Cybersecurity Specialist

Title: Cybersecurity Specialist
Location: Remote
Duration: 6 Months

Cybersecurity Specialist
This position assists Compliance and Information Security in providing internal control assessment, auditing and monitoring, risk management and mitigation. This role will work to identify risk and ensure compliance with industry standards, relevant laws and regulations, and industry best practices. This position also assists in maintaining and developing appropriate policies, procedures, and documentation to maintain compliance with local, state, and federal laws. Reviews and evaluates compliance issues and concerns within the organization. The candidate is also expected to have a strong work ethic, leverage analytical and critical thinking, have the ability to follow instructions, have strong listening and communication skills.
 

• Work with a variety of cross-functional teams to ensure compliance with laws, regulations, and policies
• Support Audit Readiness during external and internal Audit Activities
• Ensure compliance of business continuity management policies and process in accordance with applicable regulatory requirements
• Develop and maintain information security standards, guidelines, and procedures

Align with industry guidelines to implement secure design policies and procedures

• Determine security violations and inefficiencies by conducting periodic reviews
• Implement and maintain security controls

Conduct threat and risk analysis and analyze the business impact of new and existing systems and technologies to eliminate risk, performance, and capacity issues

• Assist with incident response as events are escalated, including triage, remediation, and documentation
• Implements security improvements by assessing current situation; evaluating trends; anticipating requirements
• Maintain quality service by following organization standards
• Contribute to team effort by accomplishing related results as needed
• Attend regular project and implementation meetings and serve as the security consultant to help guide secure practices
• Keep up to date with the current and proposed security changes impacting regulatory, privacy and security industry best practice guidance
• Maintain technical knowledge by attending educational workshops

Required Qualifications

• Bachelor’s Degree or an Associate's degree and equivalent combination of education and work experience
• Minimum 4 years cybersecurity or Mobile and embedded software cybersecurity experience with a strong preference for compliance experience
• Experience in Audit and certification process
• Demonstrated knowledge of General Computer Controls, including Information Security, Information System Operations, Vendor Management, Business Continuity, Networks, Database, System Software, Hardware, and Application Development controls
• Strong analytical skills to analyze laws, regulations and translating the security requirements into appropriate security programs, projects, controls, and training
• Demonstrated excellent oral and written communication skills for interaction with all levels of management and staff including the ability to communicate regulatory requirements, security objectives, policies, and standards in business terms
• Strong team player with the ability to communicate effectively within cross-functional groups and perform peer reviews of work products and documents
• Excellent organizational skills and critical attention to detail and deadlines with the ability to handle multiple tasks simultaneously
• Holds one or more cybersecurity certifications or has completed necessary coursework.
• Self-motivated, well-organized and able to position controls in anticipation of threats.

Preferred:

• At least 4 years of cybersecurity experience
• Minimum two years of experience writing and interpreting information security policies and standards
• Advanced degree
• Medical device product security experience
• Business Continuity & Quality Management
• Experience with data privacy regulations to include US HIPAA and EU GDPR
• Audit and Risk Management experience Development process and security process knowledge
• Experience in threat modeling
• Experience in risk management
• Ability to effectively communicate business risk as it relates to cybersecurity
• Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management and hardening guidelines
• Track record of acting with integrity, taking pride in work, ability to respond to constructive criticism in a positive manner, seeking to excel, being curious and adaptable, and communicating effectively
• Vulnerability and penetration-testing skills
• Advanced understanding of software development lifecycle (SLDC) and secure design principles
• Understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model and common security elements
• Understanding of OWASP, CVSS, the MITRE Telecommunication&CK framework
• Understanding of ISO 27001 and NIST cybersecurity frameworks
• Displays an analytical and problem-solving mindset
• Is highly organized and efficient
• Leverages strategic and tactical thinking
• Works calmly under pressure and with tight deadlines
• Demonstrates effective decision-making skills