• Lead the current shift of Security Operation Analysts and Operators
• Responsible for roster management
• Ensure all incidents are correctly triaged and responded to in a timely fashion
• Act as the initial Security representative on Incident Management Bridges
• Oversee and monitor all routine security administration
• Ensure all mission-critical security tools are running correctly
• Documentation creation and review
• Identify areas where tuning and parameter adjustment of security tool solutions are required (i.e., filtering of an event, writing correlation rules)
• Assist with Security deployments and perform any necessary build configurations
• Ensure deployed devices adhere to best practices
• Liaise with BU’s to gather security concerns for custom solutions
• Contributes to project and/or development activities as designated by the Line Manager
• Making recommendations to improve operational effectiveness

Skills: Shift Leadership, Incident Triage, Incident Response, Security Monitoring, Tool Management, Documentation, Configuration Management, Process Improvement

• Maintaining and administering of information security management system according to the ISO27001 standard
• Ensuring that policies and procedures are in place, performing audits and reviews to maintain conformity
• Work independently with internal stakeholders to assess the security control and governance framework of prospective and existing 3rd party technology solutions and cloud service providers
• Take an active role within the Cybersecurity Incident Response team, acting on cybersecurity events reported through Service Desk tickets and SOC, including supporting end users
• Supporting project delivery frameworks and key departments, with activities related to Governance, Risk and Compliance for information security and data protection, including the administration of supplier questionnaires and risk assessments
• Manage, monitor and arrange educational activities to maintain a high level of Cybersecurity and GDPR awareness
• Manage the learning platform, producing detailed guides on policies and procedures and working with the communications team to ensure effective adoption
• Support DPO function in dealing with privacy breaches, queries from data subjects and to communicate with other organizations or customers in relation to Cybersecurity
• Responsible for providing advice on information security-related queries
• Perform analysis of logs/alerts from security tools and identify anomalies
• Complete key partner external DD requests by 3rd parties and perform reviews on 3rd parties and identify security risks
• Update and deliver the security awareness programs including written and verbal presentations
• Carry out initial analysis of security incidents and respond
• Perform line 1 security control checks against applications and systems
• Contribute to monthly and quarterly MI reporting, assist with vulnerability management and Incident response
• Offer advice on InfoSec standards and the cyber control environment from across the business

Skills: Cybersecurity Audits, Security Governance, Risk Assessment, Policy Management, GDPR Compliance, Vendor Security, Incident Response, Awareness Training

• Collaborates with users to identify appropriate security
• Reports feedback from users regarding security needs and challenges
• Maintains records, forms and documentation
• Assists in the preparation of training materials and communications
• Conducts training sessions and shares educational information with users
• Reviews requests for access and authorizes appropriate levels of security based on user needs, guidelines and policy
• Administers all security aspects for users
• Designs and maintains security items such as roles, permission lists, query and report access, component interfaces, and batch process groups
• Provides troubleshooting assistance to users regarding security and access issues
• Partners with users and internal/external staff to monitor, report and manage departmental-level security access within applications or systems
• Participate with other team members in the operation of the data security plan program and implementation of vulnerability and penetration assessments and remediation activities
• Develop project plans and prepare security measurement reports
• Provides work direction and/or supervises staff such as team members, subordinates, contractors, vendors, students, etc.
• Manages projects, ensuring timelines and deliverables are met and meet expectations

Skills: User Collaboration, Security Administration, Access Management, Policy Compliance, Training Delivery, Role Design, Issue Resolution, Project Leadership

• Working with security auditors for various certification programs such as ISO and SOC2, among others, to facilitate successful security audits that lead to industry certifications
• Ensure all required security controls required for several security certification programs including ISO27001, ISO27018, and SOC2 Type II, among others, are designed, operational and mapped to the corporate security control matrix
• Work with cross-functional teams to ensure all security controls are fully operational, with evidence being captured on an ongoing basis
• Work with cross-functional teams and colleagues in the security Governance team to automate as many security control implementations and evidence capture as practicable
• Contribute to Security Risk Management activities including Risk Assessments, Reporting and remediation planning
• Conduct a comprehensive analysis of risk scenarios and inform key stakeholders of findings on an ongoing basis
• Undertake third-party risk assessments and reporting
• Build awareness and accountability around IT governance, risk, and compliance control functions
• Contribute to developing and enhancing a mature security culture
• Deploying and enhancing a central Governance management tool
• Drive security audits for various security programs, ensuring that auditors are managed and that evidence is provided promptly
• Interacts enterprise-wide with all levels of personnel, including executives, business functional heads and technical staff
• Analyze key business processes
• Produce comprehensive risk scenarios that will be implemented by working with and through business leaders and information security risk architecture
• Work with the Data Privacy Team to support the implementation and monitor privacy compliance programs to include Privacy Impact Analysis (PIA)
• Understand the flow of information and how the information is utilized and use that knowledge to support the integrity of the Privacy compliance program

Skills: Security Auditing, Risk Assessment, Compliance Monitoring, Evidence Automation, Governance Tools, Privacy Compliance, Cross-Functional Collaboration, Control Implementation

• Works closely with development teams to ensure that security by design principles are included as base requirements in new development projects
• Communicates information security issues effectively to business managers, users of systems and networks
• Support the continued development of the TNT Express Global Information Security posture, including involvement in integration / strategic initiatives
• Conduct Information Security assessments on complex/high-risk projects to confirm the level of compliance with the defined requirements of the company's information security standards
• Identify and report any non-conformities and opportunities for improvement
• Agree on corrective actions to restore compliance, and identify any preventative actions necessary to avoid future non-compliance
• Conduct investigation, analysis and review following breaches of Information Security controls
• Prepare recommendations for appropriate control improvements, involving other professionals
• Support Global IT colleagues to ensure appropriate Information Security controls are an integral part of all Global IT business solutions, including those provided by third parties
• Manage vulnerabilities proactively via involvement in the development lifecycle and reactively by conducting regular vulnerability testing and leading remediation activities
• Monitor for security and data breaches
• Follow incident response procedures in case of a breach
• Follow up with remediation activities after the fact to close any security gaps

• Monitors and manages cybersecurity tools to protect the organization's technology and digital assets
• Continuously assess the organization's systems, networks, and data to determine what types of security defenses are necessary
• Actively contributes feedback about the secure configuration of information systems
• Contributes to the development and maintenance of the Identity and Access Management (IAM) architecture and standards
• Acts with a sense of urgency when responding to incidents and vulnerabilities
• Actively manages the technology security environment, including evaluating user access provisioning and deprovisioning processes and reporting
• Responds to any security breaches or intrusions that may occur
• Conducts scans and testing to identify any vulnerabilities and manage remediation efforts
• Assists with investigations to determine how security breaches happened
• Reports findings and provides security recommendations to management
• Implements and updates technology processes and procedures that are critical to the organization
• Manage outsourced security-related vendors

Skills: Cybersecurity Monitoring, Threat Assessment, IAM Management, Incident Handling, Vulnerability Scanning, Access Control, Breach Investigation, Vendor Management

• Provide strategic planning and regulatory compliance and conduct cyber incident detection and response
• Provide cybersecurity compliance and vulnerability scanning using Security Technical Implementation Guides (STIGs)
• Assist AFNORTH Information System Security Manager (ISSM) with updating existing artifacts and information assurance (IA) control inputs to document authorized baseline changes
• Provide support to ensure DoD Information Assurance Certification and Accreditation Process (DIACAP) and Risk Management Framework (RMF) documentation, drawings and diagrams are properly updated and maintained
• Support large, complex long-term technology projects involving multiple technologies and vendors with broad implications for the IT architecture
• Support tactical plans for security and detection solutions
• Develops standards and best practices for current and emerging technologies
• Supports project and operational issues and risks, using escalation appropriately
• Stays current with the industry, security standards/best practices and relevant industry trends
• Determines, tracks and monitors key metrics to mitigate risks to PepsiCo and remediates

Skills: Strategic Planning, Regulatory Compliance, Cyber Incident Response, Vulnerability Scanning, RMF Documentation, Security Standards, Risk Mitigation, Metrics Monitoring

• Plan, monitor, and execute application and data security for the BeiGene application
• Work with the IT team to onboard new applications/systems, and make sure they are fulfilling with requirements
• Ensures adherence to BeiGene Information Technology policies, standards and procedures
• Executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company data or systems
• Performs regularly scheduled vulnerability scans and prepares associated reports
• Assists with security risk assessments and vulnerability evaluations
• Coordinates and performs periodic penetration testing to determine vulnerabilities and appropriate controls to prevent, detect or respond to future events
• Determines security violations and inefficiencies through security tests, evaluations and internal audits
• Performs incident response, investigation, analysis, resolution and reporting activities
• Coordinates and delivers security awareness training
• Lead and manage security controls deployment and operation

Skills: Application Security, System Onboarding, Policy Compliance, Threat Prevention, Vulnerability Scanning, Penetration Testing, Incident Management, Security Training

• Champion all things InfoSec and be a subject matter expert
• Recommend security controls for solutions to meet relevant Information Security Policies, Standards and Guidelines, as well as regulatory and other requirements
• Assist in the supplier due diligence process for onboarding new Suppliers/re-certifying/offboarding existing suppliers
• Conduct a technical security review and perform a security risk assessment
• Oversee compliance with InfoSec policies and standards and keep on track
• Scope penetration tests, review and analysis of the info and manage the remediation plan
• Ensure the right technical documentation standards, run books, policies, and standards are in place
• Work with partners and 3rd party suppliers regularly to ensure security controls are in place and working, etc.
• Manage information security and cyber-related events, issues, incidents, etc.
• Recommend changes that will improve every aspect of company security

Skills: Information Security, Control Recommendation, Supplier Due Diligence, Risk Assessment, Compliance Oversight, Penetration Testing, Incident Handling, Security Documentation

