Principal Security Engineer

Description
Bring your IT career and talents to CDW, where you can have a greater impact, be inspired by our mission and excited about your career and future. A Fortune 200 leader, we're the driven professionals and technology experts companies turn to most to solve their IT challenges. Join CDW and help protect delivery of full stack technology solutions and global services for 250K+ customers- including corporate enterprise, government, education, and healthcare industries. You will be on a team dedicated to collaborative delivery of a new global information security strategy, operating model, and objectives to accelerate CDW's business goals in a secure way. Your role at CDW is of the utmost importance to the company's mission, objectives, and reputation. As the Cyber Security Assurance Lead, you will work with the business to ensure global security controls are in place at the business unit level. Using the unified control framework, you will develop technical controls, a process in which control owners are informed on what evidence to provide, the frequency to provide it and validate the process is working as designed. You will also provide consulting to optimize critical controls, ensuring that the overall attack surface area can be reduced
* What you will do:
* Controls - Understand the unified control framework (rationalizing multiple control sets into one) and have experience in developing technical controls by business units with stakeholders. - Identify, assess, and document security compliance controls, ensuring alignment with regulatory and organizational standards. - Provide guidance to management and business units on control requirements, evidence gathering, and control optimization. Auditing / Assurance / Testing - Establish processes to document and provide evidence in a centralized repository of evidence. - Provide consultative support on audits. - Responsible for conducting control effectiveness assessments on organizational applications, infrastructure, and technologies. - Perform control testing to assess the design and operational effectiveness of security controls, with an emphasis on compliance with applicable frameworks (e.g., NIST, ISO 27001). - Applying a risk-based approach to control testing and compliance assessments, prioritizing based on potential impact and likelihood. -Previous experience performing an evidence-based assessment is required including providing recommendations to required maturity. Risk Management -Assess risks, design controls, and monitor performance to mitigate potential issues and help achieve operational excellence. -Understand how to document and manage risks within business units and roll up thematic risks. Issues Management -Ensure issues management is prioritized within the business and appropriately actioned. General - Work collaboratively with the Security Risk Management team and the Business. - Work on and prioritize multiple, concurrent projects while meeting deadlines in a fast-paced environment.
* What we expect of you:
* - 10+ years of experience in security, understanding controls and implementation of controls - 5+ years of deep control, audit / assurance experience. - Strong background and expertise NIST CSF, ISO27001, SOC2, PCI 4.0 / 3.2 - Familiarity with CMMI maturity model for controls rating - Familiarity with privacy and privacy related controls (NIST Privacy) as well as data protection (NIST 800-53) - Strong analytical and problem-solving skills to identify and resolve complex issues related to Microsoft 365 deployments and configurations. - Strong problem solving and collaboration skills with demonstrated ability to explain complex technical concepts to a variety of audiences for the understanding of all involved. - Strong communication and interpersonal skills, with the ability to clearly explain complex IT controls and compliance issues to non-technical audiences. - Dedication to continuous improvement, security process engineering, and operational excellence. - Certifications such as CISA (Certified Information Systems Auditor) or CRISC (Certified Risk and Information Systems Control), are nice to have.
Who we are:
CDW is a leading technology solutions provider to business, government, education and healthcare organizations across the globe. Our fingerprints can be found on technology in workplaces of more than 250,000 companies; from fresh-faced start-ups to international conglomerates. With the breadth of products and services we offer, there is no request too big or too small.
What you can expect from us: Culture, coworkers, careers.
CDW is not only the People Who Get IT but the People who get People. Our relationships are fueled by our deep expertise and grounded in the CDW Way. Our empowering leadership makes things happen and inspires their teams to do the same. From the teammates beside us to the leaders who guide us, we move forward together. At CDW, you'll work with people who inspire you. People with positive, success-driven attitudes who you will learn from and forge strong relationships with. Bring your best true self- and your best ideas- to CDW. Because diverse perspectives bring forth better problem solving- and better solutions for our customers on a rapidly evolving technology landscape.
Equal Opportunity Employer, including disability and protected veteran status
Benefits overview: [https://cdw.benefit-info.com/](https://cdw.benefit-info.com/)