Cybersecurity Third - Party Risk Management Consultant leading risk assessments and compliance tracking for NIH/HHS systems. Managing third - party risk with a focus on federal cybersecurity mandates.
About the role
- Information Security Specialist protecting critical information assets for People Corporation. Collaborating with stakeholders to manage cyber risks and ensure compliance with industry standards.
Responsibilities
- Provide expertise to business leaders and technology teams by conducting security risk assessments, identifying potential threats and vulnerabilities, and recommending appropriate compensatory measures to allow risk to be managed to acceptable levels
- Collaborate with information security members to develop and align information security policies and standards with evolving business needs and industry standards (e.g. ISO 27001, NIST CSF) and ensure the ongoing currency of same for all participating companies
- Recommend security compliance and remediation initiatives for technology, processes, and services (a.) to ensure ongoing effectiveness of the information security program, (b.) to protect the business from security threats and (c.) to ensure compliance with regulatory, key business partner and client requirements
- Maintain awareness of security/privacy industry to keep abreast of best practices, trends, technologies, and regulatory requirements in information security
- Ensuring due care and competitive positioning on security solutions
- Research best practices and define/recommend improvements to corporate security infrastructure in support of the security program
- Develop and implement security strategy, plans, and budgets, ensuring alignment with business objectives and risk appetite for specific locations/companies
- Complete business cases for security solutions with a keen focus on risk assessment practices
- Developing and maintaining an in-depth understanding of the business unit, technologies, customers, partners, alliances, systems, processes, data, and customers
- Function as main contact or adviser for local security as part of Information Security leadership role and the IT business partners, as well as finance, HR, legal, and other staff as needed
- Provides leadership, executive support, and strategic and tactical guidance for the cybersecurity program supporting enterprise security initiatives
- Active engagement with Partner firms to help a company toward objective achievements through representation of the security program and helping in the case of a security incident as a main contact for communication
- Participating in company/region/unit related meetings and conferences and industry forums associated as part of the cybersecurity program
- Act as main contact or adviser for company affiliates and partners in their pursuit of aligning to the cyber program and governance structures
- Understands the processes, identifies, and evaluates controls and risks, and suggests controls and risk management strategies so that the company is complying with Information Security Policies and Standards
- Maintain up-to-date knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units
- Identify, document, and address threats and vulnerabilities that may impact the business
Requirements
- At least 10+ years’ cybersecurity experience (or information technology infrastructure coupled with cybersecurity), with at least 5+ years in an operationally focused security practitioner role
- Familiar with the cybersecurity acquisition due diligence process to assess the target firm’s status regarding regulatory compliance, security policies, and third-party risk
- At least 3 years’ experience working with business leadership, and enterprise projects
- Familiar with hands-on experience in IT infrastructure and security technologies (e.g., Firewalls, IPS/IDS, WAF, VPN, SIEM, MXDR, EDR, CASB, SSO, MFA, DLP)
- Experience in Cloud Security Operations for environments such as Azure, M365, GCP or AWS
- Completion of post-secondary education in Information Technology, Business Administration, Computer Science or combination of equivalent discipline
- A current senior professional certification relevant to cybersecurity, or risk management, such as: CISSP, CISM, CRISC, CISA
- Other beneficial industry certifications or training include GSEC, CCSP, CySA+ or ITIL
- Knowledge of various security best practices, security principle, standards and frameworks (e.g. CIS, ISO27001, NIST, OWASP)
Benefits
- Learn by working alongside our experts
- Extended health care and dental benefits
- A retirement savings plan with company contributions
- A suite of Health & Wellness offerings
- Mental Health programs and support for you and your family
- Assistance for the completion of industry designations
- Competitive compensation
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Entry - Level Network Security Engineer assisting IT security team with firewall implementation and monitoring. Focused on maintaining network integrity in a hybrid work environment.
Cybersecurity Designer executing and proposing process improvements at Bancolombia. Collaborating on cybersecurity functions to enhance client protection and information security.
Microsoft Security Specialist role at Syntax focused on delivering Microsoft security workshops and advisory engagements. Collaborating on technology implementation while ensuring customer security success.
Cybersecurity Specialist developing IT resilience and disaster recovery concepts for a global scale in secure IT services. Collaborating across borders in shaping organizational security standards.
Senior Cybersecurity Scrum Master focusing on release management at AT&T, collaborating across teams and managing production change requests with an Agile mindset.
BISO responsible for planning and executing enterprise - wide information security initiatives at Elsevier. Driving cybersecurity awareness and managing technical risk assessments for organizational improvements.
Develop innovative Cloud architectures on Microsoft Azure platforms. Secure cloud infrastructure and applications against various threats while working in a project team.
Analista Pleno de Segurança Patrimonial na Hershey Brasil, responsável por suporte de segurança física e gestão de serviços de segurança. Atuará em conformidade e gestão de crise em São Roque.
Senior Security Architect managing security architecture for Fitch Group. Leading design and implementation of control sets for emerging technologies.