• Perform, maintain and improve the current Vendor Privacy and Security Assessment process
• Work with Vendor Risk Management to embed the process in the current Procurement initiatives
• Perform Information Security Vendor Risk Management assessments
• Support the delivery of data protection activities as part of the Global Data Privacy Program
• Support the business in performing Data Protection Impact Assessments
• Provide advice and guidance on data privacy measures based on the outcome of the impact assessments
• Provide advice and guidance regarding the detection, notification, assessment, processing, documentation and reporting of personal data breaches within FedEx
• Perform, maintain and improve the Data Subject Rights process
• Maintain the personal data inventory
• Support the performance of the global Information Security assessment project
• Roll out Information Security standards globally

Skills: Vendor Assessment, Risk Management, Data Protection, Privacy Compliance, Impact Assessment, Breach Response, Data Inventory, Security Standards

• Raising awareness of key information security-related issues and initiatives
• Reviewing and identifying improvements to the Information Security programme
• Identifying external and internal issues that could affect Information Security
• Monitoring and measurement of Technological Vulnerabilities
• Monitoring compliance of EDQ operations with required security standards and Experian’s Global Policies
• Guiding Project Managers and Scrum Masters through the Project Security Assessments (PSA), setting expectations and providing support
• Attending combined Experian Information Security Management System (ISMS) meetings
• Performing ISMS Internal Audits and providing support to Global Internal Audit
• Managing audit findings and the resulting action plans
• Analysing local Incidents, events and trends
• Directing customer information requests to the appropriate parties

Skills: Security Awareness, Program Improvement, Issue Identification, Vulnerability Monitoring, Compliance Oversight, Security Assessment, Internal Auditing, Incident Analysis

• Contribute to and assist in the development of the Information Security Program with a focus on incident management
• Identify vulnerabilities, conduct risk assessments, evaluate, and recommend proportionate controls for Cirrus Logic systems
• Detect, respond, mitigate, and report on cyber threats and incidents
• Coordinate investigation and mitigation activities with internal IT groups
• Monitor and report on general compliance with Cirrus policies and Industry Cybersecurity Frameworks
• Collaborate and serve as a liaison between the security team and internal/external partners for various IT initiatives
• Provide consulting and operational support on projects across various security domain programs
• Ensure that users adhere to policies and are trained on proper procedures to maintain overall data security
• Assist in the development and sharing of knowledge within the security team
• Assist in the completion of information security due diligence processes during the contracting phase with clients and third-party service providers
• Implement, update, audit and improve the business’s ISO 27001 certified Information Security Management System in line with the Information Security Strategy and changes in the security landscape
• Assist in the delivery of information security awareness training to all new and existing staff
• Set up and support the business during penetration testing engagements
• Support the product and development teams to review, document and communicate weaknesses and vulnerabilities
• Leading to remediation and reporting
• Review patching, endpoint, and vulnerability scans such as digest, communicate, and support to remediate the discovered issues
• Assist in Security Incident Response, including evaluating and reporting on business impacts of security incident trends
• Work closely with the DevOps, Technology and Development teams to improve security controls to harden the SDLC and CI/CD pipeline

Skills: Incident Management, Risk Assessment, Threat Response, Compliance Monitoring, Security Consulting, Awareness Training, Penetration Testing, SDLC Security

• Works closely with enterprise architects, IT Operations, and engineering to implement adequate security solutions and controls throughout all IT systems
• Platforms to mitigate identified risks and to meet business objectives and regulatory requirements
• Designs secure IT environments, performs threat and business exposure analyses
• Responds appropriately and effectively to cyberattacks
• Researches, designs, and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors
• Manage theScore Security Operations Center and provide a report
• Conduct Observations and Monitoring for theScore Information Systems
• Provide information regarding security events or any activities that indicate an effort by a threat agent to gain unauthorized access to organizations’ Information Systems
• Manage security incidents throughout their life-cycle
• Conduct cybersecurity and privacy risk assessment and management

Skills: Security Architecture, Risk Mitigation, Threat Analysis, Cyberattack Response, Technology Research, SOC Management, Incident Lifecycle, Risk Management

• Perform and maintain application and supplier information security assessments
• Triage and monitor identified internal and external vulnerabilities
• Maintain the information security risk register and facilitate regular information security meetings
• Assist in the maintenance, administration, and continuous improvement of key information security products and solutions
• Perform a review/audit of information security controls
• Assist technical teams in implementing the necessary information security controls
• Test and evaluate the security controls of solutions used by the business
• Assist in the event of information security incidents
• Operate security tooling and technology stack
• Conduct Incident Response activities including investigating, escalating, testing and threat hunting
• Improve visibility and detection capabilities by tuning detection and monitoring tools
• Respond to security events in coordination with the business and Managed Service Provider
• Assist in maturing the Information Security Program by analyzing controls, policies, and standards against compliance with regulations and organization needs
• Secure laptops, mobile devices, and on-premise and cloud-based applications and services
• Develop and document security documentation and metrics
• Evaluate and recommend emerging security technology

Skills: Security Assessments, Vulnerability Monitoring, Risk Register Management, Control Evaluation, Incident Response, Threat Detection, Tool Administration, Security Documentation

• Develop and maintain an adequate body of policies and procedures
• Contribute to the development of a sound security and risk management culture
• Contribute to the information security control framework by implementing an internal control framework based on best practices
• Investigate and analyse information security risks, alerts and incidents
• Liaise with internal stakeholders to build a mature information security framework, including managing projects, conducting assessments, providing security opinions, validating practices, etc.
• Familiar with IT security products and procedures
• Implement an information protection solution based on the product and procedure
• Monitor networks and systems for security breaches through the use of software that detects intrusions and anomalous system behavior
• React to the incident response, including steps to minimize the impact and then conduct a technical and forensic investigation into how the breach happened and the extent of the damage
• Attend the global information security regular meeting, update the regional status and issue escalation

Skills: Policy Development, Risk Culture, Control Frameworks, Incident Investigation, Stakeholder Engagement, Security Monitoring, Breach Response, Information Protection

• Maintain and enhance the vulnerability testing and remediation process
• Validate alerts generated through security testing and monitoring tools
• Work with business and technical teams to review vulnerabilities, plan a remediation strategy and track items to closure
• Participate in incident triage, analysis, response, and remediation for computer network intrusions
• Monitor and analyze industry and vendor vulnerability alerts
• Assist with gathering and reporting metrics regarding security events, vulnerabilities, and alerts
• Support periodic network and application security penetration testing activities, including scheduling, resources, tool execution, and reporting
• Recommend and drive capability and functionality improvements in critical security tools and their associated processes

Skills: Vulnerability Management, Alert Validation, Remediation Planning, Incident Response, Threat Monitoring, Security Metrics, Penetration Testing, Tool Optimization

• Review relevant documentation on business processes, security architecture, security controls, and associated technical implementations
• Assist in researching subject matter areas and provide insights and analyses
• Monitor and continuously keep abreast with industry trends and best practices in relevant areas of IT security and cyber risk management
• Investigate, document, and report on information security issues and emerging trends
• Perform routine security investigations, prioritize security events, and respond to security threats as per the Incident Response Framework
• Research and provide relevant inputs to technical assessments and contribute to assessment reports
• Review, develop and recommend changes regarding information security procedures
• Conduct reactive and proactive in-depth malware and log analysis to identify cyber threats
• Triaging and escalating alerts from various security systems and appliances
• Assisting with the monthly vulnerability management program
• Ticketing, follow-up, and recommendations

Skills: Security Documentation, Threat Research, Trend Monitoring, Incident Response, Technical Assessment, Malware Analysis, Alert Triage, Vulnerability Program

• Assist with creating and updating system documentation, training materials, policies and procedures
• Work with other groups and technology stakeholders 
• Support the design and implementation of security systems that enable the business to operate effectively and securely
• Collaborate with MSSP teams in monitoring computer networks and systems for security issues
• Review penetration tests, security audits and document any security issues or breaches
• Participate in the implementation of new security solutions, policies, standards, baselines, guidelines, and procedures
• Support the security goals established by HomeEquity Bank and actively work towards upholding those goals
• Conduct risk and vulnerability audits and assessments and participate in investigations, design and execution of risk and vulnerability assessments
• Recommends best practice solutions to technical and business requests
• Working with Auditors to ensure evidence is collected in a timely and accurate manner

Skills: Security Documentation, Stakeholder Collaboration, System Implementation, Network Monitoring, Audit Support, Risk Assessment, Policy Development, Penetration Review

• Provides technical support to ensure the ongoing efficient and reliable operations of related information security systems/ products 
• Continuous monitoring and maintenance of daily audit scripts, Security Information and Event Management (SIEM) alerts, Active Directory Policy creation, web filtering products, security patching processes, 
• Identity and access Management (IAM), risk monitoring, etc.
• Coordinates the implementation of security audits and system vulnerability tests with outside vendors
• Proficient with technology and having the skills to provide support for user, application, and data access issues
• Assists with monitoring and review of IT systems to enforce role-based access rules to ensure appropriate access for students, faculty, and staff
• Assist management with incident reports based on unauthorized access and privacy breaches
• Assists with the discovery of vulnerabilities in TCC information systems using threat hunting tools
• Assists with day-to-day checks for stolen passwords, abused accounts, and potentially unwanted software programs
• Attends the workplace regularly, reports to work punctually and follows a work schedule to keep up with the demands of the worksite
• Completes all required training and professional development sessions sponsored through Tarrant County College (TCC)
• Supports the values of the College such as diversity, teaching excellence, student success, innovation and creativity and service to the College
• Supports the mission, values and 3 goals and 8 principles of the College

Skills: Technical Support, SIEM Monitoring, IAM Administration, Access Control, Vulnerability Testing, Incident Reporting, Threat Hunting, Security Auditing

• Lead risk assessments of processes for policy violation / non-compliance areas, and contribute to information security project reviews
• Lead penetration testing projects
• Design and implement security templates for projects before production deployment
• Participate in security discussions and design reviews for upcoming projects
• Grow from an individual contributor into a security enabler, being the subject matter expert for internal teams
• Assist in reviewing information security policy and improvement process
• Contribute to third-party on-site information security audits
• Support the Security Committee meeting
• Perform information security audits for third-party suppliers and vendors
• Provide support in responding to prospective client RFPs, assessments and client audits
• Manage and optimize the worldwide use of the firewall platform and other firewall products
• Participate in the implementation and management of group security platforms such as endpoint protection, encryption, SIEM and more
• Responsible for continually evaluating the security posture of the cloud environment against internal policy and industry best practices as well as providing remediation guidance for any issues
• Assist, maintain and oversee security posture for infrastructure and applications through regular testing (i.e., penetration testing and vulnerability scanning) and follow up on the remediation actions on the issues identified
• Investigate security gaps and initiate and take ownership of the delivery of remediation activities for all identified issues
• Monitoring and initial response to potentially-malicious or anomalous activity based on event data (log files and data outputs) from a wide range of IT systems components, including IDS/IPS, Firewalls, Web Access Security and DLP systems, and other sources

