GRC Information Security Business Partner
Location: Englewood, Colorado
Client has an exciting opportunity for an Information Security Business Partner (ISBP) at our client location in Meridian, CO. The ISBP is a key part of our Information Security and Governance, Risk, and Compliance (GRC) teams. This position is full-time, permanent, and salaried with standard work hours, has no supervisory duties, and requires very little travel. We are looking for someone who can start immediately.
The Information Security Business Partner will function as a central Information Security subject matter expert supporting the teams. They will provide cyber security advice to business partners to effectively manage risk to the business and will validate that security and technology controls are implemented to support business and security requirements.
Primary responsibilities of the Information Security Business.
Partner includes the following:
- Partner with Business Units to identify, analyze and mitigate security risk associated with activities executed throughout the business.
- Provide security consultation for new and ongoing enterprise initiatives.
- Consult on defining security policies and best practices.
- Educate and build awareness of security requirements.
- Improve compliance with security standards and policies across enterprise teams.
- Participate in testing and monitoring of security and privacy controls executed by client.
- Lead security enhancement projects focused on new or changing technologies.
- Publish executive-level security reporting across governance, risk, and compliance activities.
The successful candidate will possess the following qualifications:
Competencies:
- Project Management
- Self-led Learner
- Customer First Mentality
- Strong Adaptability
- Process Documentation Management
- Process Mapping Development
- Presentation Skills
- Multitasking
- General Risk Management Foundation
- General Information Security Foundation
- Communication w Executives
- Team Mentorship
- Can Interpret Regulations and Compliance Requirements
- Thought Leadership
- General Security Control Framework Foundation
- Cross-functional Team Leadership
Personality:
- Requires a well-organized, cheerful and persuasive individual, who can manage multiple priorities at once.
- Must have good meeting management and communication skills to keep conversations focused and productive.
- Must be self-driven; able to manage schedules, meet deadlines, coordinate with others, and perform tasks with minimal supervision.
- Must have the ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems.
Skills:
- Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker.
- Strong understanding of mitigation methodologies and regulatory requirements pertaining to information security, privacy and/or data security.
- High-level interpersonal skills.
Education and Experience:
- Bachelors Degree and at least 3-5 years of directly related experience. Must have a solid understanding of SOX, PCI, CPNI, CCPA, FACTA and similar IT Compliance and Privacy regulations.
- Strong understanding of mitigation methodologies and regulatory requirements pertaining to information security, privacy, and/or data security.
- The following experience is strongly preferred;
- Implementation of various security tools.
- Network security configuration background (firewalls, WAFs).
- OWASP top 10 experience.
- NIST, FedRamp, CMMC, HiTrust, Scada experience.
- Identification and automation of processes.
- Program governance and management experience.
- CISSP Certificaion strong plus
Other Qualifications:
- Professional certification (CISA, CSIM, CIA or similar) is highly desired. Candidates who apply will be tested in several areas, including verbal/spelling, math/logic and business problem-solving, and must meet minimum standards to be considered for this position.