Job Description :
7+ years direct experience with information security principles and operations
5+ years direct experience conducting information security risk assessments
Advanced understanding of standard security control frameworks, including NIST Cybersecurity Framework, NIST 800-53, and ISO 27001/2
Advanced understanding of HIPAA regulatory specifications and compliance requirements.
Advanced understanding of standard risk assessment and risk management frameworks, including NIST 800-30, 800-37, and 800-39
Advanced understanding of IT security domains, including access control; application development security; business continuity and disaster recovery planning; cryptography; information security governance and risk management; legal regulations, investigations and compliance; operations security; and physical and environmental security
Ability to advise and influence IT system architects, technical project teams, and high-level business managers.
Strong understanding of risk management concepts, metrics, and reporting methodologies
Experience with governance, risk, and compliance (GRC) tools
Experience with business process improvement practices
Utilization of a structured change-management and request tracking environment
Understanding of business processes surrounding security and IT technical implementations
Participation in new system deployments, upgrades, and system and software installations
System and network diagnostics
Demonstrated ability to learn new technologies with minimal support and guidance
Strong ethical foundation for business practices and promotion of workplace integrity
Self-driven education to stay abreast of security developments and threats
Team oriented; active participant in team and project meetings
Diligent notification of management and co-workers of ongoing activities and possible security exposures
Solutions-driven, vendor-neutral technology outlook
Priority-driven time management for diverse projects across multiple customers and environments
Independent thinker; must be able to prioritize work and plan future activities
Detail-focused, adherent to procedures
Strong communications skills, both written and oral, with ability to interact effectively at all levels of responsibility and authority
Demonstrable aptitude for careers in IT security