Skills: Risk Assessment, Penetration Testing, Security Design, Policy Review, Third-Party Audits, Firewall Management, Cloud Security, Threat Monitoring

• Assist the bank in adopting the NIST Privacy and Cyber Security Framework
• Manage and monitor the bank’s FFIEC Cyber Assessment Tool, and recommend enhancements to the program on an annual basis
• Focus efforts on confidentiality, integrity and availability of all bank information
• Enhance the bank’s Vulnerability Management Program
• Understand the bank's technology systems, security controls, business processes, and the teams who directly support them
• Responsible for reviewing the vulnerability scans, remediation tracking and trend reporting
• Planning and testing information technology business resumption plans
• Security log analysis and issue tracking
• Alarm and incident response monitoring
• Perform Info Security risk assessments and SOC reviews for all Technology Vendors
• Ensure the bank has developed and documented compensating controls
• Respond to the auditor and examiner requests for information security documentation
• Develop and enhance employee information security and cybersecurity training plans
• Create a cross-functional/cross-business line Info Security awareness and engagement team
• Serve as a subject-matter expert on information security and compliance-related matters for clients and employees of the bank

Skills: NIST Framework, Cyber Assessment, Vulnerability Management, Risk Assessment, Incident Monitoring, SOC Reviews, Security Training, Compliance Support

• Work across multiple operational and technical disciplines and provide direction and oversight through the product development life cycle
• Be a subject matter expert and facilitate security governance, compliance and architecture conversations with other Security, IT, Operations and Business stakeholders
• Develop security architecture and participate in incident reviews
• Create L3 diagrams for location, type of and number of network policy points to support a zero-trust architecture (ZTA) environment, in conjunction with existing USDA security policies
• Work with security policy point vendors to evaluate new and emerging products that are relevant to maintaining and or enhancing the USDA security model (TIC3)
• Interface directly with internal and external clients/vendors and serve as a primary security and compliance point-of-contact
• Responsible for designing and refining security processes, creating documentation and training material as well as providing training
• Define network security policies, standards and templates using cloud native services for Azure and AWS
• Research and assess new threats, security patches, and alerts, and recommend or implement remedial actions
• Develop and implement the business’s risk-based security program and projects, security awareness training, and technological uplifts to address identified risks and business security requirements
• Provide positive, inclusive, risk-based information security expertise and education across the business
• Ensure that information security is embedded and understood
• Conduct cybersecurity assessments of internal systems, applications and IT infrastructure as part of the overall risk management practice
• Defining and testing threat detection use cases for security tools
• Responsible for maintaining a common set of cybersecurity tools
• Engage in proactive threat-hunting using the various SIEM, mail filtering, web proxy, NGAV/EDR, and other technologies leveraged by the business
• Respond to security detection, events, incidents, and breaches using the business’s Incident Response Plan as a guide
• Manage relationships with internal and external audit and penetration testing groups, providing oversight of audit finding remediation and providing feedback and suggestions on managerial responses to findings

Skills: Security Architecture, Zero-Trust Design, Risk Management, Threat Detection, Compliance Oversight, Cloud Security, Incident Response, Security Governance

• Develop, implement, monitor and enhance data security policies, procedures, and standards
• Manages security events (SIEM, IDS, firewall system logs, etc.), analyzes, troubleshoots, and makes recommendations for containment and eradication of security threats
• Develop security awareness and training programs
• Research, create, develop, and enforce security policies, standards, and procedures
• Ensure the protection of the organization's security and systems as specified by the HITRUST/NIST control framework
• Perform security risk assessments
• Assist with internal and external audits (i.e., HIPAA) and RFP security questionnaires
• Support security tools integrated with DevOps and Application environments
• Work independently to help develop and implement specific information system policy requirements
• Audit roles and responsibilities with the responsibility to remediate identified audit gaps
• Perform ad-hoc threat risk assessment (TRA) on infrastructure and systems as well as cloud-based solutions and facilitate remediation tasks with other operational teams
• Designs and works with vulnerability scanning tools (system vulnerability scans, static/dynamic code scans) and remediates findings with appropriate teams
• Participate in the Security Incident Response Process
• Work independently, engage leadership, and be proactive in advancing Canopy Growth’s security posture
• Develop reporting mechanisms, KPI’s and management report tools and systems
• Provide IT and business resources guidance in interpreting security compliance requirements and performing application and system security assessments

Skills: Policy Development, SIEM Analysis, Security Training, Risk Assessment, Audit Support, DevOps Security, Vulnerability Scanning, Compliance Reporting

• Supports the design, implementation, operation and maintenance of the Information Security Management System (ISMS)
• Supports development and management of security policies, standards, guidelines and procedures
• Support the CISO in approving and managing policy exceptions, security tickets and changes
• Checking compliance against the security directives based on ISO 27001/27002 by monitoring the Sulzer IT landscape
• Supporting development and managing the information security risk assessment and control framework in accordance with the existing standards
• Provides security consulting for projects, network security architecture, network access and monitoring
• Employee education and awareness training
• Work with other executives to prioritize regional or global security initiatives based on appropriate risk management and/or financial methodology
• Oversees IT incident response planning as well as the investigation of IT security breaches
• Assist with disciplinary and legal matters associated with such breaches

Skills: ISMS Management, Policy Governance, ISO Compliance, Risk Frameworks, Security Consulting, Awareness Training, Incident Response, Breach Investigation

• Perform reviews of business applications and infrastructure systems, in addition to participating in various projects throughout the company
• Identify cyber and information security risks
• Create and maintain key security metrics
• Maintain and complete key information security operations processes including attestations, daily checks and other functions
• Assist in the completion of vulnerability and penetration testing as well as in social engineering test engagements
• Implement FMB Security Awareness program elements including training, ongoing reinforcement, and measurement
• Partner with lateral units such as IT, Risk Management, Enterprise Applications, Vendor Management, Legal, Retail and others
• Ensure that Information Security requirements are implemented
• Assist in the preparation and coordination of Information Security IT audits and exams
• Participate as a member and technical lead on the Incident Response team, which entails forensic evidence gathering and analysis

Skills: Security Reviews, Risk Identification, Security Metrics, Operational Checks, Penetration Testing, Awareness Training, Audit Preparation, Forensic Analysis

• Advises and supports the Head of Information Security for the definition of MSF OCBA information security strategy
• Works with MSF P&IT units to identify security requirements and evaluate the IT suppliers
• Assists in the coordination and completion of information security operations documentation
• Works with the Head of Information Security to develop strategies and plans to enforce security requirements and address identified risks
• Reports to the Head of Information Security concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
• Plays an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned
• Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle
• Works with MSF Projects and IT Office to identify, select and implement technical controls
• Develops security processes and procedures and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained
• Advises security administrators on normal and exception-based processing of security authorization requests
• Researches, evaluates and recommends information-security-related hardware and software, including developing business cases for security investments

Skills: Security Strategy, Risk Reporting, Supplier Evaluation, Control Implementation, Project Advisory, Policy Development, Security Documentation, Technology Assessment

• Develops a common set of security tools
• Defines operational parameters for their use and conducts reviews of tool output
• Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls and recommends remedial action
• Defines testing criteria for systems and applications
• Executes risk assessment activities, analyzing the results of audits to produce recommendations of acceptable risk and risk mitigation strategies
• Works with external suppliers, deploying, tuning and running vulnerability-scanning and penetration-testing tools
• Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems
• Develops and validates baseline security configurations for operating systems, applications, and networking and telecommunications equipment
• Provides second- and third-level support and analysis during and after a security incident
• Assists security administrators and IT staff in the resolution of reported security incidents
• Participates in security investigations and compliance reviews, as requested by internal or external auditors
• Acts as a liaison between the incident response Team and the incident response committee

Skills: Security Tooling, Control Assessment, Risk Analysis, Penetration Testing, Configuration Standards, Incident Support, Compliance Review, Baseline Development

• Monitors periodically report and security logs for unusual events
• Receives audit findings and manages the collection of responses and remediation plans with owners
• Supports e-discovery processes to include identification, collection, preservation and processing of relevant data
• Maintains an awareness of the information security program
• Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes
• Assists in the development of security architecture and security policies, principles and standards
• Researches, evaluates, designs, tests, recommends and plans the implementation of new or updated information security technologies
• Researches and assesses new threats and security alerts and recommends remedial actions
• Guides security activities in the system development life cycle (SDLC) and application development efforts
• Participates in organizational projects
• Supports projects and initiatives of the Information Security area, providing proper reporting on status and related issues for the Head of Information Security
• Develops Proofs of Concept (PoCs) for Information Security technical solutions

Skills: Security Monitoring, Compliance Oversight, Data Discovery, Policy Enhancement, Risk Identification, Architecture Design, Threat Evaluation, PoC Development

• Analysis and reporting on a wide variety of security data to provide situational awareness and trends in behaviours
• Assess security reports from internal and external sources
• Conduct security risk assessments across the business, on a wide variety of topics including IT systems and architecture, development processes and IT operations
• Incident response to vulnerabilities found or active security incidents
• Communication of security issues, describing technical and non-technical findings in a way to suits the audience
• Assisting in the resolution of security incidents
• Conducting vulnerability assessments on aspects of the infrastructure
• Supporting the CISO in maintaining ISO27001, setting security strategy and policy
• Working on various initiatives to promote a positive security culture with all staff and key stakeholders
• Contribute to end-to-end security and technology assessments of business products
• Work with technology and business partners across business functions/processes to ensure alignment, understanding and ongoing communication on security controls and information security risk management
• Guide information security processes, controls, and compliance, and information security risk management to key stakeholders
• Partner with the company’s Operational Risk Group on framework enhancement initiatives
• Facilitate improving solutions by working with colleagues across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance objectives
• Document current and desired future state capabilities, incorporating industry-leading technologies that enhance AXP's ability to manage technology risk and protect data
• Create reports and other materials to assist in monitoring the program's effectiveness
• Provide guidance on IT and information security standardized metrics and criteria

