Description of Position:
This position is a member of the Information Security team responsible for supporting function. This role works day-to-day, embedded in the function to support management in meeting its security objectives, ensure information policies and standards are followed, and minimize the likelihood and impact of a data breach. The position serves as a focus point for operational security matters, supporting management in the development of corrective actions plans where non-compliance to policies and standards may be identified. This position serves as an internal information security consultant and will be responsible for designing, implementing, supporting and maintaining operational procedures, including targeted awareness activities, in line with information security policies and standards and compliance obligations. This position demands an organized, action-oriented team player with the ability to prioritize daily work and support on multiple initiatives simultaneously; strong communication and customer focus is required and an ability to work at all levels
Tasks and Responsibilities:
- Serves as an internal information security consultant advising on operational control status.
- Develops and maintains an operational information security plan and security calendar.
- Supports the development, implementation, and management of operational standards and procedures to ensure they are aligned with information security policies, standards and compliance obligations.
- Conducts operational audits to ensure compliance with control requirements.
- Provides management and Information Security with regular updates on status of the control environment.
- Conducts operational risk assessments in partnership with the Information Security team, identifying operational risk and collaborating on mitigation strategy with management and Information Security team.
- Develops targeted awareness activities ensuring staff has appropriate training to ensure behaviors to avoid risks to the support environment.
- Promotes importance of security throughout the company and participates in cross-functional security forum.
- Develops and reviews information security related performance objectives for management and staff and Ensures information security is considered in all operational projects.
Recommended skills, abilities, and certifications
- BS/BA degree in Computer Information Systems/Management Information Systems or related discipline or equivalent experience and 2-5 years related work experience in information security governance and/or related functions such as audit and risk management.
- Experience with information security management or quality frameworks desirable such as AT101 SOC 2, ISO, ITIL, CobiT, NIST and /or experience supporting regulatory and compliance programs.
- Experience designing and implementing operational controls within customer facing teams highly desired.
CISA, CISM, CRISC, CISSP, or similar certifications highly desired.