Job Description :
Responsibilities
Serve as the subject matter expert on all matters of Enterprise Information Security.
Perform security assessments for IT projects, including but not limited to, reviewing architecture designs, data flow diagrams, and recommending security controls/procedures to mitigate risk.
Work closely with application & infrastructure teams to understand business needs and assist with security architecture, secure coding, and design of Information Technology systems.
Confirm adherence to Company''s Security policy and regulatory requirements such as PCI, PII, HIPAA, and SOX.
Provide guidance to security engineering team when escalations are required.
Understand security policies and procedures and assist in enforcing them.
Required Skills/ Experience:
Bachelor’s degree in computer science, electrical engineering, computer engineering, information technology, or related field.
5 years of experience in the field of Information Security, including 3 years of experience performing security and risk assessments (3rd party vendors & on premises) based on ISO 27002 or NIST 800-53 control frameworks.
Knowledge of SAP information security controls
Experience with designing controls for systems and processes which handle PII to address Privacy and upcoming GDPR requirements.
Ability to think critically when assessing systems/processes/technologies without need of a checklist
Experience with risk identification and recommending compensating controls to mitigate IT risk.