Skills: Security Analysis, Risk Assessment, Incident Response, Vulnerability Scanning, Policy Development, Stakeholder Communication, Control Alignment, Metrics Reporting

• Monitor risks by analysing the root cause of issues, impacts to business, and required corrective actions
• Ensure essential procedures are followed, define operating standards and processes, develop procedures and process control manuals
• Verify through testing that essential procedures are followed
• Produce monthly and quarterly reports, interact with reporting, modelling, and technology teams to execute on a wide range of reports and analyses
• Work with the team to deliver systems/technology, analytics, policies, and risk reporting to risk decision-makers across all businesses and regions
• Analyze to support decision-making for key risk/business initiatives
• Ensure reporting processes are well-controlled and documented
• Translates and designs security requirements
• Provides management with risk assessment briefings on products and/or services
• Contributes to the Architecture Committee by advising and delivering Information Security solutions and recommendations
• Collaborate with the Engineering and Project management teams to complete security assessments as part of the release lifecycle

Skills: Root Cause Analysis, Process Development, Risk Reporting, Data Analysis, Security Requirements, Risk Briefings, Security Architecture, Release Assessment

• Partner with internal teams to ensure that controls are in place to alert and monitor risks
• Liaise with external partners, vendors, internal groups and SIEM to evaluate security controls, provide guidance and reduce risk
• Assist the Information Security Officer with documenting controls to satisfy current or prospective client questionnaires
• Provide input and co-manage scoping, expectations (rules of engagement) and remediation for all external and internal penetration testing
• Participate in the daily risk meeting which consists of reviewing all sources of intelligence available (i.e., Secureworks Taegis XDR, Qualys Threat Protection, CISA bulletins, Infragard flash reports, etc.)
• Review all InfoSec alerts generated by the various tools
• Participate in weekly Change Management Meetings
• Perform assessments of proposed application software
• Assist the Information Security Officer in administering education to the staff on select security-related topics
• Provide support to the Information Security Lead in the development and maturation of the Information Security function, standards, and processes
• Coordinate and respond to client Information Security Assessments, including liaising with Legal, Customer and Digital and the People team 
• Develop and maintain collateral and knowledge base of model responses to client Information Security Assessments as security postures evolve
• Perform Privacy Impact Assessments and help to maintain information that supports the approach to privacy
• Coordinate and review supply chain risk assessments and processes, control assessments and risk assessments
• Work collaboratively with colleagues in the wider security teams including Security Architecture and Security Operations
• Help to maintain and improve documented security requirements
• Assist with information security awareness training
• Work collaboratively with other analysts in the Information Security team

Skills: Risk Monitoring, Security Collaboration, Control Documentation, Penetration Testing, Threat Intelligence, Software Assessment, Privacy Evaluation, Awareness Training

• Respond to client information security due diligence questionnaires, as well as bid and tender documents, to support business development
• Provide support for internal and external audits, minimising the impact of audit fieldwork and maximising the relevance and benefit of findings and actions
• Manage information security audit actions to ensure actions identified are managed to completion within the required timescales
• Provide advice, guidance, and support to the firm on information security requirements, and review and report on compliance
• Manage and monitor all current regulatory, legal, business, contractual and data privacy security requirements
• Ensure changes to requirements are identified, assessed and incorporated into the firm's operations
• Work across the Legal and Business Services teams to integrate information security practices and initiatives with firm operational practices
• Regularly review and evaluate policies, processes and procedures to ensure they are effective and drive continuous improvement for information security
• Coordinate and oversee the periodic review of information security policies, processes, procedures and standards
• Develop and deliver information security education, training and awareness programmes
• Maintain the Information Security Risk and Control Register, risk treatment plans and information security improvement programmes
• Ensure changes to information security risks are reported and escalated
• Provide regular governance, risk and compliance reporting utilising key risk and key performance indicators and metrics
• Manage the third-party security assessments, policies, processes and procedures
• Undertake timely third-party security assessments on new and existing suppliers
• Maintain the register and schedule of third-party security assessments and manage third-party responses and track actions
• Maintain current expertise in information security governance, risk and compliance, threats and vulnerabilities, legal and regulatory changes
• Support the implementation and maintenance of the firm's GRC platform, in particular, vendor management

Skills: Due Diligence, Audit Management, Compliance Monitoring, Policy Oversight, Risk Reporting, Security Training, Third-Party Assessment, GRC Support

• Responsible for the development and implementation of the company-wide cyber/IT security framework and management processes which include security policies, procedures, standards and guidelines
• Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate the company’s systems
• Responsible for leading security projects and/or working cooperatively with other project teams and ensuring that new projects and changes adhere to the security policies and integrate into existing procedures
• Conduct a technology strategic review, identifying and exploiting suitable security technologies, strategies and solutions to meet the company's needs
• Develop solutions/architectures based on technology trends and standards, to exploit new and emerging security technologies and products to meet present and future business needs
• Develop a security awareness and training program to ensure employees and third parties understand, acknowledge and ultimately fulfil their obligations defined in information security policies
• Organize information security compliance/audit activities designed to achieve and maintain a high degree of compliance with defined information security requirements
• Supporting the Divisional Information Security Strategy
• Supporting a governance framework in line with Capita Policy, industry best practice, client / contractual requirements (such as ISO standards / PCI DSS / Cyber Essentials) and relevant legal and regulatory obligations
• Creating business-focused, practical Information Security solutions for the benefit of the Division, which are compliant with Capita and industry best practices
• Conducting internal audits against ISO27001 and other appropriate standards
• Facilitating the coordination and management of scheduled external audits and Group Internal Audit activities
• Providing support, guidance and management of security-related Incidents
• Aiding with the development, production and management of Critical Asset Registers, Threat Assessments, Business Continuity / Disaster Recovery documentation, throughout area of responsibility

Skills: Security Frameworks, Threat Prevention, Project Integration, Strategic Review, Security Architecture, Awareness Training, Compliance Auditing, Incident Management

• Support the information security team in developing and promoting the IT Security and Risk Management Program
• Support the implementation and continuous improvement of the business unit’s security and risk assessment processes
• Evaluation of compliance with corporate policies, regulations and contractual obligations
• Perform Security Official functions as the primary contact
• Support the development and implementation of the business unit’s security controls
• Conduct Medical Practice and Vendor site assessments of IT security and risk management controls
• Respond to security requests and situations
• Assess and monitor risks related to key Vendors
• Support training and awareness efforts in the business units
• Monitor and support the business unit's implementation of remediation measures
• Maintain an intermediate understanding of the business unit’s IT architecture and applied security controls so that security questionnaires, audits, and contract reviews are responded to efficiently, with consistency, and in alignment with McKesson's best practices/policy
• Maintain business unit information, assessment findings and remediation measures within McKesson's IT Governance Risk and Compliance application
• Facilitate the assessment, approval and maintenance of policy exceptions
• Facilitate IT Security and Risk assessments for IT applications, products and services
• Provide metrics and reporting
• Act on a cross-functional team of enterprise and local BU service teams to execute and deliver against defined objectives and scorecard goals
• Provide regular, timely reporting on Business Unit progress towards objectives and validate centralized reporting for alignment
• Monitor and provide project management support for the business unit
• Ensure new products, services, applications, third-party or client relationships, have appropriate security controls embedded and that any identified risks are appropriately addressed
• Work proactively with BU leadership to ensure security, IT risk and compliance are actively built into the organization's objectives and procedures

Skills: Risk Management, Security Assessments, Compliance Evaluation, Vendor Oversight, Awareness Training, Policy Exception Handling, Metrics Reporting, Project Support

• Support effective security management, risk and compliance function within AXA Health
• Provide corporate client support regularly
• Support InfoSec Manager with corporate clients, assisting with key audits and corporate questionnaires
• Act as a security analyst to the business and to other members of the Information Security team with governance and operational queries
• Assist with the successful completion of Group deadlines within security governance remit, including but not limited to risk assessments, EY Audits, and Control Risk Group (CRG) participation
• Ensure AXA Security Policies are met and maintained
• Support the InfoSec Manager in maintaining ISO 27001 ISMS processes, reporting to appropriate forums, and investigating any issues
• Complete technical debt risk assessments
• Working within the Information Security team, providing governance and oversight of the IT security risk and control environment
• Translating the IT risk requirements into technical control requirements and specifications
• Developing metrics for ongoing performance measurement and reporting
• Assessing IT and IT security risk, identifying opportunities to reduce risk and facilitating the remediation of identified vulnerabilities

Skills: Security Governance, Client Support, Audit Coordination, Risk Assessment, Policy Compliance, ISMS Maintenance, Control Oversight, Metrics Development

• Formal evaluation of information security features of information systems, processes and products
• Coordinate the implementation of information security controls and activities with other divisions and vendors
• Conduct tests to ensure the functions of data processing activities and security measures
• Ensure training in information security matters is provided to appropriate levels of staff
• Apply expert knowledge to initiate, plan and implement best information security practices
• Developing, implementing and maintaining the Information Security architecture/plans for projects
• Define procedures/standards for solution implementation, in line with security policies and standards
• Lead and/or support information security and other related projects or activities
• Advise and increase awareness, with other professionals, of the necessity for information security measures
• Proactively disclose and remedy actual or potential security breaches and risks
• Handling simulated and actual disaster scenarios 

Skills: Security Evaluation, Control Coordination, Functional Testing, Staff Training, Security Architecture, Standards Definition, Risk Remediation, Disaster Handling

