Information Assurance Security Administrator

The Information Assurance Security Administrator is responsible for collaborating with the information assurance team to demonstrate and achieve the 24 Hour Fitness-wide Information Assurance product goal, along with metric based reporting for security implementation and compliance. This position performs system analysis techniques and procedures, including collaborating with team members, to determine hardware, software or system security specifications. This position documents, analyzes, and creates testing or modification of security systems or programs in accordance with user and/or system design specifications. This position develops methodologies to track interdependencies of critical assets with entities outside the organization and inventorying and classifying critical assets (data, hardware, and software). This position monitors an organizational security architecture plan and performs end-to-end IT security assessments and ensures discrepancies are corrected. This position administers organization level monitoring systems, and performs manual cyber-security threat discovery (i.e., threat hunting) to identify, prevent and potentially remediate cyber-security threats to the organization., Policies and Procedures

• Collaborate with the Information Assurance team to produce documentation that demonstrate and/or supports the information assurance product goal using existing internal documentation, industry standards, state and federal government legislation (e.g. CIS CSC 18, NIST CSF, PCI, CCPA, etc.).

• Collaborate with the Information Assurance team to develop and maintain IT Security Systems and Infrastructure Security.

• Collaborate with the Information Assurance team to develop and maintain the enterprise-wide threat model.

• Review and maintain internal security policies and procedures.

Compliance and Enforcement

• Collaborate with the Information Assurance team to update and maintain organizational PCI compliance documentation.

• Perform, assist with, and document investigations of internal policy infractions.

• Collaborate with the Information Assurance team to identify and document cyber-security risks and develop cyber-security risk mitigation plans.

Infrastructure Support and Initiatives

• Implement and maintain IT Security Architecture documentation.

• Collaborate with the Information Assurance team to develop methodology to track interdependencies of critical assets with entities outside the primary organization.

• Research, develop, document, and implement tracking and inventory methodologies for maintaining inventory of critical assets (hardware and software).

Audit and Assessment

• Assist with internal and external assessments of 24 Hour Fitness's IT Security posture.

• Perform internal auditing procedures of organizational level IT controls and policy compliance.

• Design, implement, document, and evaluate computer security programs.

Incident Response

• Participate as a member of the Computer Security Incident Response Team (CSIRT).

• Proactively search for and identify cyber-security threats to the 24 Hour Fitness enterprise.

Security Training and Awareness

• Produce end user documentation and security awareness training materials.

• Provide in-person security awareness training.

Other duties as assigned by manager., The Information Assurance Security Administrator reports to the Information Assurance Manager. Assists with audits and investigations as directed. Participates in Information Assurance Scrum Team events as required., DISCLAIMER: The above statements are intended to describe the general nature and level of work being performed by incumbents assigned to this job. This is not intended to be an exhaustive list of all the responsibilities, duties and skills required. The incumbent may be expected to perform other duties as assigned. This job may be reviewed as duties and responsibilities change with business necessity.

COMPLIANCE & INTEGRITY: Consistently supports compliance and Workplace Conduct by maintaining the privacy and confidentiality of information, protecting the assets of the organization, acting with ethics and integrity, reporting non-compliance, and adhering to applicable federal, state and local laws and regulations, accreditation and licensure requirements (if applicable), and 24 Hour Fitness' policies and procedures.

All Directors, Managers and Supervisors are accountable for communication, implementation, enforcement, monitoring and oversight of compliance policies and practices in their departments.

SERVICE & QUALITY: In addition to defined technical requirements, accountable for consistently demonstrating service behaviors and principles defined by 24 Hour Fitness as well as specific departmental/organizational initiatives. Also accountable for consistently demonstrating the knowledge, skills, abilities, and behaviors necessary to provide superior and culturally sensitive service to member and team members, contracted providers and vendors.

WORKPLACE SAFETY: In addition to defined working conditions and physical requirements, employees are accountable for working safely; following established policies & procedures; and reporting all injuries and hazards to their supervisor immediately.

Supervisors and Managers are accountable for ensuring the safety performance of employees; applying consistent practices in compliance with federal, state and local regulations; providing guidance to maintain a safe and healthy work environment.

Knowledge, Skills & Abilities

• Experience working with CIS CSC 18 computer security programs.

• Familiar with Payment Card Industry (PCI) standards and assessment process.

• Experience with network and host-based intrusion detection and prevention.

• Understanding and familiarity with computer forensic analysis tools and methodologies.

• Proficient in Firewall, UNIX, Microsoft Systems, and Application security and auditing.

• Experience with writing computer security policy documentation.

• Strong verbal and written communication skills.

Minimum Educational Level/Certifications

• Associate's degree in related field, or relevant professional experience.

• Security+ or equivalent entry-level certification.

Minimum Work Experience and Qualifications

• 1+ years experience in a related field.

Physical Demands/ Environmental Conditions

• Normal day-to-day business operations including using a keyboard, walking, bending and reaching., Knowledge, Skills & Abilities

• Proficiency in Python.

• Familiarity with penetration testing techniques and tools.

• Familiarity with Agile values and principles.

• Familiarity with the Scrum pillars as well as Scrum values and principles.

• Experience with auditing and gathering evidence in support of audit findings.

• Experience writing reports of findings related to audits and tests.

Educational Level/Certifications

• CASP and/or SANS GIAC certification is strongly desired. If the candidate does not possess the CASP certification upon being hired, the candidate will be required to obtain the certification within one calendar year of being hired.

Work Experience and Qualification

• Previous experience in either a publicly traded company, or government entity.

• Experience with vulnerability scanning.

• Exposure to software security testing.

• Understanding of application and system logging and analysis.

All Employees: Free Club Membership, Employee Assistance Program (EAP), Basic Group Live and AD&D Insurance ($10,000), and 401k Savings and Investment Plan.

Average of 30 hours or more per week: Medical/Dental/Vision Benefits, Paid Time Off, and Sickness Benefits (in addition to the above).

Washington State : Receive 40 hours of sick time on your first day of employment. After 6 months of employment, accrue 1 hour of sick time for every 30 hours worked, up to a maximum of 120 hours, inclusive of time carried over.

Actual offer may vary from posted hiring range based on location, work experience, and/or education.

Salary range will vary based on geography of the applicant.

Pay Range for Los Angeles, Orange County and Seattle: $73,140.00-$91,425.00 (Exempt), $35.16-$43.95 (Non-Exempt)

Pay Range for Bay Area (California) & New York City (incl. New Jersey): $76,320.00-$95,400.00 (Exempt), $36.69-$45.87 (Non-Exempt)

Pay Range for San Diego & Carlsbad (California) and all other locations: $68,688.00-$85,860.00 (Exempt), $33.02-$41.28 (Non-Exempt)

For over 40 years, 24 Hour Fitness has been a leader in the industry, driven by our mission to help our community live healthier and happier through the transformative power of fitness. With clubs nationwide, we create inclusive, welcoming spaces equipped with premium strength and cardio equipment, studio classes, and innovative digital tools. Our impact goes beyond the gym--we support our members' total well-being through coaching, connection, and community. Join us and be part of a team that's changing lives every day!