Roles & Responsibilities:
- Conduct follow-up on both open and past due actions on security control implementations on a regular basis
- Understand client needs to develop project plans, resource plans, establish reporting and metrics and provide the clients and leaders with regular project updates.
- Ensure that the project team is utilized appropriately and consistently with a strong focus on process/tool automations and innovations.
- Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols;
- Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration;
- Information systems auditing, monitoring, controlling, and assessment process;
- Incident response management;
- Risk assessment and management methodology.
- Develop event response documentation and processes, including diagrams for system environments, cloud operations, and security tools
- Collaborate with security leadership, engineering, and compliance to execute security strategies
- Assist other teams in solving security issues in a manner that complies with business requirements and best practices
- Assess our current cloud security and propose improvements or solutions
- Review our architecture and design through a security lens to provide actionable, timely requirements and recommendations
- Serve as a subject matter expert for security tools, applications, and processes
Ability to:
- Effectively communicate technical issues to diverse audiences, both in writing and verbally;
- Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process;
- Evaluate and update and/or revise program materials;
- Learn quickly and apply knowledge to new situations;
- Handle sensitive and confidential matters, situations, and data;
- Understand and follow broad and complex instructions;
- Interact positively with staff, the Board, the public, and regulatory agencies in order to enhance effectiveness and to promote quality service;
- Comprehend technical language and to confer, analyze and write in an objective, lucid manner;
- Work independently and prioritize multiple tasks and adapt to needed changes;
- Remain calm under high pressure/difficult situations.
Key words:
- Cloud Security Posture Management
- Cloud Compliance, Palo Alto Prisma, Bitsight
- Information Security Management System (ISMS)
- Security Framework-ISO27001.NIST,SOX,SOC1 & SOC2,ITGC
Technical/Functional Skills
MUST HAVE SKILLS
- Experience in core IT Risk, Compliance, and security projects.
- Broad understanding of cyber security concepts and risks.
- Experience in assessment of audit findings / gaps including control weaknesses in coordination with different stakeholders and assist with development of management action plans.
- In depth understanding of security classification, change controls, SDLC, security controls, Application Controls, including interfaces and configurations on a variety of applications, operating systems, databases, and networks.
- Hands on experience in Internal and External Audit.
- Control Testing and Risk Management
