drjobs
Consultant IT Security & Risk Management
drjobs Consultant IT Security & Risk Management العربية

Consultant IT Security & Risk Management

Employer Active

1 Vacancy
The job posting is outdated and position may be filled
drjobs

Job Alert

You will be updated with latest job alerts via email
Valid email field required
Send jobs
drjobs

Job Alert

You will be updated with latest job alerts via email

Valid email field required
Send jobs

Job Location

drjobs

others - USA

Monthly Salary

drjobs

Not Disclosed

drjobs

Salary Not Disclosed

Vacancy

1 Vacancy

Job Description

Req ID : 1689324
Responsibilities:
  • Directing outsourced IT Security to execute information security projects and activities.
  • Defining security requirements including security policies, standards, plans, methodologies, and guidelines.
  • Creating and executing project plans to ensure the timely execution of security projects.
  • Reviewing the security of technologies, systems, networks, and applications.
  • Areas of Responsibility:
  • IT Security & Risk Management's responsibilities include a variety of activities including strategic, tactical, and operational such as:
  • Strategic Support
  • Security Liaison
  • Security Architecture & Engineering Support
  • Operational Support
  • Strategic Support:
  • Work with the Director to develop an information security program and security projects that address identified risks and business security requirements in alignment with the risk tolerance of the organization.
  • Partner with the Director to develop budget projections based on short- and long-term goals and objectives.
  • Propose changes to existing policies and procedures to ensure the protection of Purdue systems, efficient operations, and regulatory compliance.
  • Work with IT Security, IT, and business stakeholders to build metrics and reports that effectively communicate risks, progress, and areas of opportunity.
  • Assist resource owners and IT staff in understanding and responding to reported security audit failures.
  • Advocate information security with the organization and ensure that personnel are trained on information security best practices.
  • Review the security of systems, networks, applications, and resources; identify risks; and provide security recommendations.
  • Provide support and guidance for legal and regulatory compliance efforts, including audit support.
  • Keep up-to-date with information security threats, risks, and vulnerabilities.
  • Ensure that vulnerabilities are addressed in line with their criticality and agreed upon SLAs.
  • Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and software.
  • Recommend and coordinate the implementation of technical security controls.
  • Research, evaluate, design, test, recommend, and plan the implementation of technical information security controls and analyze its impact on the existing environment.
  • Direct the administration of security tools and controls.
  • Work with IT to ensure that there is a convergence of business, technical, and security requirements.
  • Proactively identify areas of improvement in technical security architecture and processes.
  • Create, develop, and execute KPIs, metrics, and reports.
  • Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
  • Manage the day-to-day activities of threat and vulnerability management & risk management including the recommended treatment plans, status, and residual risks.
  • Manage security projects and provide expert guidance on security matters.
  • Design, coordinate and oversee security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.
Requirements:
  • BS / MS / Equivalent Training and 8+ years of relevant experience.
  • Experience managing a small team and outsourced IT personnel.
  • Strong hands-on technical system and network security skills.
  • Experience with information security governance, risk, and compliance.
  • Professional certification, such as CISM or CISSP is preferred.
  • IT Security & Risk Management must have the following:
  • Experience reviewing security architecture and defining security requirements.
  • Management skills including experience managing outsourced personnel.
  • Experience developing and maintaining policies, procedures, standards, and guidelines.
  • Experience with common information security management frameworks, such as ISO 27001, NIST.
  • Familiarity with applicable legal and regulatory requirements, including, but not limited to SOX, HIPPA, GPDR, and CCPA.
  • Strong project management skills and experience in creating and managing project plans.
  • Proficiency in performing risk, business impact, control, and vulnerability assessments, and in defining treatment strategies.
  • Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
  • Ability to communicate with technical and non-technical stakeholders at all levels.
  • Strong written and verbal communication skills.

Employment Type

Full Time

Company Industry

About Company

100 employees
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.