Apply before October 30, 2022 at firstname.lastname@example.org
Position Responsibilities ·
- Identifies policy and process gaps, or breaks, ensures proper segregation of duties, and documents approved exceptions.
- Participates in the drafting, updating, revising, and publication of security policies and other security materials.
- Develops, tests, documents, evaluates, tracks, and improves security compliance controls.
- Performs administrative control reviews and recommends remediation actions and alternative approaches to resolve conflicts.
- Identifies, collects, & organizes security incident and event data to produce exception and management reports.
- Supports continuous improvement by developing, operationalizing, and maintaining security compliance metrics & documentation. Also provides support for Security Compliance requests and incidents.
- Reviews technology platforms, including operating systems, applications, network devices, and vendors to ensure compliance with established best practices, organizational, and operational policies.
- Participates in Change Control and Release activities to ensure changes & deployments comply with security controls & policies.
- Maintains the Security Questionnaire database and responds to Security Questionnaires, as necessary.
- Prepares risk assessments for third- and fourth-party vendors to advise the business on relevant IT risks associated in using the vendor or technology.
Experience/Skills (4 – 7 years)
Strong conceptual thinking and communication skills – the ability to translate complex business and technical requirements into effective and comprehensible solutions.
Ability to correlate disparate data sources to produce a complete picture, or view of an event, system, or environment (Connect the dots).
Working knowledge of various regulations such as SOX, HIPAA, international data privacy regulations such as the European Union General Data Protection Regulation.
Knowledge of NIST and ISO 27000 security practice frameworks, including Information Security Management Systems (ISMS).
Knowledge of security controls (e.g. Firewalls, IDS/IPS, VPN, Web Content Filters, Proxies, DLP, SIEM, Log aggregation etc.) Operational experience with one or more common IT infrastructures (Telecom, database, Windows, Active Directory, LDAP, SMTP, DLP, and *NIX server systems, virtualization platforms)
Working understanding of the Microsoft Office suite, including Access and Visio.
The following are not essential, but are highly valued;
SharePoint experience to maintain security sites associated with the Security Compliance Group Detail oriented experience or knowledge of application or infrastructure penetration testing
Basic working knowledge of scripting/programming languages (e.g. Python, PowerShell)
Basic knowledge of cloud security controls and behaviors Education and Certifications:
Bachelor’s degree in computer science, or equivalent work experience required.
Detail oriented security management certification, such as an ISC(2) Systems Security Certified Practitioner (SCCP), SANS GIAC Information Security detail oriented (GISP) is a plus but not required.