• Working with multiple departments to implement security controls relating to business and technical processes to meet security requirements and reduce risk
• Performing incident response investigations and remediation
• Performing threat-hunting activities
• Creating security-related reports for technical teams and management, which include tactical and strategic mitigation plans
• Participating in security-related projects with other members of security or IT teams
• Security operations duties, including analyzing security events, basic forensic analysis, and basic malware analysis
• Managing and responding to security-related requests and daily operation tasks related to content filtering, spam filtering, malware protection, SIEM, maintaining security dashboards and alerts, and vulnerability scanning
• Analyzing and prioritizing security vulnerability remediation
• Develop, manage and deliver on effective implementation of the Cyber Security Program
• Provide guidance and expertise regarding the security architecture for application development or infrastructure initiatives
• Manage/facilitate security due diligence activities throughout the Application Software Development Life Cycle (SDLC)
• Ensure that security risks are identified, and controls are implemented to mitigate risk
• Maintain the Enterprise Cyber Security Framework, Information Security Policy (ISP), and Standards
• Act as the primary contact during any information security incident investigation and coordinate actions and reporting

Skills: Security Controls, Incident Response, Threat Hunting, Vulnerability Management, Security Reporting, Malware Analysis, SDLC Security, Risk Mitigation

• Evaluate different security solutions to align with the defined roadmap
• Conduct Proof of Concept and develop recommendations based on technical features and cost
• Lead implementations of new security solutions from design to implementation and monitoring
• Work with and train business resources to implement security solutions in the production environment
• Leverage the Security Incident and Event Management (SIEM) platform to prioritize and remediate high-risk issues
• Routinely monitor security information and alerts from various platforms like O365, email Phishing mailbox, email sandboxing technology, etc.
• Perform and/or coordinate vulnerability assessments and penetration tests, and work with appropriate vendors and IT teams
• Ensure that security patches or appropriate controls are applied promptly
• Respond to malware and virus alerts, and implement remediation steps
• Provide resolutions regarding intrusion events, security incidents, and other threat indications and warning information to teams
• Perform periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance
• Provide support for documentation initiatives related to standard operating procedures, security plans, risk assessment plans, business continuity plans, incident response plans, and cybersecurity policies and standards
• Promote security awareness to the user community and IT personnel
• Maintain current knowledge of relevant technology

Skills: Solution Evaluation, PoC Development, Security Deployment, Risk Prioritization, Threat Remediation, Compliance Assessment, Policy Documentation, User Education

• Protect the integrity and confidentiality of HUB data and infrastructure while enabling business functionality in all systems and environments by supporting applicable security solutions
• Assist in the design and implementation of security projects, as well as provide ongoing operational support
• Provide Level III Support for incident tickets escalated from other technical teams
• Lead incident response activities and provide timely response to security incidents and alerts generated by security tools or the SOC
• Partner with stakeholders to conduct pre-deal close breach analysis of the acquisition candidate environment
• Perform acquisition risk assessments that include discovery and consideration of data types, regulatory requirements, organization size, business process, technology use, organizational security posture, environmental hygiene, and probable integration playbook and timeline
• Coordinate the implementation of the suite of Hub Information Security tools during due diligence and post-close
• Facilitate the implementation of controls for acquisition infrastructure and application environment integration with the HUB information security stack for non-integration
• Support the HUB Information Security Governance and Compliance team during risk assessments, internal and external Information Security Audits, and Vendor reviews
• Champion vulnerability remediation efforts and act as a liaison to IT and application owners for patch management purposes
• Gather and report on key organizational information security metrics

Skills: Data Protection, Security Project Support, Incident Leadership, Acquisition Risk Assessment, Tool Integration, Compliance Support, Vulnerability Remediation, Security Metrics

• Lead the team supporting the initiatives domestically and internationally through respective release management processes 
• Ensure initiatives and service deliveries are running effectively and in compliance with governance controls
• Advise leadership of status, identifying risks/issues promptly and highlighting relevant accomplishments
• Clear roadblocks for the delivery team, serving as an escalation point for the team
• Manage Initiative and service delivery budgets across all aspects (technology, labor, miscellaneous expenses)
• Manage shared security services contracts with affiliates, ensuring new agreements are scheduled for deployment/delivery
• Partner with operations leads to prioritize initiatives as part of the overall department roadmap planning and management
• Develop the initiative/ service delivery roadmap in consultation with the team
• Provide planning, scheduling, estimating, costing, scope management, and risk assessment
• Develop and manage the initiative/ service delivery risk management plan
• Take pre-emptive corrective actions to keep delivery performance on track
• Acts as a knowledgeable resource to other teams to share delivery best practices and propose remediation techniques for at-risk deliverables
• Establish a repository of lessons learned
• Provides management reporting on initiative/ service delivery performance (status, readiness, issues and risks and their resolution to all stakeholders)
• Manage on-time global service agreements execution to ensure shared service delivery is in accordance with the agreement
• Manage Initiative/ service delivery budgets (technology, labor, and miscellaneous) on a regular schedule, ensuring actual spend is aligned to planned spend and advising functional managers when spend is not aligned
• Report to security leadership and corporate finance teams on the budget trends, identifying where spend is above/below and reforecasting throughout the fiscal year to identify and explain variances to plan
• Challenge the initiative teams to identify spend value propositions and returns on investment to ensure spend supports capabilities in financially sound ways
• Assist the functional manager in determining and managing the global service delivery cost model
• Track and report the service delivery spent/cost against the service agreement contract
• Assist in the creation and management of Information Security initiatives and service delivery dashboards and newsletters
• Provide input for tracking the roadmap delivery status
• Assist in the creation of Kanban, Obeya room and communication tools for the leadership

Skills: Delivery Management, Governance Oversight, Risk Reporting, Budget Management, Contract Execution, Roadmap Planning, Performance Metrics, Team Communication

• Experience in information security and ideally cyber security
• Internal audit qualifications and/or experience
• Excellent relationship and stakeholder management
• Understanding of ISO27001 certifications and external audits
• Excellent analytical, decision-making and problem-solving skills
• Experience in report writing, delivering presentations, and developing dashboards/reports
• Competent in using MS Outlook, Word and Excel
• Commercially aware and possess excellent communication skills
• Ability to achieve an enhanced level of security vetting and screening

Qualifications: BS in Cybersecurity with 4 years of Experience

• Progressive experience in Information Services in information security, including experience in compliance with federal and state security regulations
• Must possess a general understanding of enterprise security best practices relating to implementing and managing enterprise security solutions
• Working knowledge of one or more information security regulations and/or frameworks, i.e., HIPAA, ISO 27001/2, FISMA, FIPS, and NIST security
• Experience with administrative and technical assessments as well as enforcing organizational compliance
• Must be team-oriented, supportive, and committed to excellence and possess a high level of initiative and self-motivation with a demonstrated work ethic
• Must be committed to continual personal and professional growth
• Possess a proactive approach with a willingness to “go the extra mile” every time for the customer
• Ability to work under general direction, manage multiple priorities and to effectively adapt to rapidly changing technology and business needs, with demonstrated ability to prioritize projects and workload
• Ability to inspire and motivate others to promote the philosophy, mission, vision, goals and values of Trinity Health

Qualifications: BS in Computer Science with 5 years of Experience

• Proven track record in security program management, including vulnerability management programs
• Production experience with AWS, GCP or Azure, and are comfortable using security tools in these environments
• Able to speak to the technical and business impacts of a vulnerability or bug
• In-depth knowledge of cyber threats along with common security controls, detection capabilities, and other practices/solutions for securing digital environments
• Including packet flows / TCP and UDP traffic, firewall and proxy technologies, anti-virus, intrusion detection/prevention systems and other host-based monitoring, email monitoring and spam technologies, SIEMs, etc.
• Experience in analyzing malware/hacking tools and threat actor tactics, techniques, and procedures to characterize threat actors’ technical methods for accomplishing their missions
• Understanding of what information or assets are of value to threat actors and how organizations are breached
• In-depth understanding of modern technical security controls (i.e, firewalls, SIEMS, IPS, HIPS, web proxies)
• Must have strong interpersonal and collaborative skills
• Ability to communicate security and risk-related concepts to technical and non-technical audiences
• Able to apply a variety of structured analytic techniques to generate and test a hypothesis, assess cause and effect, challenge analysis, and support decision making

Qualifications: BS in Information Assurance with 7 years of Experience

• Experience of working in an Information Security role dealing specifically with governance, risk and compliance areas
• Prior experience writing Information Security-related Policies, Processes and Procedures
• Experience managing internal and third-party vendor risk assessments, and writing risk assessment reports
• Proven track record of effectively analysing security controls, while understanding the risk of certain controls not being in place
• Ability to effectively communicate security risks and impact to various business (often non-technical) stakeholders
• Ability to work proactively and collaboratively in a fast-paced working environment, balancing multiple concurrent activities and initiatives
• Knowledge of Vendor Risk Management tools such as OneTrust
• Knowledge of current information security standards, frameworks and regulations such as ISO27001, NIST, SSAE16/18/SOC 2, PCI-DSS, GDPR
• Ability to work independently as well as collaboratively within a team of specialists
• Ability to effectively prioritize, manage deadlines and understand new ideas and concepts quickly
• Ability to use discretion and maintain confidentiality on sensitive staff matters
• Strong technical, analytical and (written and verbal) communication skills
• Ability to produce high-quality deliverables for different audiences

Qualifications: BS in Management Information Systems with 8 years of Experience

• Must have Information Security Certification or Accreditation 
• Sound knowledge of one or more technology controls or security domains, disciplines and practices
• Sound knowledge of organization, technology controls and security risk issues
• Ability to participate and provide advice/guidance on projects of low to moderate complexity within own area of expertise
• Strength in prioritizing and managing own workload to deliver quality results and meet timelines under the guidance of management
• Experience in IT and Infrastructure Operations
• Experience in Information Cyber Security and risk management and hold a professional security qualification in good standing (such as GCIA, GCIH, GCTI, GMON, CISSP)
• Demonstrate a strong understanding of cybersecurity risks and associated control implementation to reduce the risk to an acceptable level
• Excellent problem-solving skills to identify and assess risks, threats, patterns, and trends, combined with good teamwork skills to collaborate with team members and clients
• Good verbal communication skills, including presentation skills
• Ability to communicate with a range of technical and non-technical team members
• Ability to articulate information risks and issues
• Prior experience in creating, reviewing, and updating processes and procedures

