Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
25/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
AWS Cloud based performance testing Chicago - Hybrid 3 days on site. - Long term contract role C2C or W2 Must be AWS certified heavy cloud experience setting up and maintenance of a cloud-based performance system to automate and troubleshoot environmental issues. Performance testing, automation testings, financial experience strongly preferred. python Scripting: converting Java to python. Don't have to be application developers and as much. Devops and containerization as possible splunk confluence Jira API testing uc4 or similar. All about cloud testing system they are migrating from an old system to a new system kafka is a HUGE plus WORK TO BE PERFORMED: Performance Testing with open-source tools like JMeter, Gatling. Perl Scripting, PowerShell Scripting, solid Python Scripting and Java. Setting up of parallel testing environments that will be used to compare existing system business processes and data to a new cloud-based system/platform. Goal is to ensure that new system is producing correct results and performing as expected before it can become the official system of record. The ability to take raw data, mask it and create algorithms and solutions that increase the data load that will feed into our new Clearing System and with no issues, duplicates or any other data issues that will cause it to be rejected. Assist in the set up and maintenance of cloud-based performance and functional test environments in the Cloud (AWS) and define the steps to automate the process for continuous testing and iterations of cycles. SKILL AND EXPERIENCE REQUIRED: Python Scripting - familiarity with creating modules that multiply transactional data and other data multiplier strategies that will be used in test cycles of the Real Time Clearing System SDET automation testing skills/QA automation engineering Experience with Performance Engineering concepts and methodologies as well as cloud technologies and migrations using public cloud vendor. Solid utility building with Python, Perl and Powershell. Test automation using CI/CD concepts. AWS Certified SysOps Administrator or Certified Developer (required) Languages Technologies: Java, Kafka, Docker, Kubernetes, DB2, CyberArk, Harness, JIRA, Jenkins, Splunk, Confluence, Git, JSON, API Testing, Cucumber, Selenium, Terraform, Ansible, Veracode, Virtualan, UC4, Change Data Capture, Docker, AWS/Google/Azure Cloud, Open API/Swagger, SOAP Web Service(JAX-WS), Restful Web Service (JAX-RS), Apache-CXF, Spring-Core, Spring WS, Spring Transaction, Spring-Integration, JDBC, Shell Scripting, XML, JavaScript, SQL, Python, JMeter, Gatling, Perl, PowerShell. SignalFX, AppDynamics. Software tools and Utilities: Jenkins, Kubernetes, Enterprise Architect (EA), Enterprise Manager-UM, SQL Developer, JConsole, Visual Studio, JMeter, Bitbucket, Git, CVS, SVN, PuTTy, Microsoft Visio, TOAD, SourceTree, JIRA, Confluence, Sonar, Bamboo, Splunk, Automic (UC4), Apache Kafka, LogicMonitor, BMC MainView, Real Time, and Historical monitoring tools on-prem and in the Cloud.Web Servers/App. Servers/Containers Experience; Database Technologies: DB2, PostgreSQL; Operating Systems experience; Methodologies: Agile, Iterative Waterfall
25/06/2024
Project-based
AWS Cloud based performance testing Chicago - Hybrid 3 days on site. - Long term contract role C2C or W2 Must be AWS certified heavy cloud experience setting up and maintenance of a cloud-based performance system to automate and troubleshoot environmental issues. Performance testing, automation testings, financial experience strongly preferred. python Scripting: converting Java to python. Don't have to be application developers and as much. Devops and containerization as possible splunk confluence Jira API testing uc4 or similar. All about cloud testing system they are migrating from an old system to a new system kafka is a HUGE plus WORK TO BE PERFORMED: Performance Testing with open-source tools like JMeter, Gatling. Perl Scripting, PowerShell Scripting, solid Python Scripting and Java. Setting up of parallel testing environments that will be used to compare existing system business processes and data to a new cloud-based system/platform. Goal is to ensure that new system is producing correct results and performing as expected before it can become the official system of record. The ability to take raw data, mask it and create algorithms and solutions that increase the data load that will feed into our new Clearing System and with no issues, duplicates or any other data issues that will cause it to be rejected. Assist in the set up and maintenance of cloud-based performance and functional test environments in the Cloud (AWS) and define the steps to automate the process for continuous testing and iterations of cycles. SKILL AND EXPERIENCE REQUIRED: Python Scripting - familiarity with creating modules that multiply transactional data and other data multiplier strategies that will be used in test cycles of the Real Time Clearing System SDET automation testing skills/QA automation engineering Experience with Performance Engineering concepts and methodologies as well as cloud technologies and migrations using public cloud vendor. Solid utility building with Python, Perl and Powershell. Test automation using CI/CD concepts. AWS Certified SysOps Administrator or Certified Developer (required) Languages Technologies: Java, Kafka, Docker, Kubernetes, DB2, CyberArk, Harness, JIRA, Jenkins, Splunk, Confluence, Git, JSON, API Testing, Cucumber, Selenium, Terraform, Ansible, Veracode, Virtualan, UC4, Change Data Capture, Docker, AWS/Google/Azure Cloud, Open API/Swagger, SOAP Web Service(JAX-WS), Restful Web Service (JAX-RS), Apache-CXF, Spring-Core, Spring WS, Spring Transaction, Spring-Integration, JDBC, Shell Scripting, XML, JavaScript, SQL, Python, JMeter, Gatling, Perl, PowerShell. SignalFX, AppDynamics. Software tools and Utilities: Jenkins, Kubernetes, Enterprise Architect (EA), Enterprise Manager-UM, SQL Developer, JConsole, Visual Studio, JMeter, Bitbucket, Git, CVS, SVN, PuTTy, Microsoft Visio, TOAD, SourceTree, JIRA, Confluence, Sonar, Bamboo, Splunk, Automic (UC4), Apache Kafka, LogicMonitor, BMC MainView, Real Time, and Historical monitoring tools on-prem and in the Cloud.Web Servers/App. Servers/Containers Experience; Database Technologies: DB2, PostgreSQL; Operating Systems experience; Methodologies: Agile, Iterative Waterfall
