Information Security Engineer III

The security Analyst is a member of the CISO Regulatory & Compliance Team and will assist in ensuring the associated business units / accounts comply with applicable Conduent and NIS 2 security standards regulations and Security analyst will be professional independent impartial and fair in all interactions.

• The security resource is accountable for procedures and processes that ensure the integrity confidentiality and availability of assigned Business units information applications and infrastructure.
• Resource will perform routine risk assessments security audits and vulnerability scans to identify evaluate document and remediate organization risk control gaps and vulnerabilities.
• This position will be responsible for developing security reports security recommendations and security policies and procedures that are meaningful defensible and actionable for a variety of audiences as pertained to assigned business units.
• Perform log collection correlation reviews archival retention and monitoring of automated alerts for items such as and not limited to:
  • IPS/IDS alerts; change detection (FIM) alerts
  • application firewall alerts; malware alerts
  • rogue wireless network alerts
  • security system health alerts; exploit attempt alerts
• Participate and be an integral component of audit compliance and regulatory functions including and not limited to:
  • audits of system security to ensure compliance with Corporate security framework
  • NIS 2 NIST 800-53 ISO 27001/2 PCI-DSS
  • emerging country state and Federal privacy laws
• Primary POC in a vulnerability management program of the account that includes:
  • external and internal vulnerability scans of applications and systems
  • external and internal penetration tests of applications and systems
  • documentation and remediation of identified vulnerabilities and exploits
  • routinely monitoring various communication avenues for security vulnerabilities and security patches
  • taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments
  • making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities
• Coordinate with business units operations and technology teams for incident response remediation and improvement
• Acts as the initial point of contact to facilitate the handling of security audits and client requests
• Supports the creation of business continuity/disaster recovery plans to include conducting disaster recovery tests publishing test results and making changes necessary to address deficiencies
• Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units

• CIPP CRISC CISA CISSP CISM ISO or any security/IT audit certification is a plus.
• Minimum of Five (3 to 5) Years of experience in IT Security compliance or Security Auditing is required.
• Knowledge and understanding of security controls across all security domains such as access management encryption vulnerability management authentication authorization network security physical security etc.
• Ability to identify security risks in application system and network architecture data flow and processes or procedures
• Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls.
• Knowledge of security technologies devices and countermeasures as well as the threats they are designed to counter.
• Experience with developing security reports recommendations policies and procedures that are meaningful defensible and actionable for a variety of audiences.
• Familiarity with more than one framework (NIST 800-series ISO 27000-series PCI DSS and ISO HIPAA HITRUST FISMA FedRAMP other common security control frameworks).
• Experience in PowerPoint Word Excel; experience with Visio and MS Project.
• Communication skills (interpersonal verbal presentation written email). Experience to write report segments and to participate in presentations.
• Familiarity with security workflow and collaboration tools such Nessus Tenable Splunk SharePoint and ServiceNow (Snow) is a plus
• Positive attitude team player self-starter; takes initiative ability to work independently and effectively with all levels of staff and management both internally and externally

• Creating and Maintaining NISTrev5 based SSP and POAM

Familiarity with more than one framework (NIST 800-series ISO 27000-series PCI DSS and ISO HIPAA HITRUST FISMA FedRAMP other common security control frameworks).