Plan and carry out information security risk assessments on assigned projects and make recommendations to address risk scenarios. Liaise and attend meetings with ITM and Line of Business teams that are implementing projects with relevance to information assets. Monitor information security events, vulnerabilities and support management reporting. Support the Daimler Internal Control System (Sarbanes-Oxley)IT controls. Use research and technical writing skills to develop policies, standards, procedures and status updates. Assess the security of IT Systems such as web-applications and monitor action plans to address identified vulnerabilities. Assess offshore providers of IT and business services and monitor action plans to address identified risks or compliance gaps. Develop education and awareness materials on Information Security topics for presentation to employees. Experience required includes: information security architecture, firewalls, intrusion detections, PKI, IPSec, VPN, data encryption, risk assessment and mitigation, contingency planning, and secure application coding.
Required
• 5 years of Information Technology experience – 3 of which should be in a CyberSecurity or IT Security related role (preferably Governance, Risk & Compliance).
• Experience in Risk Management including Risk Monitoring & Reporting and Risk Quantification.
• Excellent oral, communication, and technical writing skills.
• Knowledge of Information Security Frameworks such as NIST,ISO 27001 and ISO 27005.
• Experienced with Microsoft Office including Word, Excel, PowerPoint and Outlook.
• Motivation to develop career in the Cybersecurity field.
• Experience conducting CyberSecurity Compliance reviews or Spot Checks
Preferred
• Experience working as an Information Security professional with a Financial Institution.
• Information Security certification, especially CISSP, CCSP, CGRC, CISA, CISM and/or CRISC.
• Knowledge of US Regulations (i.e. – NYCRR 500, GLBA, etc.).
• Experience managing a Compliance Management System.
• Experience using JIRA – especially in an administrative capacity.
• Knowledge of governance in cloud environments.
• Third Party Risk Management.
• Experience with Audit Procedures.