executives and those who hire security professionals that stimulates most of my blog ideas.



I’ll have more security related topics to share in the very-near-future but an experience I’ve had over the past few days is one I feel highly compelled to share. This story has nothing to do with security but it has everything to do with business and a customer service I’d had that is seldom found in businesses today.


For the past 10 years, I’ve been a Discount Tire customer. I’ve found the Discount Tire personnel in Colorado Springs to be outstanding every time I’ve walked into their place of business.


Whether they’re advising me on a new set of tires or simply taking a nail out of a tire so I can get rolling again, these guys have provided great service.


Over the weekend, my Yukon had to be pushed out of a flat parking lot that had over 3 feet of fresh snow. A Yukon is a pretty heavy vehicle. With good tires, it shouldn’t get stuck and never has before.


After getting pushed out, the next time we stopped, we took a look at the tires. I had just replaced the tires 22,500 miles back and the Goodyear Fortera tire I spent a lot of money on had a 70,000 mile warranty. Other than adding air, there was no reason to study these tires.


How wrong I was. When we looked closely at the tires, they were worn down to the replacement line. How could this be, a 70,000 mile tire with only 22,500 miles of wear and they were already worn out? When we got home, I took the Yukon to Discount Tire where we originally purchased the tires. They agreed that my tires were shot and we needed new tires.


Discount Tires does not manufacture Goodyear tires. I know that. However, I purchased the Goodyear Fortera tires after following the advice of the guys at Discount Tires. They didn’t know that this tire would be the worst tire one could possibly put on their SUV or Truck but it has most certainly performed that way. I’ll never buy Goodyear products again.


So I’d gotten 2/5 of the wear we were expecting from our expensive tires. It wasn’t Discount Tire’s fault but Goodyear should be ashamed.


I sat down with the Discount Tire store manager and had a discussion about how I felt entirely ripped off. He agreed. We calmly discussed how Discount Tire should deal with Goodyear and we also discussed what would be fair for me since I was facing an $800.00+ tire bill that we weren’t expecting to pay again for another 3-4 years.


Jason, the 8th Street Colorado Springs Discount Tire store manager should be commended. He worked out an arrangement for me to acquire a set of new and hopefully better tires for my vehicle that is predominately driven at high altitude and in harsh winter driving conditions.


Jason went out of his way to make sure that I would continue to be a Discount Tire customer. There are a number of tire stores that are much closer to my home than the Discount Tire store that is 18 miles away. Jason dealt with my dilemma in a highly professional and customer-focused manner. Jason gave me multiple reasons to continue going out of my way to give my business not only to Discount Tire but to his store in particular.


It is rare to find a retailer that stands behind its products and services the way Jason stood up for Discount Tire and for me as a long-term customer. Jason took a bad situation and made it positive and I wanted to let others know.

Jeff Snyder, SecurityRecruiter.com, Security Recruiter Blog


*Images from Discount Tire Website