*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
04/07/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
03/07/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
03/07/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
02/07/2024
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
01/07/2024
Full time
*Hybrid, 3 days onsite, 2 days remote* *We are unable to sponsor as this is a permanent Full time role* A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands-on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2-4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc. Responsibilities: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management. Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Analyze and stay current with regulations that impact information security/privacy program. Qualifications Bachelor's degree Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) Four (4) + years of Information Security experience required. Candidates containing hands on technical experience. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required. Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Technologies/Software Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions.
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
28/06/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.