_________________________________________________________________________
GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET
Job Description
Overall Purpose:
This position completes security documentation and supports functions for the Department of Security. Major duties include completing the following, risk assessments of security frameworks and regulations, audit remediation, preparation and management of security policy documentation, and reporting of the risk acceptance process.
Essential Functions:
- Work with the business owners throughout the organization to socialize policy and ensure that proper feedback from stakeholders has been garnered
- Act as Security point of contact in relation to rest of the business, with the ability to represent and communicate Security directives
- Documents work performed for all audits and assessments
- Ensures that the policy approval process is followed
- Assists in ensuring that all compliance programs (security awareness, monthly newsletter, security posters) are being maintained according to their set schedules
- Track and report on compliance metrics for assigned areas, and provide support responses to internal and external audits
- Effectively communicate Security related risks and vulnerabilities to business owners based on department, application, or environment
- Create and maintain month-over-month security focused metrics with the goal of communication to enterprise management and business stakeholders
- Develop and update security policy, standards, procedures, and guidelines at the direction of Information Security management
- Work with Junior Security Consulting staff to teach the processes the you own and ensure cross training and growth of your peers
- Validates that all solutions being implemented are in line with currently approved policy, in conjunction with Security Technology team
- Create, facilitate, and manage risk identification and remediation processes at an enterprise wide level
- Support the company’s commitment to protect the integrity and confidentiality of systems and data.
Other Essential Functions:
Depending on business need, you may be responsible for any one or multiple of the following:
- Act as Point of Contact and Project Manager for Information Technology and Security focused external and internal audits and risk assessments (SOC 2, GLBA, FISMA, PCI, others)
- Support the Information Security FFIEC risk assessment performed by a third party. Includes coordinating all meetings, gathering all documentation, participating in all meetings, and managing the response to any and all issues
- Perform internal risk assessments on applications, services, tools, and database infrastructures across the enterprise environment (system security plans)
- Perform user access reviews, physical access reviews, internal production access reviews and user attestations according to schedule.
- Work with the GRC, ticketing, and reporting tools to ensure that current policy is in the system and adhered
- Begin developing Security Compliance skills and support at least two of the functional areas within Security Compliance (as follows): Risk evaluation (RAF) management, PCI assessment, FISMA audit, System Security Plans, Security policy management and approvals, GRC tool management, Manage remediation plans for all security related findings (IA, OCC, SOC 2, etc.), User access report audits, Participate in external audits: GLBA, Internal Audits, SOC 2, customer audits, consolidated customer audits, Security trainings and user responsibility agreements, Security awareness including newsletters, open house, participation in other company events bringing security awareness, Security incident management.
Required Experience
Minimum Qualifications:
- Education and experience typically obtained through completion of a bachelor’s degree in Compliance, Computer Science or a related field
- Minimum 2 years work experience in compliance
- Working knowledge of ISO 27000, PCI DSS, NIST 800-53a, SIG, FFIEC handbook, SOC Type II, GLBA, FCRA
- Experience with security-related technologies including Firewalls, IDS, Vulnerability scanners, Anti-Virus, Data Leak Prevention, two factor authentication, and VPN
- Excellent written/verbal communication skills, with ability to present to peers and co-workers
- Required certification one of CISA, CISSP, CCSP, CRISC, GSNA, CGIH, or equivalent
- Background and drug screen.
Preferred Qualifications:
- CISSP (Certified Information Systems Security Professional) certification or Prep for same
- Additional related education and/or experience preferred
Physical Requirements:
Working conditions consist of a normal office environment. Work is primarily sedentary and requires extensive use of a computer and involves sitting for periods of approximately four hours. Work may require occasional standing, walking, kneeling, and reaching. Must be able to lift 10 pounds occasionally and/or negligible amount of force frequently. Requires visual acuity and dexterity to view, prepare, and manipulate documents and office equipment including personal computers. Requires the ability to communicate with internal and/or external customers.
Employee must be able to perform essential functions and physical requirements of position with or without reasonable accommodation.
Candidates responding to this posting must independently possess the eligibility to work in the United States at the date of hire
The above job description is not intended to be an all-inclusive list of duties and standards of the position. Incumbents will follow instructions and perform other related duties as assigned by their supervisor.
Early Warning Services is an equal opportunity employer.
Job Location:
Scottsdale or San Francisco, , United States
Position Type :Full-Time/Regular
_______________________________________