exploring new technologies, being ready to handle any challenge in a moment’s notice, mastering consistency in an ever-changing world that’s what it takes to get there.
If that's something you want to be apart of, apply today!
This role requires hands-on experience with security risks and assessment, especially with specific security programs. You must be able to solve challenging security issues at scale and work collaboratively with all stakeholders.
Additionally, you should be comfortable with incomplete requirements and a fast paced environment.
Send out security assessments to identified vendors and Internal System Owners
Follow up with vendors and Internal System Owners to ensure assessments are completed by the due date outlined
Review vendor security assessments to determine if the security requirements are being met
Review Internal Control assessments to determine if the policy requirements are being met
Follow up with vendors and / or system owners for clarification on assessment responses and for additional information needed to complete the assessment review
Document and triage findings from vendors on security responses
Collaborate with internal stakeholders on assessments, including identification of findings and associated remediation plans.
Consult with internal stakeholders on security standards and best practices to protect the data and systems
Follow up with internal stakeholders and vendors on remediation to ensure security risks are tracked and closed
Escalate issues regarding findings to internal stakeholders for review
At least 5 years + experience specifically in a security role
1 year of experience in people / team management
With hands-on experience in :
GRC (Governance, Risk and Compliance)
Assessment tools : OneTrust, RSA Archer, Prevalent, ProcessUnity)
Risk / Compliance Framework : PCI, HIPAA, NIST, SOC2 T2, ISO27001, COBIT)
Exceptional verbal and written communication skills necessary to effectively collaborate with peers, and to present and explain highly technical information to stakeholders who may have limited technical knowledge.
Bachelor's degree in IT Security, Computer Science, or equivalent; or an additional 4 years of relevant IT experience.