Internet Security Specialist – Lead

Job Description

• This resource will mainly be managing the execution (from the business side) of a complex audit called SOC1 or SSAE16, some audit experience and project management are a must.

• Top 5 things we are looking for: Independency, ownership, audit/control background, project management and relationship focused.

Responsibilities:

• Role Purpose Primary focus is on processes designed to effectively control risk and the related management of compliance with regulatory and other guidance.

• Provides guidance and support to internal business partners, customers and vendors in assessing IT risks and mitigating controls to protect corporate intellectual capital and other sensitive data.

• Typically holds a Bachelor's degree in Computer Science, Information Systems, Business Administration or other related field (or equivalent work experience).

• Professional certification preferred (e.g. CISA, CISSP, CISM, CPCB, etc.)

• Knowledge of frameworks, standards, and best practices (i.e. PCI, ISO, COBIT, COSO, CMMI).

• Requires knowledge in at least one of business and technical functional capabilities in the following areas: security architecture; security engineering; threat management; vulnerability management; electronic discovery; computer and data breach incident management; data protection; forensics; 3rd party/vendor management; security monitoring; cryptography; security operations and administration; access management; security policies and standards; security awareness; business continuity; disaster recovery; IT risk management and controls; web security; data security; network security; system security, technology operations and compliance.

• Typically possesses prior IT and business work experience with exposure to various technical environments and business segments, and some experience working with auditors and regulators.

• Superior skill in organizing, managing and interpreting data.

• Excellent time management skills, and the ability to prioritize and multi-task.

• In-depth experience with desktop software and office automation tools.

• Scope Entry or intermediate professional level management.

• May participate as subject matter expert or lead multiple moderately complex initiatives.

• Works under general direction of IT Risk and Information Security Director.

• Responsible for implementing and/or managing security and operational risk processes in one or multiple small to medium IT risk, information security, or service continuity projects or programs that have objectives associated with preserving the confidentiality, integrity, and availability of systems and processes across the enterprise.

• Manages the development and delivery of standards, best practices, and architecture and system oversight programs to ensure effective controls across the enterprise.

• Provides leadership and expertise on IT initiatives across multiple business and technical environments, covering a wide range of business/technical functions, i.e. service continuity, regulatory management, IT risk governance, vendor management, Identity and Access Management , project management, incident management, information security, vulnerability management, forensics, web security, etc.

• Educates IT and the business about security policies, risks and controls, and industry best practices, and consults on issues.

• Participates in the development of plans and strategies that improve the overall maturity of our IT risk, governance and compliance processes, programs and/or skills.

• Performs monitoring of events and security incidents and recommends solutions.

• Provides first- and second-level technical support to security or other risk systems and tools.

• Context - Accountabilities Works with Information Security Managers, Information Security Specialists and other AET and business professionals to identify technical solutions and business process improvements in accordance with regulatory requirements, internal policies and standards and other guidance.

• Supports developing and implementing best practices and efficiencies to promote cost optimization.

• Works individually and with teams on both structured and unstructured assignments.

• Serves as an information security, service continuity or other IT risk domain liaison for AET programs and initiatives.

• Assists in providing governance or other oversight on processes and initiatives to ensure compliance.

• Develops and implements appropriate metrics for ongoing reporting Context - Management Dimensions Provides guidance on security controls and IT risk management to team members.

• Required to provide day-to-day operational management over functional processes and project delivery.

• May act as a mentor to Analysts and those interested in developing their security, business continuity, IT risk or other domain knowledge

• May make difficult and timely decisions regarding simple and complex business problems.

• Functional Capability Participates in the development of plans and strategies for information security, service continuity and other risk processes and programs.

• Responsible for evaluation of applications, tools and systems

• Supports the implementation of processes and methods for auditing and addressing non-compliance to information security, service continuity and risk management standards and methodologies; facilitate migration of non-compliant environments to compliant environments.

• Creates or manages the documentation of non-compliance to contracts, policies, process and standards and assist in their resolution.

• Supports stakeholders to achieve targeted levels of operational IT risk management, information security, service continuity, project oversight and IT controls.

• Enforces security policies by administering and monitoring profiles, reviewing violation reports and investigating possible exceptions; document controls; make recommendations.

• Develops risk analysis scenarios and response procedures Provides advice on controls, processes, and procedures.

• Builds relationships with diverse groups, and leads meetings to gather and document data and information in order to measure and improve the effectiveness of IT risk management, information security or service continuity activities performed within the company.

• Supports the development of service continuity, IT risk, and information security metrics and criteria.

• Direct maintenance of internal documentation library, ensuring that process and other documentation is regularly updated to reflect latest operational processes and requirements.

• Provide technical or analytical guidance as needed for issue management, project assessments, and reporting.

• Leads the evaluation of products and/or procedures to enhance productivity and effectiveness.

• Oversees or prepares materials (reports, presentations, spreadsheets, etc) to enable informed decision making; guide the verification of completeness, accuracy and relevance of data gathered

• Monitor and measure progress and take corrective action as necessary.

• Develops Winning Strategies

• Maintains an understanding of enterprise business initiatives and objectives and the various line portfolios Drives Results

• Support multiple priorities under tight timeframes

• High degree of initiative, dedication Focuses on the Customer and Client Drives Innovation and Change

• Detail oriented with the ability to synthesize large amounts of data Builds and Leverages Relationships

• Enjoys working both collaboratively and independently Communicates Effectively

• Both verbally and in writing

• Influencing and negotiation; presentation skills Demonstrates Personal Excellence.

Qualifications

Audit, Risk, Project Management

Additional Information

To schedule an interview, please contact;

Vishwas Jaggi

973-475-7482