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
25/06/2024
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
Contract - UC4 Automation Engineer Rate: Open Location: Chicago, IL Hybrid: 3 days on-site, 2 days remote Qualifications Python Scripting SDET automation testing skills/QA automation engineering Experience with Performance Engineering concepts and methodologies as well as cloud technologies and migrations using public cloud vendor preferably using cloud foundational services like AWS's VPCs, Solid utility building with Python, Perl and Powershell. Test automation using CI/CD concepts. Languages & Technologies: Java, Kafka, Docker, Kubernetes, DB2, CyberArk, Harness, JIRA, Jenkins, Splunk, Confluence, Git, JSON, API Testing, Cucumber, Selenium, Terraform, Ansible, Veracode, Virtualan, UC4, Change Data Capture, Docker, AWS/Google/Azure Cloud, Open API/Swagger, SOAP Web Service(JAX-WS), Restful Web Service (JAX-RS), Apache-CXF, Spring-Core, Spring WS, Spring Transaction, Spring-Integration, JDBC, Shell Scripting, XML, JavaScript, SQL, Python, JMeter, Gatling, Perl, PowerShell. SignalFX, AppDynamics. Software tools and Utilities: Jenkins, Kubernetes, Enterprise Architect (EA), Enterprise Manager-UM, SQL Developer, JConsole, Visual Studio, JMeter, Bitbucket, Git, CVS, SVN, PuTTy, Microsoft Visio, TOAD, SourceTree, JIRA, Confluence, Sonar, Bamboo, Splunk, Automic (UC4), Apache Kafka, LogicMonitor, BMC MainView, Real Time, and Historical monitoring tools on-prem and in the Cloud. Web Servers/App. Servers/Containers Experience; Database Technologies: DB2, PostgreSQL Responsibilities Performance Testing with open-source tools like JMeter, Gatling. Perl Scripting, PowerShell Scripting, solid Python Scripting and Java. Setting up of parallel testing environments that will be used to compare existing system business processes and data to a new cloud-based system/platform. Goal is to ensure that new system is producing correct results and performing as expected before it can become the official system of record. The ability to take raw data, mask it and create algorithms and solutions that increase the data load that will feed into our new Clearing System and with no issues, duplicates or any other data issues that will cause it to be rejected. Assist in the set up and maintenance of cloud-based performance and functional test environments in the Cloud (AWS) and define the steps to automate the process for continuous testing and iterations of cycles.
25/06/2024
Project-based
Contract - UC4 Automation Engineer Rate: Open Location: Chicago, IL Hybrid: 3 days on-site, 2 days remote Qualifications Python Scripting SDET automation testing skills/QA automation engineering Experience with Performance Engineering concepts and methodologies as well as cloud technologies and migrations using public cloud vendor preferably using cloud foundational services like AWS's VPCs, Solid utility building with Python, Perl and Powershell. Test automation using CI/CD concepts. Languages & Technologies: Java, Kafka, Docker, Kubernetes, DB2, CyberArk, Harness, JIRA, Jenkins, Splunk, Confluence, Git, JSON, API Testing, Cucumber, Selenium, Terraform, Ansible, Veracode, Virtualan, UC4, Change Data Capture, Docker, AWS/Google/Azure Cloud, Open API/Swagger, SOAP Web Service(JAX-WS), Restful Web Service (JAX-RS), Apache-CXF, Spring-Core, Spring WS, Spring Transaction, Spring-Integration, JDBC, Shell Scripting, XML, JavaScript, SQL, Python, JMeter, Gatling, Perl, PowerShell. SignalFX, AppDynamics. Software tools and Utilities: Jenkins, Kubernetes, Enterprise Architect (EA), Enterprise Manager-UM, SQL Developer, JConsole, Visual Studio, JMeter, Bitbucket, Git, CVS, SVN, PuTTy, Microsoft Visio, TOAD, SourceTree, JIRA, Confluence, Sonar, Bamboo, Splunk, Automic (UC4), Apache Kafka, LogicMonitor, BMC MainView, Real Time, and Historical monitoring tools on-prem and in the Cloud. Web Servers/App. Servers/Containers Experience; Database Technologies: DB2, PostgreSQL Responsibilities Performance Testing with open-source tools like JMeter, Gatling. Perl Scripting, PowerShell Scripting, solid Python Scripting and Java. Setting up of parallel testing environments that will be used to compare existing system business processes and data to a new cloud-based system/platform. Goal is to ensure that new system is producing correct results and performing as expected before it can become the official system of record. The ability to take raw data, mask it and create algorithms and solutions that increase the data load that will feed into our new Clearing System and with no issues, duplicates or any other data issues that will cause it to be rejected. Assist in the set up and maintenance of cloud-based performance and functional test environments in the Cloud (AWS) and define the steps to automate the process for continuous testing and iterations of cycles.
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
24/06/2024
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
19/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate will be responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is highly preferred Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.