Information Security Lead Jobs

Specific Qualifications or Experience Required:

5+ years experience with Information Security

5+ years experience in NIST CSF assessments

2+ years experience in the healthcare industry

Well-developed business writing and oral communication skills with the ability to document work appropriately; pays close attention to detail

Understanding of systems analysis and design, related tools and techniques and continuous quality improvement

Experience with common information security management frameworks, such as ISO 2700x, COBIT, or NIST

Strong management and team-building skills

Problem-solving, negotiation and decision-making skills to influence management, as well as internal and external partners

Implement a security framework to manage technological risk management

Implement a security framework to manage technological risk management including TRA/PIA assessments during project delivery cycle

Works with IS management team and 3rd party PaaS, SaaS and IaaS vendors

- Experience working within risk management and audit

- 3-5+ years of experience working within a technical security background

- Strong communication skills and has the ability to work cross-functionally

- Knowledge of security cloud-based environments such as AWS and Microsoft Azure

- Has worked within compliance previously and understands the foundations of security

- Completed documentation regarding security compliance and protocols

Experience relevant to information security systems and implementation and the demonstrated ability to learn technically complex environments.

Demonstrated solid communication (verbal and written), negotiation and presentation skills.

Experience in a complex, multi-platform IT environment.

Demonstrated leadership and advocacy skills.

Experience involving engagements with senior leaders and decision-makers.

Experience in a post­secondary or public-sector environment.

Significant experience in a team management and development role;

In-depth knowledge and understanding of information security management frameworks, standards and best practices (ISO 27001, NIST, COBIT, ITIL, etc.);

As the owner of the security risk management framework, oversee its evolution, application and compliance;

Coordinate, plan and execute the security assurance program, including security testing, tabletop exercises, configuration management, compliance monitoring, etc.;

Represent Information Security on working groups for various initiatives or activities to ensure communication of and compliance with information security requirements;

In-depth knowledge and understanding of application, cloud and systems security, and proficiency in applicable security solutions;

Demonstrated project management, organization, communication, and presentation skills

Experience with the SOC-2 certification process, for type 1 or type 2 documents

Demonstrated experience and skills in collaboration, teamwork, and problem-solving

4-8 years of experience in a compliance (or similar) role

Experience with a sub-processor listing within the GDPR context

Experience with regulatory framework/law/bodies such as GLBA, FS-ISAC, FSR, NIST, etc

3+ years experience in IT Security and Application technology management and support

Strong skills in report writing and project management.

In depth knowledge of IT Security principles, protocols, practices and industry standards

Experience performing risk assessments of cloud (SaaS) based technologies.

Experience with Amazon Web Services (AWS) is preferred.

Supports a balanced approach for security controls and support of governance practices.

• Strong leadership, negotiation, and conflict management skills

• Maintain organizations Security Risk Register for effective risk management and operational compliance functions.

• Manage the Security organization, hiring, managing and staffing requirements in line with project objectives

o Security Incident and Event Management (SIEM)

o Privileged Access Management (PAM)

CERTIFICATIONS, LICENSES, REGISTRATIONS, SPECIAL SKILLS

Experience performing risk assessment and management, developing mitigation strategies.

Experience working in the telecommunications industry, with knowledge of network security and operations

Maintain the organizations compliance with the security requirements of Bell customers Contract Security Program.

Develop and implement safeguards and metrics in collaboration with operational and business teams to support client security requirements.

Review and maintain IT system security controls to ensure compliance with industry standards, contract requirements and clauses.

Experience in information security and an understanding of the concepts and principles of information handling and protection.

A management team focused on performance, growth, engagement and connection

Set the vision for our security roadmap and evolve and expand our existing security practices to meet or exceed market requirements.

Experienced with leading Application Security, DevOps, or Cloud Security functions

Experienced with cloud computing technologies, managing cloud infrastructure as code, and with security commitments to customers and partners.

