Job Description
ABOUT US
For over 40 years, 24 Hour Fitness has been a leader in the industry, driven by our mission to help our community live healthier and happier through the transformative power of fitness. With clubs nationwide, we create inclusive, welcoming spaces equipped with premium strength and cardio equipment, studio classes, and innovative digital tools. Our impact goes beyond the gym--we support our members' total well-being through coaching, connection, and community. Join us and be part of a team that's changing lives every day!
The Information Assurance Security Administrator is responsible for collaborating with the information assurance team to demonstrate and achieve the 24 Hour Fitness-wide Information Assurance product goal, along with metric based reporting for security implementation and compliance. This position performs system analysis techniques and procedures, including collaborating with team members, to determine hardware, software or system security specifications. This position documents, analyzes, and creates testing or modification of security systems or programs in accordance with user and/or system design specifications. This position develops methodologies to track interdependencies of critical assets with entities outside the organization and inventorying and classifying critical assets (data, hardware, and software). This position monitors an organizational security architecture plan and performs end-to-end IT security assessments and ensures discrepancies are corrected. This position administers organization level monitoring systems, and performs manual cyber-security threat discovery (i.e., threat hunting) to identify, prevent and potentially remediate cyber-security threats to the organization.
ESSENTIAL DUTIES & RESPONSIBILITIES
Policies and Procedures
- Collaborate with the Information Assurance team to produce documentation that demonstrate and/or supports the information assurance product goal using existing internal documentation, industry standards, state and federal government legislation (e.g. CIS CSC 18, NIST CSF, PCI, CCPA, etc.).
- Collaborate with the Information Assurance team to develop and maintain IT Security Systems and Infrastructure Security.
- Collaborate with the Information Assurance team to develop and maintain the enterprise-wide threat model.
- Review and maintain internal security policies and procedures.
Compliance and Enforcement
- Collaborate with the Information Assurance team to update and maintain organizational PCI compliance documentation.
- Perform, assist with, and document investigations of internal policy infractions.
- Collaborate with the Information Assurance team to identify and document cyber-security risks and develop cyber-security risk mitigation plans.
Infrastructure Support and Initiatives
- Implement and maintain IT Security Architecture documentation.
- Collaborate with the Information Assurance team to develop methodology to track interdependencies of critical assets with entities outside the primary organization.
- Research, develop, document, and implement tracking and inventory methodologies for maintaining inventory of critical assets (hardware and software).
Audit and Assessment
- Assist with internal and external assessments of 24 Hour Fitness's IT Security posture.
- Perform internal auditing procedures of organizational level IT controls and policy compliance.
- Design, implement, document, and evaluate computer security programs.
Incident Response
- Participate as a member of the Computer Security Incident Response Team (CSIRT).
- Proactively search for and identify cyber-security threats to the 24 Hour Fitness enterprise.
Security Training and Awareness
- Produce end user documentation and security awareness training materials.
- Provide in-person security awareness training.
Other duties as assigned by manager.
ORGANIZATION RELATIONSHIPS
The Information Assurance Security Administrator reports to the Information Assurance Manager. Assists with audits and investigations as directed. Participates in Information Assurance Scrum Team events as required.
REQUIRED QUALIFICATIONS
Knowledge, Skills & Abilities
- Experience working with CIS CSC 18 computer security programs.
- Familiar with Payment Card Industry (PCI) standards and assessment process.
- Experience with network and host-based intrusion detection and prevention.
- Understanding and familiarity with computer forensic analysis tools and methodologies.
- Proficient in Firewall, UNIX, Microsoft Systems, and Application security and auditing.
- Experience with writing computer security policy documentation.
- Strong verbal and written communication skills.
Minimum Educational Level/Certifications
- Associate's degree in related field, or relevant professional experience.
- Security+ or equivalent entry-level certification.
Minimum Work Experience and Qualifications
- 1+ years experience in a related field.
Physical Demands/ Environmental Conditions
- Normal day-to-day business operations including using a keyboard, walking, bending and reaching.
