Responsibilities We are looking for an experienced Information Security professional to work in our Information Security Governance, Risk and Compliance area.
This role will be responsible for making sure we are meeting our compliance obligations and will provide oversight of the appropriateness and effectiveness of our security controls and adhering to our enterprise best practices.
Here are some of the things you will do: Develop methods to monitor compliance and assurance efforts Manage and approve Accreditation Packages Monitor and evaluate the effectiveness of the enterprise’s cybersecurity safeguards to ensure that they provide the intended level of protection.
Recognize a possible security violation and take appropriate action.
Review authorization and assurance documents to confirm that the level of risk is within acceptable limits.
Review or conduct audits of information technology (IT) programs and projects.
Track compliance and audit findings and recommendations to ensure that appropriate mitigation actions are taken.
Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
Develop security compliance processes.
Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.
Assess the effectiveness of security controls.
Qualifications We’re looking for someone with: Associates or bachelors degree with a preference in a science, technology, engineering, or math related field or equivalent work experience and 8 years of related work experience Experience supporting Info security work and products (preference towards compliance and governance) Experience with Info Security certifications and frameworks such as SOC2, ISO 27001, NIST Ability to informally lead and drive large scale projects with high collaboration Excellent judgment, decision making skills, and the ability to work against aggressive timelines Excellent presentation skills in order to speak to a variety of audiences, including written and oral communication Additional preferred experience: Deep understanding of technical and compliance issues as they relate to monitoring user behavior in a corporate environment, including international corporate environments.
Information security and risk management processes and controls including security operations, security architecture, security assessments, security engineering, risk management, and compliance.
Fed Ramp experience Certifications such as CISA, CISSP or CISM