Highly experienced in developing information security policies and procedures, as well as successfully executing programs

Skilled at communicating security and risk-related concepts to technical and non-technical audiences

Strong technical/computer skills and familiarity with educational technologies are required

Related industry work experience, previous college teaching experience and knowledge of curriculum design and student evaluations are assets

Combination of excellent leadership and teaching skills with a strong commitment to academic excellence and student success

Teaching experience with hybrid and/or online delivery preferred

Desired certifications may include ITIL Foundations, CISSP , Audit, Microsoft, and VMware

Teach undergraduate and graduate courses

Exceptional stakeholder management skills and experience building consensus in a highly diverse environment

Demonstrated knowledge of risk management frameworks and vulnerability management

Experience with core information security technologies and platforms including data loss protection, security incident and event management, vulnerability management, etc.

Actively identifies personal training and development needs, and proactively contributes to maintaining up to date knowledge, skills and abilities.

Security incident response and crisis management

Manage the information security posture of Dye & Durham through targeted investments and appropriate application of people, technology and processes.

Strong problem-solving and analytical skills

Excellent verbal and communication skills

Basic networking / security knowledge

Review security logs from all systems. Correlate and identify intrusions or areas of risk

Conduct vulnerability and penetration tests against defined infrastructure to identify weakness

Identify compromised systems on the network and assist with containment and mitigation

Familiarity with information security documentation requirements, certification and accreditation processes, and general reporting requirements for ISO 27001 industry security standard

Support in the development of Avidbots Information security policies, procedures, and standards to meet compliance responsibilities.

Provide information security subject matter expertise as required in support of product development requirements.

Working knowledge of system and network security engineering best practices

Professional certification in Information Security (CISSP, SSCP, CCSP)

Strong analytical skills with the ability to problem solve complex information security issues

SOC/NOC experience desired. Working knowledge of information security control technologies including access control, cryptography, vulnerability management, SIEM/log management, ID/IPS.

Strong organization and time-management skills

Work with different teams including network operations and R&D to protect management information system and FortiGuard infrastructure.

Knowledge and experience working with various information security frameworks (ISO/IEC 27001, NIST 800-53, etc.) and regulatory frameworks (HIPAA, GDPR, etc.)

3+ years of experience in information security analyst/penetration tester role.

Hands-on experience on FortiSIEM, FortiSOAR, and FortiAnalyzer is desirable.

Manage, measure, and audit the Managed Security Services vendor to established contractual and compliance requirements for security monitoring

Collect, generate, monitor and analyze IT operations security metrics to measure the effectiveness of the IT security management processes

Serve as internal technical point of contact with external managed security monitoring service in incident handling response for information security incidents

Manage, conduct and optimize vulnerability scans on IT infrastructure and systems

Strong leadership and organizational skills, proven by on-time, on-budget delivery of complex, multidisciplinary projects

Knowledge of security, privacy and IT governance frameworks and legislation, such as NIST 800-53, ISO27001, PCI-DSS, privacy legislation.

Proven ability to work with competing resources, budget limitations, and strong conflict management and problem-solving skills.

Process/Project Management: skilled at figuring out and managing the processes and timelines necessary to get work accomplished

Manage reporting staff, including selection, coaching, mentoring, development, performance management and all other people-management practices, including DE&I.

Manage Hootsuite’s various application security testing processes, including internal and external pen-tests, code scans, architectural reviews and vulnerability management.

Manage day-to-day operations of our Security Incident Response team, on-call schedule and relationship with our Managed Security Service Provider (MSSP)

Manage SecDevOps aspects of our production and IT infrastructure in coordination with the cloud operations, R&D and IT teams.

Demonstrated organizational, project management and documentation skills

Prepare metrics and reports for management on the status of GRC objectives

Engage with management to identify possible resolutions to control weaknesses and opportunities for improvement.

Experience in a remote-first and distributed environment

Represent the GRC Team by participating directly with projects and provide guidance, requirements and documentation for security-related purposes when requested

Assist with developing configuration monitoring capabilities for SaaS and IaaS platforms