Information Security Risk Management Specialist

Harris is a leading provider of financial management and Customer Information Systems (CIS) software solutions; providing feature-rich and robust turnkey solutions to Public Sector, Schools, Utility, and Healthcare agencies throughout North America.

We are a financially strong, growing and stable company guided by our values to do the right thing when it comes to our customers, our employees, and our local communities.

At Harris, we offer employees the opportunity to learn and have fun, while empowering them to make a difference and directly contribute to the success of the organization! The Harris Corporate IT Team is seeking an Information Security Risk Management Specialist who will participate in evaluating, developing, and implementing security tools, standards, procedures, and guidelines for multiple platforms in diverse systems environments as needed.

As the Information Security Risk Management Specialist, you will utilize your wide area of expertise in risk management, security frameworks, regulatory compliance, cybersecurity, vulnerability management, disaster recovery and business continuity planning, incident management, and other areas to provide security support for the Harris group of companies.

You will analyze, montior, track, and report behaviors and tasks logged by assets (ie, applications, systems, networks) in the form of incidents to ensure Harris’ network and systems are protected from any potential leaks of information or malicious activities.

Routine tasks include analyzing and correlating event logs to help identify normal versus malicious activity in the network / domain and proactively monitoring cybersecurity and information technology infrastructure, including hardware, software, networks, applications and services.

This position will communicate with the Corporate IT team, customer’s IT representatives, Managed Security Services and other appropriate areas, as deemed necessary.

What you'll do

Perform risk and security assessments of applications, databases, and servers and supporting network technologies, such as routers, switches, access points, to identify, evaluate, and prioritize risks.

Responsible for security controls, processes and architecture consultation, design and monitoring.

Responsible for overall access control risk management including but not limited to auditing current access controls to identify potential risks, making recommendations for improvement in security and tracking remediation.

Responsible for conducting risk assessments against various regulatory compliance such as HIPAA, PCI, etc. and industry recognized security frameworks.

Develop and execute corrective action and remediation plans for identified issues, risks or vulnerabilities.

Analyze and assess security incidents and escalate incidents by following incident plan.

Develop and maintain standard practices and procedures for appropriate response to identified threats.

Monitor activities and events to detect, classify and act upon anomalous behavior appropriately in a timely manner.

Assess potential risks and vulnerabilities to develop baselines and assist with response to deviations.

Work with IT teams to solve information security system problems and issues in a timely and accurate manner.

Assess emerging technologies against security architecture to determine where they fill gaps, overlap with existing solutions or extend capabilities.

Participate in annual security audits, incident response exercises, security reporting, audit and compliance support.

Work with the information security team to provide security incident escalation support and remediate security issues.

Perform reviews and assessments of security controls before hardware / software is migrated to production.

Work with business units to ensure vendors are reviewed through the vendor risk management process and are in compliance with applicable regulations and standards.

Develop and maintain risk registers and other risk management documentation.

Monitor and report on the effectiveness of risk mitigation strategies and plans.

Support the development and testing of disaster recovery and business continuity plans.

Oversee security awareness program, including phishing campaigns, periodic training and tracking compliance.

Qualifications

Minimum of 5 years of experience in IT security risk management, a security operations center and / or system administration role.

3 years of experience assessing security controls and processes, vulnerabilities, regulatory and legal changes, and security standards that may impact the security of systems or data.

Hands on experience managing security and governance, risk and compliance tools.

Ability to write security requirements and design documents.

Experience in access control and identity management for on premise and cloud environments.

Bachelor’s degree in Computer Science, Information Systems, Network Security Engineering or related major or equivalent work experience.

CISSP, CRISC, CISA or equivalent certifications would be considered an asset.