Qualifications: BS in Information Technology with 6 years of Experience

• Experience in Information Security operations
• Expertise in anti-virus software, vulnerability fix process, patch management, incident response and firewalls
• Knowledge of security-related tools, technologies and methods
• Expertise in designing secure networks, systems and application architectures
• Competence in Microsoft Office, particularly Excel
• Must have good communication skills
• Good at building long and trusted relationships with hotels and the global security team
• Effective verbal and written English
• Must have good presentation skills

Qualifications: BS in Network Administration with 3 years of Experience

• Experience in IT security
• Strong understanding of security principles, policies, and industry best practices
• Understand networking essentials, data flows, architecture, ports, and protocols, wireless, etc.
• Experience with engineering enterprise-grade security solutions
• Ability to effectively troubleshoot security issues with technical team members
• Excellent analytical and communication skills
• Prior experience with SOX ITGC compliance and/or other regulatory frameworks
• Demonstrated incident response and handling capabilities
• Solid understanding of identity management, authorization and multi-factor authentication technologies and solutions
• Application and web security knowledge
• Hands-on experience with network security solutions, including NGFW, IDS/IPS, network and host-based forensics
• Email security gateway administration experience
• Experience with endpoint security threat monitoring and detection
• Prior systems engineering experience

Qualifications: BS in Computer Information Systems with 7 years of Experience

• Experience in information security, IT risk management, IT audit or similar
• Proven track record in managing technology risk and partnering with IT teams in ensuring that systems are designed, built, and operated securely throughout their entire lifecycle
• Good understanding of industry standards and regulatory frameworks such as NIST, ISO, SOX, PCI-DSS 
• Practical experience of implementing one or more of those in a cloud-native environment
• Hands-on experience in Agile/DevOps organizations and cultures
• Oral presentation skills, problem-solving and decision-making skills
• Highly collaborative mindset, with the ability to build relationships with colleagues
• Able to manage stakeholders from different cultures and seniority levels throughout the organization
• Must have Professional certifications in information security or cybersecurity (e.g., CISSP, CISM, CISA)

Qualifications: BS in Applied Computing with 4 years of Experience

• Demonstrable experience working in an Information Security role
• Experience in responding to security alerts and in remediating security incidents
• Ability to multitask, prioritise work and meet deadlines in a fast-paced environment with a proven attention to detail
• Strong written and oral communication skills combined
• Ability to translate technical knowledge to diverse audiences
• Experience or knowledge of Defence in Depth concepts, including Identity and Access Management, Public Key Infrastructure, Cloud Security and Network Security
• Knowledge of Cybersecurity and Risk Frameworks such as NIST CSF, NIST 800-53, ISO27000 series, etc
• Experience performing security reviews, compliance assessments, and TPRM assessments
• Experience with security awareness campaigns
• Familiar with data privacy principles, including GDPR
• Must have information security certifications such as ISC2 Associate, CISSP, GIAC, CompTIA Security+

Qualifications: BS in Electrical Engineering with 6 years of Experience

• Experience in an enterprise environment as a security analyst
• Experience with any vulnerability management tool, Qualys, Nessus and Rapid7 INsightIDR
• Excellent knowledge of cybersecurity and networking principles (OSI, TCP/IP, VPN, Firewalls, etc.)
• Proficient experience with technical controls such as firewalls, IDS/IPS, VPN, 2-factor authentication, physical and logical separation of network segments, security zoning, EDR, Web filter, Vulnerability scanners, and SIEM
• Results-driven with experience in delivering work within aggressive timelines
• Relationship builder, being able to demonstrate getting value from and owning ongoing relationships
• Able to be a multi-tasker, able to prioritise multiple initiatives at the same time
• Ability to understand and communicate complex problems simply and then translate those issues back to the business, both verbally and in writing
• Leadership and providing clear and concise presentations for communications
• Strong computer skills, especially with Excel, Word, PowerPoint, Outlook, SharePoint, creating graphs and ME results
• Able to understand technical / business problems, create and drive solutions to those problems
• Comfortable in working independently as part of a geographically dispersed team
• Understanding of AXP core company bank processes, various internal platforms (IIQ, Archer, SharePoint, Documentum)
• Understanding of Cornerstone and/or Tableau, generating reports for analysis and reporting

Qualifications: BA in Liberal Arts with 8 years of Experience

• Experience managing and creating policies that reflect information security, IT, or cybersecurity
• Proven experience in understanding and executing technical writing standards, general format guidelines, and stylistic elements
• Ability to recommend and implement process improvements to facilitate stakeholder collaboration and improve the policy lifecycle
• Ability to deliver high-quality work daily, on deadline, and to ensure factual accuracy of content
• Ability to apply critical reading/thinking skills to develop policy, project plans, and strategies in support of information security policies
• Ability to interpret and apply laws, regulations, policies, and guidance relevant to organizational-level cybersecurity objectives
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity
• Skilled in communicating with all levels of management (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience)
• Ability to triage competing priorities and balance long-term goals with short-term demands
• Prior work experience related to the cybersecurity policy lifecycle

Qualifications: BS in Engineering Technology with 6 years of Experience

• Work experience in Information Technology and/or Cybersecurity
• Candidates with previous work experience in Cybersecurity Risk Management and Awareness responsibilities 
• Basic knowledge of information security management principles and practices
• Good knowledge of ethical principles while understanding business and information security ethics
• Must have certifications of CISSP, CISA, CISM, CGEIT, CRISC, GSEC, GISP
• Excellent oral and written communication skills (English and French)
• Willingness to learn continuously and approach change with openness
• Creative and diplomatic approach to solve problems while being customer-driven
• Good work organization with the ability to distinguish priorities
• Self-motivated and consistently deliver results based on assigned responsibilities

Qualifications: BS in Mathematics with 5 years of Experience

• Experience in a technical or operational role with an information security focus
• History of working in a position of trust
• Ability to work as part of a globally distributed team using multiple communication methods to facilitate collaboration (chat, voice, video, email)
• Ability to work with open source technologies to solve complex and challenging problems
• Solid experience in the administration or operation of Linux systems 
• Familiarity with the security maintenance and hardening of these platforms
• Methodical, data-driven approach to security analysis 
• Ability to think laterally and imaginatively to implement security improvements and detect and respond to incidents

Qualifications: BS in Telecommunications with 3 years of Experience

• Knowledge of third-party security assurance methods and deliverables
• Understanding security controls (technical, procedural, personnel and physical)
• Understanding of Information security management systems and risk assessment methodologies
• Understanding of ISO27001 and NIST Cyber Security Framework
• Must have Cyber Security qualifications (CISSP, CISM)
• Experience in Information Security Management as an Information Security Consultant or similar role
• Strong previous experience working with Firemon
• Demonstrate experience in a variety of perimeter security products such as Symantec Blue Coat, IBM Proventia, FireEye NX, and the Palo Alto suite
• Strong conceptual understanding of the TCP/IP network stack
• Previous experience with network packet captures for troubleshooting and working knowledge of firewall/routing technologies
• Strong knowledge of security infrastructure and controls within heavily regulated environments, with compliance frameworks and all related integrations associated with the services
• Must have experience in cloud-based security technologies 
• Previous experience working in a Financial Institution

Qualifications: BS in Information Assurance with 7 years of Experience

• Innovative approach to engage employees to reduce the top risks to the company
• Superior analytical and metrics skills, including managing multiple work stream simulations, reporting and packaging for senior executives
• Able to create a metrics framework that can effectively measure the impact of the program
• Experience with Phishing Simulator tools and industry knowledge of real phishing attacks
• Clear understanding of consequence management programs and global implications
• Experience in data visualization tools like Tableau, QlikView to create self-service reports for multiple stakeholders
• Superior organizational skills, including managing multiple projects simultaneously
• Customer focus and excellent written and oral communication skills to address individual needs across the Enterprise
• Experience designing, organizing and rolling out company-wide events
• Experience in scripting languages like Visual Basic, Python
• Experience working in a global environment with multiple locations and cultures
• Ability to handle internal and external audit requests
• Excellent relationship-building abilities
• Proven track record of developing solid partnerships with multiple business units
• Ability to persuade and influence through established credibility
• Self-starter with intellectual curiosity, initiative and strong work ethic
• Strong working knowledge of IT Risk Management and Information Security
• Knowledge of security frameworks, standards, guidelines and best practices (i.e., PCI, ISO, COBIT, FFIEC, GLBA, SOX)

Qualifications: BA in Public Administration with 10 years of Experience

• Technical background with exposure to IT, security, network or cloud infrastructure administration
• Knowledge of current security threats and trends
• Able to expose and/or appreciate of root causes of cyber-attack methodologies, e.g., e-mail phishing, malware, data breaches
• Analytical skills and an ability to analyse technical information to identify patterns and trends
• Able to maintain a current understanding of common vulnerabilities and appropriate remediation
• Experience in computer networks, TCP/IP fundamentals, operating systems, software, hardware and encryption technologies
• Working knowledge of various security technologies
• Previous professional experience in relation to information security
• Fluency in English and French
• Good analytical and organizational skills, attention to detail
• High sense of confidentiality
• Good listening and questioning ability, good learning skills
• Ability to plan work and to prioritize workload
• Ability and willingness to work in a multi-cultural environment

Qualifications: BS in Management Information Systems with 7 years of Experience

• Ability to manage competing deadlines and prioritise responsibilities to meet business needs
• Ability to work effectively independently and as part of a team
• Ability to communicate clearly on security topics to non-technical stakeholders
• Motivated to deliver quality and striving for continual improvement
• Passionate about staying abreast of social engineering techniques, common and emerging cyber threats
• Good knowledge of industry good practice frameworks such as NIST Cyber Security Framework, Centre for Internet Security (CIS) Critical Security Controls (CSC), ISO 27001
• Experience of working in high-performing teams and understanding the dynamics of teamwork in an infrastructure and operations environment
• Understanding of the principles of network security technologies
• Specific experience with the management of an enterprise-class product
• Experience with vulnerability assessment products (e.g, Tenable IO, Qualys)
• Experience in advising on vulnerability resolution and mitigation
• Understanding of risk management principles and the application of risk assessment processes to information security
• Excellent written and verbal communication skills

