Technical lead for the IT Security Assurance group to ensure accurate and timely completion of proactive, ongoing initiatives to reduce the risk of cyber threats to the business leveraging a solid understanding of the Cyber Security threats faced by the organization. Responsible for partnering with internal and external departments within Information Technology as well as business stakeholders in the organization to proactively identify security deficiencies and emerging risks for all IT and IT Security controls on a continual basis. Also, this role will provide the business with technical guidance to satisfy a variety of regulatory monitoring requirements.
MAJOR DUTIES AND RESPONSIBILITIES
Actively and consistently supports all efforts to simplify and enhance the customer experience.
Analyze, interpret, and present complex security requirements to Executive and IT management, IT staff, peers and non-technical team members to drive understanding, awareness, and adoption of sound security practices.
Develop the automation and tool configuration for all in-depth technical workflows for the team's testing and review in order to provide continuous, ongoing monitoring of all IT systems from a security standpoint.
Conduct in depth testing of business defined controls of IT applications to ensure compliance and effectiveness with PCI, NIST, and SOX requirements. Collaborate with business owners on remediation plan based on assessment reviews.
Develop automated scripts, reporting and automation capabilities to support internal IT Security continuous monitoring program.
Provide recommendations on technical guidance and support a variety of regulatory compliance requirements to the business for the implementation of sound security controls within the corporate ecosystem.
Develop and present root cause and trending analysis reports regarding security and compliance programs to senior leadership with IT Security, business partners, and peer departments to drive awareness and optimize continuous improvement initiatives.
Liaise with IT Operational teams to gain understanding of operational requirements on new project initiatives (implementing new and upgrading business applications, decommissioning systems, etc.) to align with IT Security, Regulatory, and Compliance standards and frameworks.
Partner with technical business stakeholders to successfully mitigate security risk to the business through the continuous security monitoring process and the development and publication of security assurance metrics.
Organize project and communication plans and provide updates to the IT Security and Compliance and IT Operations teams.
Interpret, analyze and maintains IT Security standards, guidelines and regulations and provide recommendations to business partners on process improvement.
Provide guidance on cybersecurity continuous monitoring process and procedures, requirements, and controls to leadership teams in order to understand and collaborate with business owners on remediation plans.
Maintain deep subject matter expertise of current cybersecurity threats in order to respond effectively to assessment and evaluation of security controls and continuous monitoring of existing security controls.
Collaborate with business groups to provide awareness of cybersecurity processes and gain an understanding of their programs to provide security-related assistance where needed.
Research current and pending frameworks, regulations, and industry standards, both current and future, to understand and educate team members, departments, and leadership of requirements in security and compliance requirements.
Update and review department documentation, procedures and program effectiveness as needed.
Perform other duties as assigned.
Coach and mentor team members and make recommendations on complex security requirements and continuous monitoring program, provide professional development (i.e. coding best practices), and process improvement for the department.
Serve as escalation point in absence of leadership for team members and external departments' inquiries.
Research emerging risk and threats to establish a cohesive strategy to present information to IT Security leadership and key business stakeholders.
Collaborate with other team members and leadership teams on projects, issues, and remediation issues.
Perform other duties as assigned.
Required Skills/Abilities and Knowledge
Ability to read, write, speak and understand English
Advanced knowledge of security frameworks such as PCI, SOX, HIPAA, NIST 800-53, Cybersecurity and/or other federal, state and industry areas of compliance.
Advanced knowledge of security system configuration.
Advanced knowledge of File Integrity Monitoring process, Firewall Review process, Data Loss Prevention and Patch Management Methodologies a plus.
Advanced knowledge of OS (operating systems), IP networks, and database and application functionality.
Advanced knowledge of application layers, networking, and system administration in order to interpret data.
Ability to present technical concepts to non-technical audiences.
Ability to communication with all levels of leadership, internal/external departments and peers,
Strong analytical and critical thinking skills to identify patterns or indicators of non-compliance.
Ability to build strong relationships with Senior Leadership, IT Staff and peers as demonstrated through an effective and efficient compliance program.
Strong organization and time management skills.
Ability to manage multiple tasks / projects while ensuring deadlines are met.
Bachelor's degree in BA or BS Management Information Systems, Computer Science, Cybersecurity, and/or business related discipline, or equivalent work experience
Required Related Work Experience and Number of Years
IT Security and/or Corporate Risk Work experience - 6+
Information Assurance, Risk, and Cybersecurity Program governance - 2+
One of the following or equivalent certifications required or in the process of obtaining:
CISSP - Certified Information Systems Security Professional
CISM - Certified Information Security Technologist
CISA - Certified Information Systems Auditor
Python 2.0 or 3.0
Tableau Data Visualization
MS Office Excel
Preferred Related Work Experience and Number of Years
Experience working with File Integrity Monitoring Tool/Compliance and Security Automation Standards - 1+
Travel up to 10% required
ISE322 313206-3 313206BR