Info Security Gov & Risk Specialist

Job Title : Info Security Gov & Risk Specialist (Hybrid)

Location : Charlotte, Denver, or Iselin

Job Overview :

Defines, enhances, and implements information security configuration controls, while ensuring consistent and effective information security administration procedures and processes.

Key Responsibilities and Duties :

• Review industry configuration safeguards and monitor compliance for infrastructure assets : databases, workstations, network, middleware, servers, cloud services, and mobile
• Partners with multiple business stakeholders to drive work and monitor through completion
• Analyze internal information security controls and convert control criteria and their severity into functional compliance scanning results
• Create and support program governance documentation such as standard operating procedures, control assessments and training materials
• Monitor industry security updates, technologies and best practices to improve security management
• Generate metrics and reports in assigned functional business area to inform decisions on tactical issues that impact the business
• Perform QA / QC activities to drive configuration management program maturity
• Support remediation efforts through gap identification and action plan creation to operationalize scan results
• Participates in various tool testing and validation efforts for on-prem and cloud scanning

Required Qualifications :

• Bachelor’s degree in IT or Cybersecurity
• Experience with developing, customizing, reviewing and updating a wide range of enterprise security configuration baselines, with input from subject matter experts
• Experience interpreting and applying CIS Benchmarks, DISA STIGs, SRGs, and has an awareness of the National Vulnerability Database (NVD) and Common Vulnerability Enumeration (CVE)
• year of direct experience working with teams in an agile and horizontal environment
• Experience with remediation activities within Cybersecurity
• Ability to translate the low-level security baseline requirements into security baselines
• Ability to work independently to anticipate needs, support a changing landscape and willingness to act with minimal supervision

Preferred Qualifications :

• Knowledge and understanding of technology operations / processes, as well as experience with evaluating technology-related risks and controls
• Experience in working with the NIST Special Publication series and providing guidance for risk management and security control implementation, including - and others.
• Experience with one or more of the following technologies : Networking (including CISCO or Palo Alto); Operating Systems (including Windows Server, RedHat, or Linux);

Cloud Services (including GCP, AWS, and Azure)

• Ability to apply a technical skill set to research and document industry knowledge and best practices with established or newly released applicable security controls
• Written and verbal communication skills : articulate and effective communicator and presenter, able to describe complex problems in both technical and business terms
• Demonstrated experience learning new technologies
• Experience with an Agile methodology
• Knowledge of ServiceNow and Archer
30+ days ago