Vacancy caducado!
- Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed.
- Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation.
- Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements.
- Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
- Serve as a subject matter expert for Information Security consulting to technical / non-technical management and staff.
- Manage and support the 3rd Party Security Vendor Risk Management program and lifecycle.
- Manage the exception request process and consult as needed.
- Lead the Security Awareness program. This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs.
- Management and support of the GRC technology platforms.
- Conduct evaluations of an IT program or its individual components to determine compliance with published standards.
- Bachelor's degree or five (5) years of work experience in IT Security is required.
- Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
- Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG… is required
- Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred.
- Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred.
- Three (3) or more years of experience managing timelines and being self-directed preferred.
- Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred.
- Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options.
- Strong knowledge of risk management principles and practices.
- Strong knowledge of security administration and role-based security controls.
- Strong knowledge and use of GRC platforms.
- Knowledge of host and network-based anti-malware technologies.
- Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote.
- Knowledge of client and server firewalling technologies and capabilities.
- Knowledge of security event management (SIEM), event correlation and analysis technologies.
- Knowledge of data encryption technologies.
- Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
- Knowledge of web filtering and email SPAM prevention techniques.
- Knowledge of vulnerability assessment and forensic investigations tools.
- Knowledge of mobile device security and Mobile Device Management solutions.
- Knowledge of Privileged Access Management technologies.
- Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Vacancy caducado!