Travel Requirement
- Travel is not routine but may be required.
PREFERRED QUALIFICATIONS
Knowledge, Skills & Abilities
- Proficiency in Python.
- Familiarity with penetration testing techniques and tools.
- Familiarity with Agile values and principles.
- Familiarity with the Scrum pillars as well as Scrum values and principles.
- Experience with auditing and gathering evidence in support of audit findings.
- Experience writing reports of findings related to audits and tests.
Educational Level/Certifications
- CASP and/or SANS GIAC certification is strongly desired. If the candidate does not possess the CASP certification upon being hired, the candidate will be required to obtain the certification within one calendar year of being hired.
Work Experience and Qualification
- Previous experience in either a publicly traded company, or government entity.
- Experience with vulnerability scanning.
- Exposure to software security testing.
- Understanding of application and system logging and analysis.
Disclaimers
DISCLAIMER: The above statements are intended to describe the general nature and level of work being performed by incumbents assigned to this job. This is not intended to be an exhaustive list of all the responsibilities, duties and skills required. The incumbent may be expected to perform other duties as assigned. This job may be reviewed as duties and responsibilities change with business necessity.
COMPLIANCE & INTEGRITY: Consistently supports compliance and Workplace Conduct by maintaining the privacy and confidentiality of information, protecting the assets of the organization, acting with ethics and integrity, reporting non-compliance, and adhering to applicable federal, state and local laws and regulations, accreditation and licensure requirements (if applicable), and 24 Hour Fitness' policies and procedures.
All Directors, Managers and Supervisors are accountable for communication, implementation, enforcement, monitoring and oversight of compliance policies and practices in their departments.
SERVICE & QUALITY: In addition to defined technical requirements, accountable for consistently demonstrating service behaviors and principles defined by 24 Hour Fitness as well as specific departmental/organizational initiatives. Also accountable for consistently demonstrating the knowledge, skills, abilities, and behaviors necessary to provide superior and culturally sensitive service to member and team members, contracted providers and vendors.
WORKPLACE SAFETY: In addition to defined working conditions and physical requirements, employees are accountable for working safely; following established policies & procedures; and reporting all injuries and hazards to their supervisor immediately.
Supervisors and Managers are accountable for ensuring the safety performance of employees; applying consistent practices in compliance with federal, state and local regulations; providing guidance to maintain a safe and healthy work environment.
Qualifications
REQUIRED QUALIFICATIONS
Knowledge, Skills & Abilities
- Experience working with CIS CSC 18 computer security programs.
- Familiar with Payment Card Industry (PCI) standards and assessment process.
- Experience with network and host-based intrusion detection and prevention.
- Understanding and familiarity with computer forensic analysis tools and methodologies.
- Proficient in Firewall, UNIX, Microsoft Systems, and Application security and auditing.
- Experience with writing computer security policy documentation.
- Strong verbal and written communication skills.
Minimum Educational Level/Certifications
- Associate's degree in related field, or relevant professional experience.
- Security+ or equivalent entry-level certification.
Minimum Work Experience and Qualifications
- 1+ years experience in a related field.
Physical Demands/ Environmental Conditions
- Normal day-to-day business operations including using a keyboard, walking, bending and reaching.
Travel Requirement
- Travel is not routine but may be required.
PREFERRED QUALIFICATIONS
Knowledge, Skills & Abilities
- Proficiency in Python.
- Familiarity with penetration testing techniques and tools.
- Familiarity with Agile values and principles.
- Familiarity with the Scrum pillars as well as Scrum values and principles.
- Experience with auditing and gathering evidence in support of audit findings.
- Experience writing reports of findings related to audits and tests.
Educational Level/Certifications
- CASP and/or SANS GIAC certification is strongly desired. If the candidate does not possess the CASP certification upon being hired, the candidate will be required to obtain the certification within one calendar year of being hired.
Work Experience and Qualification
- Previous experience in either a publicly traded company, or government entity.
- Experience with vulnerability scanning.
- Exposure to software security testing.
- Understanding of application and system logging and analysis.
