Vacancy expired!
- Assist in completing and reviewing security questionnaires, requests for proposal (RFP), requests for information (RFI), and vendor evaluations as needed
- Support and participate in the organization’s Continual Improvement Program to conform to ISO 9001 and ISO 27001 requirements by meeting QMS and ISMS objectives
- Working across the security team to help implement various processes and technologies related to the NIST framework
- Perform security evaluations of new software products across the business and provide risk feedback to requesting team members
- Monitor security solutions for efficient and appropriate operations
- Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings)
- Provide timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities
- Understand and continue to develop cyber security policy and procedure
- Assist in security threat and impact assessments as input to overall information security strategy
- Respond to cyber security alerts including DLP alerts, attempting remediation, and escalation as required
- Manage and maintain simulated phishing campaigns, reviewing and recommending training content, and developing strategy to best prepare and train the organization to respond to the ever-changing threat landscape
- Assist in documenting and escalating incidents (including event history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment
- Coordinate with cyber security staff to correlate threat assessment data and validate network alerts
- Pick up service tickets within established SLAs and escalate to higher tiers as needed
- Support security engineers as needed
- Participate in security incident response efforts
- All employees have a professional duty to provide any information related to security issues, incidents or situations that present a potential security risk to the ISO Team, Management or their Supervisor
- Bachelor’s Degree in Cyber Security, Risk and Compliance, or equivalent/related field or equivalent years of experience.
- CISSP, PMP, CEPT, GIAC or similar relevant information security certifications.
- 4+ years of risk and compliance experience
- 2+ years in an information security or risk and compliance role
- Experience writing and updating security policy and documentation
- Work with key business leaders to help identify critical assets
- Must be self-directed, able to work independently, as well as work in a team-oriented, geographically diverse/multiple locations, and fast paced environment
- Ability to deliver or explain technical concepts to non-technical customers and internal stakeholders
- Experience in the creation of technical documentation including Visio diagrams
- Understanding of basic frameworks for mitigating Vendor risk
- Knowledge of how criminal culture communicates/works on the Internet
- Knowledge of the OSI Reference Model and its security implications
- Ability to understand, and advise on applying security controls or rules (anti-virus, IPS/IDS,DLP, web and network proxies, URL content filtering, multi-factor authentication, SSL VPN's) and how they work in an overall defense in depth risk assessment methodology
- General understanding of TCP/IP networking and security
- Experience with cloud technologies and architecture is an asset
- Ability to work on multiple tasks simultaneously
- Excellent verbal and written communication skills
- Strong organizational skills and attention to detail
- Ability to work well in a fast-paced environment
Vacancy expired!