Evaluate and recommend controls to mitigate information technology, security, and privacy risk. Map internal controls to appropriate established industry standards.
Identify and evaluate technology risks internally and/or at third parties, internal controls which mitigate risks, and related opportunities for internal control improvements.
Understand complex business and information technology management processes.
Assess application layer security controls to ascertain whether they comply with policies.
Maintenance and management of information security related applications.
Monitor, triage and address cybersecurity alerts reported by information security systems.
Proactively identify risks and active threats to the organization, IT systems, and applications.
Tune cybersecurity incident detection systems to provide effective security for the organization.
Perform incident response tasks including evidence preservation and other incident response actions to contain threats within the environment.
Endpoint and application hardening for risk reduction.
Perform vulnerability scans and testing, publish remediation instruction, and track resolution.
Evaluate and make recommendations to management to continuously improve cybersecurity posture.
Work closely with management to prioritize business goals and information security needs.
Automate manual system processes related to remediation and other tasks.
Draft new and maintain existing IT Security processes, procedures, and documentation.
Escalates support incidents and requests, as required, to internal staff and/or external managed service providers.
Work with both internal resources and outside vendors in accomplishing operating objectives.
Participate in knowledge sharing and cross training.
Participate in regulatory and compliance audit activities.
May be assigned other functional duties specific to the individual needs of the department.
Perform any other duties as required or assigned.
Bachelor's degree in Information Security, Management Information Systems or related technical field.
Minimum of 3 years of experience in the information security field.
Experience with Governance, Risk and Compliance.
Hands-on experience with managing external compliance assessments such as SOC 1/2, GLBA, and PCI-DSS.
Experience and knowledge with information security principles, including risk assessment and management, threat and vulnerability management, incident response, authentication methods and identity and access management.
Technical proficiency with security-related systems and applications, especially Firewalls, IDS/IPS, Vulnerability Assessment tools, Endpoint solutions, Proxy servers, Security Incident and Event Management Systems, Data protection mechanisms (such as FIM and DLP).
Proficiency in IT Systems and understanding of Networking and Computer Information Systems.
Demonstrates accountability, leadership, and initiative in complex projects, and other tasks as assigned.
Excellent communication skills and experience effectively communicating with technical and non-technical audiences across in-person and remote offices.
Well-organized and capable of tracking, managing, and resolving issues on multiple projects simultaneously.
Strong time and project management skills required.
Ability to work effectively independently.
Proficient skills and knowledge of servant leadership, facilitation, situational awareness, conflict resolution, continual improvement, empowerment, and increasing transparency.
ADDITIONAL REQUIREMENTS
Ability to lift heavy equipment on occasion.
Some night and weekend work are required as necessary.