Senior Enterprise Information Security Professional

Senior Enterprise Information Security Professional - Cybersecurity Governance

Remote Job |   2022-05-25 11:01:28

Apply Now

Share Job 

Job Code : LOBLOLLY15

Senior Enterprise Information Security Professional - Cybersecurity Governance
Houston, TX (Remote)
12+ month Contract

Under minimal direction, the Senior Enterprise Information Security Professional performs all procedures necessary to ensure the security of information and information systems, and to protect systems from intentional or inadvertent access or destruction.

Job Duties and Responsibilities:
•    Develops, implements, and manages IT Security Policies and the Exception Management Processes
•    Develops policy drafts, procedures, educational materials, strategy/technology roadmaps, Request for Proposal/Offers (RFP/RFO’s), project plans, communications and executive presentations to support the overall delivery of IT Security objectives
•    Designs and implements processes and tools to proactively monitor and govern the effectiveness of Cybersecurity controls and services
•    Drives the implementation of the Client's Cybersecurity Policies within Universal Services and across the organization
•    Determines and reports on key metrics for assessing and measuring cybersecurity risk
•    Develops procedures to routinely gather and produce metrics, reports and/or dashboards
•    Develops, manages, and coordinates security risk assessments to include third-party vendors, as required to support governance efforts
•    Conducts periodic assessments and gap analysis related to cybersecurity controls and manage remediation to correct the gaps
•    Participates in the on-going review and management of the Client's Cybersecurity Framework and Cybersecurity Policies to ensure alignment with governance objectives
•    Collaborates with the cybersecurity training team to conduct ad-hoc Cybersecurity training sessions as required to support the success of the program
•    Conducts evaluation of the level of security required and assists in the evaluation and implementation of other new security solutions and technologies as needed
•    Effectively communicates policies, standards, and procedures to stakeholders and articulates governance requirements
•    Works on multiple high complexity projects as a project leader or as the subject matter expert
•    Works on projects or issues of high complexity that require in-depth knowledge across multiple technical areas and business segments
•    Helps define and monitor policy compliance metrics, determine policy compliance gaps, and recommend/implement changes to improve operations related to governance and compliance
•    Uses Cybersecurity intelligence and understanding of IT systems to influence decisions on policy, exceptions, and system/configuration reviews
•    Facilitates review of Cybersecurity-related documentation, processes, and procedures
•    Establishes reasonable security guidelines and measures to protect data, information and systems
•    Identifies, measures, control and minimize security risks to information systems across a broad range of disciplines including applications, networking, and cloud
•    Coaches and mentors more junior level managerial and technical staff
•    Supports development of remediation plans and proactively track progress of remediation efforts to ensure open issues/risks are addressed, and assist in presenting cybersecurity risks and gaps to stakeholders as appropriate
•    Collaborates with the cybersecurity training team to conduct ad-hoc Cybersecurity training sessions as required to support the success of the program
•    Performs other duties as assigned

Requirements:
•    Associate degree or currently pursuing a degree from an accredited college or university in Information Security, Information Technology, Computer Science, or related field.
•    Seven (7) years of progressive work experience in Information Security, Information Technology, Computer Science, or related field.
•    Direct experience writing policies, designing, implementing, and operating enterprise cybersecurity governance solutions, tools, and technologies.

OR

•    Bachelor's degree from an accredited college or university in Information Security, Information Technology, Computer Science, or related field.
•    Five (5) years of progressive work experience in Information Security, Information Technology, Computer Science, or related field.
•    Direct experience writing policies, designing, implementing, and operating enterprise cybersecurity governance solutions, tools, and technologies.

Knowledge, Skills, and Abilities (KSAs):
•    Experience writing and developing Information Security policies, procedures, guidelines and metrics including Exception Management Processes
•    Experience designing, implementing and executing cybersecurity governance solutions, tools and technologies across complex, large-scale environments, all the way from project initiation to the desired end state of operationally healthy and sustainable services
•    Ability to build and maintain strong relationships across departments/teams and effectively communicate solution designs to stakeholders and leadership
•    Exceptional leadership, verbal and written communication, and project management skills
•    Ability to confront challenges in a constructive fashion and influence others through consensus building techniques
•    Strong organizational skills, including the ability to drive adherence to cybersecurity processes and tools and to keep focus on multiple tracks of work and open issues in parallel
•    Strong technical writing, research, analysis and analytical/problem solving skills
•    A passion for cybersecurity, self-starter mentality, flexibility and willingness to take on new challenges and ability to thrive in a team environment

Preferences:
•    Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), CompTIA Security+ Certification
•    Experience in design, implementation and operational support of cybersecurity governance solutions, tools, technologies and processes
•    Experience participating in Cybersecurity Incident Response Team (CIRT) activities
•    Experience consulting with business and technology partners on general security requirements and best practices

Knowledge, Skill & Abilities (KSAs):
•    A broad understanding of cybersecurity concepts across all domains, applicable security models (e.g. ISO 2700X, NIST and CIS Critical Security Controls) and regulations (e.g. SOX, PCI, HIPAA, CJIS, and Privacy Act)
•    Experience with Governance, Risk & Compliance (GRC) tools
•    Experience with MS Office 365, SharePoint and PowerBI reporting