Qualifications: BA in Psychology with 8 years of Experience

• Must have Information security-related and information technology logging analytics experience
• Proven history of helping organizations ingest, parse, and make sense of varied, large sets of information
• Experience with Security Incident and Event Management (SIEM), Endpoint Detection and Response (EDR), and Security Workflow Automation tools
• Knowledge of Splunk Cloud architecture, including using Heavy Forwarders, Deployment Servers, and Splunk Agents
• Strong analytical and operational background in a diverse variety of big data log sources
• Experience in performing DevOps under an agile model
• Familiarity with cloud-based IT environments such as AWS and Azure
• Familiarity with security monitoring, event management, and incident response tools and processes
• Must have excellent communication skills
• Self-starter, comfortable in a dynamic environment

Qualifications: BS in Cybersecurity with 4 years of Experience

• Demonstrable experience working in a third-line support function or equivalent and have had exposure to vulnerability analysis, audit activities, penetration testing and/or risk assessment
• Experience working with Parcel management systems
• Direct experience with anti-virus software, endpoint detection response (EDR), firewalls and content filtering
• Good level of understanding of the approach threat actors take to attacking a network, phishing, port scanning, web application attacks, DDoS, and lateral movement
• Knowledge in Windows, Mac OS, Linux and Google operating systems including how to investigate them for signs of compromise (IOC’s)
• Foundational level of scripting knowledge
• Basic understanding of Cloud architecture and how an attacker can utilize these platforms
• Ability to demonstrate the right approach to investigating alerts and/or indicators and document findings in a manner that both peer and executive-level colleagues can understand
• Comfortable using SIEM and logging tools (e.g., Graylog, Grafana, Elastic) to build monitoring dashboards
• Demonstrate a strong understanding of Cisco’s EDR and complementary security solutions (Secure Endpoint Suite and Umbrella)
• Demonstrate the core values of DPD such as Passion, Respect, Honesty, Flexibility, Hard work and Accountability

Qualifications: BS in Information Technology with 6 years of Experience

• Experience in Information Security and/or Information Technology with demonstrated progression of increased responsibilities.
• Working experience in banking 
• Must have IT audit, vendor management and oversight experience
• Experience with Incident Response
• Experience using vulnerability management platforms to detect and remediate findings
• Knowledge of hardening and securing endpoints
• Skilled with endpoint detection and response tools
• Experience with event log monitoring and tuning, encryption, and access management
• Strong communication and analytical skills
• Familiarity with Azure cloud security

Qualifications: BS in Network Administration with 3 years of Experience

• Experience supporting Information Security and/or Information Technology operations and service delivery
• Experience applying Application/Software Development Life Cycle, Agile DevOps, and SAFe model
• Professional certifications through industry-recognized organizations such as ITIL, PMI, SANS, ISACA, and ISC2 (e.g., CISSP)
• Advanced data analytics, developing action plans, presenting to, and influencing senior management / key decision makers
• Microsoft SQL Database administration experience, developing Stored Procedures in SQL, programming/scripting experience (e.g., C#, Java, Python, PowerShell, Ansible), Agile CI/CD environments
• Able to work independently and cross-functionally with other teams
• Must have planning, organization, and time management skills
• Strong troubleshooting, problem-solving, and critical thinking skills
• Experience with developing, implementing, and measuring GRC processes and solutions
• Strong understanding of Information Security Frameworks, ISO 27001, SOC 2, NIST CSF, Safeguarding CUI (NIST SP800-171/CMMC), NIST SP800-53, GDPR, etc.
• Conceptual and practical understanding of EDA tools, software development, IT Infrastructure, and Cloud services designs, technologies, products, and services
• Experience with IT ticketing and GRC systems
• Strong understanding of current security threats, techniques, and landscape, as well as a dedicated and self-driven desire to research current and emerging threats in the information security landscape

Qualifications: BS in Computer Information Systems with 7 years of Experience

• Must have professional certifications, such as a CISSP (minimally), CISM, and CISA
• Proven track record in developing information security policies and procedures, and successful execution
• Extensive knowledge of business risk, risk assessment and risk-based decision making
• Able to communicate security and risk-related concepts to both technical and non-technical audiences (in business terms), including board-level
• Ability to inspire and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals, innovative, problem solver and consultant
• Ability to evangelize IT security to make it a critical part of business operations 
• Able to build trust and respect for the security function
• Excellent written and verbal communication, interpersonal and collaborative skills
• Experienced with contract and vendor negotiations
• Ability to effectively prioritize and execute tasks in high-pressure situations
• Knowledge of security, risk and control frameworks and standards such as Sarbanes-Oxley, ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and/or ITIL
• Understanding of complex IT environments, cloud, SaaS, mobile and IoT architectures, and their implications on information security strategy

Qualifications: BS in Forensic Computing with 5 years of Experience

• Special interest in information security best practices
• Knowledge of security principles and technologies
• Good work ethic and willing to learn in a fast-paced/competitive environment
• Must be highly organized, analytical and reliable
• Ability to handle multiple projects and stay organized
• Strong attention to detail
• Supportive and enthusiastic team player with a positive attitude
• Must be self-motivated and determined
• Experience with Rapid7 IDR, Nessus, InsightVM and Varonis

Qualifications: BA in International Relations with 3 years of Experience

• Experience in information security working closely in a LAMP environment
• Experience with computer network penetration testing and techniques
• Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts
• Ability to identify and mitigate network vulnerabilities and explain how to avoid them
• Understanding of patch management 
• Ability to deploy patches promptly while understanding business impact
• Experience formulating and implementing security policies
• Solid understanding of security standards like 270001, HIPAA, GDPR, and CCPA

Qualifications: BA in Sociology with 2 years of Experience

• General Security or Information Security knowledge
• Foundational understanding of computer systems and computer skills
• Data analysis, data query and mining, and report creation skills using multiple sources, using PowerBI, SQL and similar tools
• Ability to analyze data and trends to provide conclusions about information security risk
• Ability to treat information discretely
• Self-motivated, flexible, with a willingness to learn new technologies
• Knowledge of Microsoft 365 soft skills
• Excellent verbal and written skills for presentations/reports
• Ability to multitask
• Ability to perform the role with a high degree of discretion and integrity
• Able to work in a team environment to solve problems and provide a solution

Qualifications: BS in Digital Forensics with 5 years of Experience

• Experience in Information Technology or Information Security role
• Excellent verbal, written and interpersonal communication skills as well as attention to detail
• Knowledge of Internet threat landscape and attacker motivations (phishing, malware, APT, DoS, etc.)
• Previous experience in an information systems or network administration role
• Previous experience of at least one scripting language (e.g., Python, Groovy, Perl, Ruby, Shell scripting, etc.)
• Knowledge and experience working with various information security frameworks (ISO/IEC 27001, NIST 800-53, COBIT, etc) and regulatory frameworks (SOX, PCI-DSS 3.2, HIPAA, GDPR, etc.)
• Working knowledge of information security control technologies including access control, cryptography, vulnerability management, SIEM/log management, ID/IPS, and penetration testing
• Working knowledge of information technologies including Linux, Windows, VMWare, MySQL, MSSQL, Oracle, etc.
• Working knowledge of network protocols, DNS, and networking devices such as routers, VPNs, proxies, and firewalls
• Demonstrate ability to engage and collaborate with employees, presenting a friendly, approachable demeanor to leverage security to help others succeed
• Proficient in English, verbal and written. 
• Proficiency in regional languages

Qualifications: BS in Computer Information Systems with 7 years of Experience

• Proven experience in leading the technical response to security incidents
• Technical experience with the full stack of security controls, including SIEM, EDR, Network Monitoring, IDS/IPS, Cloud Security tools, and DLP
• Knowledge and experience working with the MITRE ATT&CK framework
• Experience in understanding attack patterns and other Threat Intelligence to implement relevant detection use cases within the SIEM/EDR and other security controls
• Experience with Microsoft Azure
• Experience in doing malware/threat analysis and performing host forensics to determine compromise
• Ability to use SIEM products/security dashboards to view and analyze data
• Ability to interpret log data to determine risk
• Ability to plan/facilitate/perform mitigation tasks
• Ability to prioritize mitigation tasks identified in risk assessment reports
• Ability to prioritize remediation tasks identified in vulnerability scans
• Ability to plan/facilitate/perform remediation tasks
• Ability to demonstrate that risks or vulnerabilities are remediated
• Ability to understand how new vulnerabilities may affect the SOS environment
• Awareness of indicators of compromise for specific known vulnerabilities
• Excellent problem-solving and analytical skills

Qualifications: BS in Software Development with 8 years of Experience

• Knowledge of security standards such as ISO/IEC 27001, NIST CSF, NIST SP 800-53, COBIT, COSO, and HTRUST
• Knowledge and experience working with relevant regulations including HIPAA and PCI DSS
• Strong analytical skills to consider technical and business requirements and recommend appropriate security risk mitigation controls
• Ability and knowledge in security awareness and training or similar technical training activities
• Effective professional communicator, able to research, prepare and deliver quality communications, articulate security issues and resolutions in business terms
• Ability to develop the documentation, such as security policies, standards, procedures, and guidelines
• Facilitate, gather, analyze and compile metrics and reports from multiple sources and make them relevant to leadership
• Ability to stay up to date with security developments and threats in the region and globally, and initiate steps to protect Children against such threats
• Strong knowledge of the Microsoft Office suite of products - Word, Excel, PowerPoint, Visio, etc

Qualifications: BA in Legal Studies with 4 years of Experience

• Knowledgeable and experienced in performing Information Technology and Information Security Risk Assessments
• Experienced in working with multiple security Frameworks and guidelines
• Able to work well in a fast-growing environment, with the ability to deliver on time
• Exhibit a strong ability to handle multiple demands with a sense of urgency, drive, and energy
• Flexibility and adaptability to changing needs and demands dictated by business and IT requirements
• Must be self-directed, have excellent initiative and organization skills
• Demonstrate excellent verbal and written communication skills
• Proven track record of meeting commitments with the highest standards of ethics and integrity

