Purpose of the Position:
The position’s primary responsibility is the overall development, implementation, and
enforcement of Information Security Architecture at CDW. Applies expert knowledge and skills
to secure and defend CDW’s network infrastructure. Responsible for team development and
technical leadership of a department that supports Information Security throughout CDW.
Interfaces with all CDW IT-related departments and functions.
Maintains technical architecture documentation for CDW’s information systems security
Develops and maintains security policies, practices, and guidelines.
Implements security awareness programs, to ensure the end user community understands and
adheres to security best practices.
Evaluates and pilots new security hardware and software.
Reviews emerging security threats (exploits, viruses, worms) with regard to protecting CDW’s
Performs risk assessments and vulnerability scanning of network infrastructure to ensure
perimeter defenses are effective.
Audits software and firmware patch levels across the CDW infrastructure.
Oversees the effective response to network security incidents.
Oversees and/or performs forensic investigations as required by circumstances.
Creates tools to automate security processes and procedures.
Participates in business continuance planning for infrastructure.
In collaboration with E-Commerce, ensures the protection of CDW’s web presence and
transactions across the Internet/intranet.
In collaboration with the Network team, advises on the application of Internet firewall and
intrusion detection/prevention technologies to maintain overall network security.
Coordinates with IT Help Desk to answer security-related questions.
Bachelor’s degree in computer science or related field or equivalent experience required;
Master’s degree in information technology preferred.
Comprehensive knowledge of TCP/IP protocol suite.
Comprehensive knowledge of information security best practices; industry certifications such
as CISSP, SANS/GIAC, Cisco CCSP are preferred.
Thorough knowledge of Microsoft Windows 2000/2003, and Microsoft IIS required.
Knowledge of as many of the following as possible: Intrusion Detection/ Prevention,
firewalls, VPNs, penetration testing, incident handling, awareness training, forensics,
application security, wireless security, host-based security.
Ability to exercise good judgment when troubleshooting telecommunications and server related
Ability to communicate to all levels of coworkers, managers, and executives.
Strong attention to detail. Leadership and project management skills are a plus.