Back to Search Results

Lead IT Security and Compliance engineer 18489 11/3/2023 12:44:00 PM

IT
Contractor - W2

Job Description

The Job… 

  • Risk Assessments & Management: Conduct regular information security risk assessments and assist in the development and updating of the company's risk register.
  • Policy Development & Maintenance: Collaborate with key stakeholders to draft, review, and update security and GRC-related policies and procedures.
  • Incident Response: Participate in incident response planning and execution. Analyze security breaches to identify root cause and recommend corrective actions.
  • Compliance Audits: Assist in the preparation and coordination of internal and external compliance audits. Manage evidence collection. Address findings and coordinate remediation efforts.
  • Security Awareness & Training: Contribute to the design and delivery of security awareness programs for staff.
  • Technical Solutions: Evaluate, recommend, approve, and implement security tools and solutions in line with the company's needs, architecture, and established patterns.
  • Continuous Monitoring: Monitor security access and firewall logs, investigate anomalies, and escalate security incidents.
  • Reporting: Generate regular security and GRC reports for senior management, highlighting trends, risks, and recommendations.
  • Collaboration: Work closely with IT, legal, and other departments to ensure aligned security and compliance efforts.
  • Vendor Management: Assists with vendor security reviews with a security, privacy and compliance lens.

You… 

  • Bachelor's degree in Information Technology, Computer Science, or a related field.
  • 3-5 years of experience in information security and GRC roles.
  • Relevant certifications are a plus, such as CISSP, CISA, CRISC, or CISM.
  • Must demonstrate initiative and ability to drive results with little oversight.
  • Must demonstrate strong written and verbal communication skills and consistent follow-through in all efforts.
  • Demonstrated knowledge of risks management, including analysis of threats and vulnerabilities, control suitability, corrective actions, and monitoring
  • Practical experience with risk assessment tools and methodologies.
  • Strong written and verbal communication skills, with a track record of developing and maintaining risk-related policies.
  • Familiarity with global and regional regulations, and ability to translate them into internal policies.
  • Proven ability to respond to and resolve incidents quickly and effectively.
  • Experience with incident analysis, resolution procedures, and related tools.
  • Hands-on experience in conducting and managing compliance audits of standards, frameworks, audit methodologies and best practices (e.g. NIST, CIS, PCI, HITECH, ISO 27001/2, SOC1, SOC2)
  • Experience with design and implementation of risk and security training programs.
  • Proficiency in assessing, selecting, deploying, and managing technologies and solutions.
  • Experience in cloud platforms (e.g. AWS, GCP, Azure).
  • Experience with common security tools and solutions (e.g., SIEM, IDS/IPS, Firewalls, CSPM, SSPM).
  • Track record of generating detailed risk reports that offer valuable insights and actionable recommendations.
  • Analytical mindset and ability to derive meaningful conclusions from complex data sets.
  • Demonstrated collaborative skills with a history of working effectively across diverse teams to ensure a cohesive approach to security, risk management and compliance.
  • Familiar with foundational elements of software development and cloud computing and standard approaches to securing them.
  • Project management skills to drive initiatives from start to finish, managing aspects of design, delivery, and control.

Job Requirements

The Job… 

  • Risk Assessments & Management: Conduct regular information security risk assessments and assist in the development and updating of the company's risk register.
  • Policy Development & Maintenance: Collaborate with key stakeholders to draft, review, and update security and GRC-related policies and procedures.
  • Incident Response: Participate in incident response planning and execution. Analyze security breaches to identify root cause and recommend corrective actions.
  • Compliance Audits: Assist in the preparation and coordination of internal and external compliance audits. Manage evidence collection. Address findings and coordinate remediation efforts.
  • Security Awareness & Training: Contribute to the design and delivery of security awareness programs for staff.
  • Technical Solutions: Evaluate, recommend, approve, and implement security tools and solutions in line with the company's needs, architecture, and established patterns.
  • Continuous Monitoring: Monitor security access and firewall logs, investigate anomalies, and escalate security incidents.
  • Reporting: Generate regular security and GRC reports for senior management, highlighting trends, risks, and recommendations.
  • Collaboration: Work closely with IT, legal, and other departments to ensure aligned security and compliance efforts.
  • Vendor Management: Assists with vendor security reviews with a security, privacy and compliance lens.

You… 

  • Bachelor's degree in Information Technology, Computer Science, or a related field.
  • 3-5 years of experience in information security and GRC roles.
  • Relevant certifications are a plus, such as CISSP, CISA, CRISC, or CISM.
  • Must demonstrate initiative and ability to drive results with little oversight.
  • Must demonstrate strong written and verbal communication skills and consistent follow-through in all efforts.
  • Demonstrated knowledge of risks management, including analysis of threats and vulnerabilities, control suitability, corrective actions, and monitoring
  • Practical experience with risk assessment tools and methodologies.
  • Strong written and verbal communication skills, with a track record of developing and maintaining risk-related policies.
  • Familiarity with global and regional regulations, and ability to translate them into internal policies.
  • Proven ability to respond to and resolve incidents quickly and effectively.
  • Experience with incident analysis, resolution procedures, and related tools.
  • Hands-on experience in conducting and managing compliance audits of standards, frameworks, audit methodologies and best practices (e.g. NIST, CIS, PCI, HITECH, ISO 27001/2, SOC1, SOC2)
  • Experience with design and implementation of risk and security training programs.
  • Proficiency in assessing, selecting, deploying, and managing technologies and solutions.
  • Experience in cloud platforms (e.g. AWS, GCP, Azure).
  • Experience with common security tools and solutions (e.g., SIEM, IDS/IPS, Firewalls, CSPM, SSPM).
  • Track record of generating detailed risk reports that offer valuable insights and actionable recommendations.
  • Analytical mindset and ability to derive meaningful conclusions from complex data sets.
  • Demonstrated collaborative skills with a history of working effectively across diverse teams to ensure a cohesive approach to security, risk management and compliance.
  • Familiar with foundational elements of software development and cloud computing and standard approaches to securing them.
  • Project management skills to drive initiatives from start to finish, managing aspects of design, delivery, and control.

Get in Touch
Follow Us

© IntraEdge, Inc. All Rights Reserved