Job Description :
6 months with STRONG probability of extension for qualified candidate.

Key Responsibilities Include:
Provide the technical leadership and partner with architecture, data, application and infrastructure areas to interpret security standards and derive appropriate solutions to manage risk and maintain compliance.
Identify and support the remediation of security vulnerabilities in applications, databases, middleware, operating systems, and networks. Execute a variety of methods to identify vulnerabilities, including but not limited to scanning tools, automation tools, and data analysis.
Partner with delivery teams across IT to ensure ideal security configurations for operating systems, networks, databases, middleware, etc., including participation in the development of hardening standards for cloud adoption and the application of secure coding standards to ensure confidentiality of client information and compliance with applicable standards and controls.
Define the appropriate security controls that should be implemented into Business as Usual activities and provide security consulting services to IT teams to ensure controls are appropriately implemented.
Drive continuous improvement in the vulnerability management process by preventing vulnerabilities from being deployed to production; examples include reviewing tools and processes such as configuration management, change management, and patch management; providing input into standards and policies; and performing retrospectives.
Keep current with industry trends and enterprise initiatives, to ensure that our Information Security program capabilities evolve with emerging threats, new technology capabilities, and business needs.

Required Skills and Experience:
5-7 years of experience in Information Security focusing on security solution design, engineering, implementation and assurance.
3-5 years of experience defining and managing the implementation of controls to address access security and IT control requirements.
3-5 years of experience working with Information Security and IT general controls, including experience defining and documenting controls using COBIT 4.1 or 5.0, the NIST Cybersecurity Framework, the ISO 27k framework, the SANS 20 critical controls or similar experience.
Deep understanding of Information Security technologies including firewalls, IDS/IPS, Password Vaults, CASBs, SIEM, IT GRC, DLP, etc.
Strong people leadership skills and ability to influence without direct authority.
Understanding of the regulatory environment and experience with regulators.
Strong written and verbal communication.
Comfort delivering tasks and assignments in an evolving and a maturing environment.

Preferred Skills and Experience:
Application security experience and corresponding technologies (e.g. Jenkins)
Experience with the FFIEC Cyber Security Assessment Tool.
Applicable certifications (e.g. CISSP, CISA, CISM, CGEIT, CRISC)
             

Similar Jobs you may be interested in ..