Qualifications: BA in Political Science with 2 years of Experience

• Experience with information security principles, HITRUST standards, and HITRUST best practices
• Technical lead/project leader experience in planning, implementing, and supporting enterprise information security solutions
• Able to develop and manage key stakeholder relationships
• Effectively coordinating work on multiple and diversified tasks while working with conflicting priorities and deadlines
• Ability to function in a highly dynamic, results-driven and high-pressure environment to achieve objectives
• Strong attention to detail and problem-solving skills
• Able to work independently and on a team
• Ability to learn quickly, retain information and apply knowledge when and where relevant
• Ability to document and explain in technical details in a concise and understandable manner
• Ability to multitask and prioritize work
• Ability to set and achieve individual goals, along with good interpersonal and communication skills
• Serve as a mentor for other consultants, teaching while doing, and provide opportunities to cross-train peers in parallel with task and project completion
• Experience with large-scale enterprise security solutions spanning multiple business functions and geographic locations
• Strong working knowledge of providing/understanding information security documentation
• Develop and deliver Information Security Education, Awareness and Training in accordance with the Enterprise Information Security Program standards

Qualifications: BS in Information Systems Security with 9 years of Experience

• Working in a senior security analyst role
• Must have Security certifications such as CISSP, CISA, CISM, CEH, GSEC, OSCP
• Experience in leading incident response at both technical and procedural levels
• Strong understanding of IT fundamentals across networking, system, and application layers
• Strong understanding of Cloud infrastructure and experience in incident response in cloud environments
• Strong low-level understanding of different operating systems like Windows, Linux, and Mac, and securing them
• Experience with Endpoint Detection and Response (EDR) tools for incident analysis
• Experience with Security Incident and Event Monitoring (SIEM) tools for incident analysis
• Strong ability to perform host and network forensics
• Deep understanding of multiple attacker tactics, techniques, and procedures
• Very good understanding of MITRE ATT&CK framework

Qualifications: BA in Intelligence Studies with 5 years of Experience

• Experience with SailPoint IdentityIQ
• Strong customer support skills
• Competent in Microsoft Excel, Word and PowerPoint
• Strong analytical and problem-solving skills
• Ability to perform data analysis and develop reports
• Highly motivated and willing to learn
• Extensive knowledge of the modern IT and security landscape
• Deep understanding of information security threats and attack vectors
• Technical experience in configuring and administering information security solutions (Vulnerability management, log management systems, anti-malware systems, etc.)
• Strong knowledge of Windows and Linux operating systems
• Hands-on experience with information security systems and IT infrastructure integration

Qualifications: BS in Electrical Engineering with 6 years of Experience

• Financial industry or highly regulated industry background (pharmaceuticals, etc.)
• Project work experience with a recognized security, audit, or risk consulting firm 
• Must have CISSP, CISA, CISM or other security/control certifications
• Excellent attention to detail with proven communication skills
• Ability to apply critical thinking to pressing and sensitive engagements
• Demonstrable relevant experience and awareness of information security
• Experience in conducting supplier information security reviews
• Working experience in systems administration and information assurance 
• Must have 8570 certification such as IAT Level II Certification (CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH)

Qualifications: BS in Applied Computing with 4 years of Experience

• Experience working within the technical arena of information security work experience
• Experience with Cybersecurity tools and technologies and incident management processes
• Extensive knowledge of security technology and risk assessment methodologies, policies and processes
• Excellent analytical, evaluative, and problem-solving abilities
• Must have the ability to work independently and multitask effectively
• Must have experience implementing or assessing security in a cloud-hosted environment
• Excellent written and oral communication skills, as well as interpersonal skills
• Ability to articulate to both technical and non-technical audiences
• Strong knowledge and experience with information security
• Experience with compliance programs as well as their technical and security requirements
• Experience in security standards such as ISO 27001, 27002, 27005, NIST, COBIT, ITIL
• Must have technical certifications within the area of Information Security (CISSP, CRISC, CBCP, CISA, CISM or equivalent)
• Able to make complex decisions in a constantly changing technical and business environment with limited time and limited information available

Qualifications: BS in Digital Forensics with 8 years of Experience

• Must have Information Security Certification or Accreditation
• Working experience in Business System Analytics in the cybersecurity domain
• Working knowledge of SharePoint
• Experience with requirement gathering, user case stories and test cases
• Administration experience with Jira and Confluence
• Sound knowledge of one or more technology controls or security domains, disciplines and practices
• Sound knowledge of organization, technology controls and security risk issues
• Ability to participate and provide advice/guidance on projects of low to moderate complexity within own area of expertise
• Strength in prioritizing and managing own workload to deliver quality results and meet timelines under the guidance of management
• Excellent communicator and experience in transforming complex concepts into clear, easy-to-follow documentation
• Experience in the following applications: ServiceNow, MS Visio, Excel, JIRA, Confluence, Bitbucket, SharePoint, XMatters, Orbit and ABoR
• Good understanding of Industry best practices, Change Management and Business Continuity Management

Qualifications: BS in Computer Information Systems with 7 years of Experience

• Experience in the Cybersecurity field
• Information Technology experience with Windows, Linux, and Unix platforms
• Experience as a Level 2 (or above) Cyber Security Incident Response Analyst performing incident handling, forensics, sensor alert tracking and cybersecurity incident case management
• Experience working with security technologies such as IDS/IPS, Firewalls, SIEM, Network Packet Analyzers, Antivirus, Network Behavior Analysis tools, Malware analysis, Firewalls, OLP, endpoint protection, log collection and analysis
• Satisfactory full-time experience related to enterprise architecture, solutions architecture, network architecture and/or IT infrastructure systems
• Strong working knowledge of network protocols, ports and common services such as TCP/IP protocols and application layer protocols (e.g., HTTP/S, DNS, FTP, SMTP, etc.)
• Hands-on experience with scripting languages such as Python, Perl, Bash, and PowerShell
• Knowledge of privilege escalation, persistence and lateral movement techniques
• Able to identify and be able to react to network attacks, viruses, malware, SPAM, phishing and other intrusions
• Ability to conduct system security vulnerability and threat analyses, gathering of intelligence, risk assessments, mitigation planning and implementation
• Able to perform network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output
• Able to utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced persistent threats
• Demonstrated understanding of cybersecurity risk management concepts, cybersecurity frameworks, control standards, secure coding principles, and security technologies
• Effective interpersonal skills and the ability to thrive in a team environment
• Ability to develop creative and innovative solutions to complex business issues
• Ability to balance various projects simultaneously

Qualifications: BS in Information Technology with 10 years of Experience

• Strong verbal/written communication and data presentation skills
• Ability to communicate with business and technical teams worldwide in English
• Ability to align the organization in complex technical decisions
• Knowledge of cloud applications/cloud architecture
• Ability to create and manage technical project documents
• Experience in managing a Linux, Windows and Cloud environment
• Experience in Agile Development
• Experience and ability to drive the best practices of the software engineering lifecycle (Secure Development Lifecycle)
• Experience in applying best security practices

Qualifications: BS in Network Administration with 3 years of Experience

• Proven track record and experience in technical security, with demonstrable technical IT security knowledge
• Good understanding of IT security principles and technologies, including the ability to develop policies and processes enabling compliance
• Understanding of industry standards, security controls and guidelines such as NIST, ISO27001, OWASP, STRIDE
• Good understanding of vulnerability management tools
• Good understanding of relevant technologies (such as networks, Servers and Hosting, Applications, encryption, PKI)
• Good understanding of firewall and network monitoring, SIEM, IDS/IPS
• Good understanding of identity access management and privileged identity management
• Good organisational skills with the ability to coordinate multiple stakeholders
• Good stakeholder management and ability to work as part of a wider team, always promoting IT and information security
• Experience the benefits of compliance with industry regulations such as PCI-DSS and GDPR
• Must have Security certification (e.g., ISO27001, CEH, Security+)

Qualifications: BS in Computer Engineering with 6 years of Experience

• In-depth understanding of security controls/mechanisms and threat/risk assessment techniques about complex data, application, and networking environments
• Excellent written and oral communication skills
• Organizational and self-directing skills 
• Ability to initiate, coordinate and prioritize responsibilities and follow through on tasks to completion
• Ability to lead a team of security analysts and coordinate team activity for cybersecurity investigations
• Must have an approach to work that includes initiative, sound judgment, diplomacy, and discretion
• Ability to work independently on a variety of assignments with minimal supervision
• Ability to work without supervision with senior managers, supervisors, VIPs, and Users
• Expert knowledge of security incident and event management using an enterprise incident management framework, log analysis, network traffic analysis, malware investigation and remediation, SIEM correlation logic and alert generation
• Ability to perform analysis and reporting on information from multiple data sources using data mining techniques for the purpose of documenting results, producing reports and presenting to technical and executive stakeholders
• Understanding of Security principles, techniques, and technologies such as NIST Cybersecurity Framework, MITRE ATT&CK, SANS Top 20 Critical Security Controls and OWASP Top 10
• Basic programming skills in various disciplines including scripting languages
• Expert knowledge in one or more tools in each area of SIEM and UEBA solutions such as RSA Security Analytics, ArcSight, LogRhythm, QRadar, Splunk or similar

Qualifications: BS in Management Information Systems with 7 years of Experience

• Must have CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) or CEH (Certified Ethical Hacker) or equivalent
• Exceptional communication skills dealing with management, development teams, clients, application vendors and industry experts
• Analysis, interpretation of client needs vs security, and excellent project management skills
• Ability to lead, facilitate, and organize within a multi-disciplinary environment
• Experience working in a security operations center (SOC) or similar role
• Experience with Windows and Linux operating systems
• Ability to work effectively in collaboration with other members of the security team and members of other departments
• Possess advanced analytical skills
• Strong ability to maintain calmness and be diplomatic under highly stressful situations
• Ability to quickly learn new processes and technologies, and to adapt to changes in sequences and timelines
• Experience working with SIEM solutions such as LogRhythm or Splunk
• Experience with vulnerability assessment tools such as InsightVM, Nexpose, or Tenable
• Experience in an environment that adheres firmly to compliance frameworks such as PCI DSS, ISO 27001, and/or SOC
• Experience with tools such as nmap, tcpdump, and Wireshark

Qualifications: BS in Cloud Computing with 8 years of Experience