• Work directly with the CEO and the CTO and make sure the product complies with the high regulatory and security standards 
• Drive the creation and implementation of security concepts
• Manage regulatory and security-driven projects
• Introduce and own the OWASP Top 10
• Work with and influence directly German institutions that shape the German digital landscape (BSI, gematik, etc.)
• Participate in the introduction/implementation of relevant information security standards (e.g., ISO27001)
• Work together with the development team in the active implementation of the information security risk management process (security audits and risk assessments)
• Drive the continuous evaluation of current IT security situations, practices and systems as well as identification of potential for improvement and advice on strategies
• Ensure compliance and observance of global IT security guidelines as well as applicable norms, standards and laws
• Audit compliance with information security policies
• Ensure the protection of the data and information in products and solutions
• Review information security concepts from the development team

Skills: Security Compliance, Risk Management, ISO27001 Implementation, Security Audits, OWASP Knowledge, Policy Enforcement, Regulatory Projects, Data Protection

• Advise on information security best practices and standards
• Liaise between information security and stakeholders
• Build a data protection-first and secure-by-design culture
• Participate in scheduled audits and factor in ad-hoc audits
• Ensure that information security KPIs are maintained
• Ensure that non-conformities are fully documented and tracked
• Engage with non-conformance action owners to address and close findings
• Engagement with risk managers concerning audit findings
• Improve policies, standards, and procedures for compliance frameworks
• Develop a broad compliance-driven culture through engagement and awareness
• Monitoring of technology risks and non-conformities

Skills: Security Advisory, Stakeholder Liaison, Audit Support, KPI Tracking, Risk Monitoring, Policy Improvement, Compliance Culture, Issue Management

• Lead and execute information security assessments
• Automate frequently executed controls to drive efficiency and increase coverage in assessments
• Monitor and report on the progress of the ongoing projects
• Engage with the clients to understand the requirements, provide regular updates on project status, answer queries and present the reports and findings
• Stay updated with the latest developments in the information security space
• Contribute to the development of tools and knowledge banks
• Monitor the security logs, events and implement appropriate strategies to address any issues that may arise
• Obtain a thorough understanding of all components of system conversions to perform competent assessments across various phases of the SDLC
• Create, review and maintain security policy, standards and procedures
• Provide expertise in compliance programmes, e.g., Cyber Essentials, ISO27001, GDPR
• Conduct vendor and partner security reviews
• Responding to and investigating threats and incidents
• Creating and implementing new ways to automate and improve security across the business
• Support clients with assurance and audit questionnaires

Skills: Security Assessment, Control Automation, Client Engagement, Policy Management, Threat Response, Compliance Expertise, Security Monitoring, Vendor Review

• Administer classroom training, electronic learning, multimedia programs, and other computer-aided instructional technologies, simulators, conferences, and workshops
• Observe and evaluate the results of courses to improve the effectiveness of the programs
• Assist with developing and designing compliant training modules for a technical workforce
• Learn the business environment and basic risk management approaches
• Support continued efforts with asset discovery, network visualization, vulnerability assessment, risk monitoring and threat detection within the OT Networks
• Develop IT solutions across an expanding infrastructure
• Strengthen security capabilities and resistance
• Oversee Microsoft MFA endpoint management to protect essential systems and information
• Create user technical training guides
• Maintain the Thycotic PAM systems to inhibit and block unauthorised software usage
• Maintain the IT Risk Register and review

Skills: Training Delivery, Course Evaluation, Risk Awareness, Threat Detection, MFA Management, PAM Administration, User Training, Risk Review

• Determine the inherent risk of third-party service(s) and provide appropriate security contractual obligations (i.e., security exhibit) with the applicable vendor agreement
• Collaborate with Supply Chain Management and Legal departments
• Provide advice and guidance regarding information security provisions within a given contract agreement
• Participate in meetings, prepare risk consideration reports, and maintain electronic and paper documentation
• Update and maintain internal reporting, network folders, and department databases
• Analyze responses to in-depth information security questionnaires that are completed by new and existing service providers
• Review evidence provided by the third-party supplier to ensure effective implementation of described controls, such as internal and external audit reports, PEN test results, policies, standards, procedures, onboarding and termination processes, etc.
• Document results in a formal report and present information to key technology and business process stakeholders to promote awareness and determine remediation requirements
• Owns work process/issues from inception through execution and implementation involving boundary partners
• Work review typically involves periodic review of output by supervisor and/or direct “customers” of the process

Skills: Third-Party Risk, Contract Review, Security Guidance, Risk Reporting, Data Management, Evidence Analysis, Control Validation, Stakeholder Communication

• Lead and set security architecture strategy in close partnership with the business
• Provide security, architectural and technical guidance to support information system and infrastructure design, improvements, and planning
• Assess current and planned information systems to identify Information Security architecture issues and design solutions for gaps
• Gather technical and business requirements, develop roadmaps and communicate the Information Security architecture strategy
• Ensure that the Information Security architecture can be traced to specific business requirements, policies and principles that enable business objectives and reduce risk
• Document current security architecture, research best practices, conduct trend analysis, and identify gaps in developing future state Information Security architecture
• Develop strategic vision and roadmaps to advance the organization's security capabilities and align with business goals
• Develop security design patterns for protecting web, middleware, database and emerging technology paradigms such as cloud and mobile computing
• Provide thought leadership via public speaking, expert counsel, and research with a focus on emerging technologies
• Become a trusted advisor within the organization and a mentor to other senior staff
• Maintain operational security posture for information systems and programs to ensure information systems security policies, standards, and procedures are established and followed
• Assist with the management of the security aspects of the information security
• Perform day-to-day security operations of the system
• Evaluate security solutions to ensure they meet security requirements for processing classified information

Skills: Security Strategy, Architecture Design, Risk Assessment, Requirement Gathering, Gap Analysis, Roadmap Development, Design Patterns, Security Operations

• Identify and develop mitigation strategies for cybersecurity threats and security vulnerabilities
• Evaluate configuration changes and their impact on the security posture of multiple enterprise cloud solutions
• Analyze Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP)
• Assess Risk Management Framework (RMF) NIST 800-53 R4 Information Assurance Controls
• Assess and assist with implementation recommendations of countermeasures or mitigating controls
• Ensure the integrity and protection of networks, systems, and applications by technical enforcement of Enterprise security policies, through monitoring and analysis of vulnerability scans and system log information
• Perform documentation requirements for periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance
• Prepare incident reports of analysis methodology and results
• Provide guidance and work leadership to less-experienced technical staff members and customers
• Interpret results from network/server/application scanning tools such as Tenable Nessus, Checkmarx and Fortify
• Interpret, document, and advise customers on emerging security, governance, and continuous monitoring policies
• Articulate cybersecurity risk to senior leadership and provide recommendations for remediation/risk acceptance
• Develop and/or support the successful development of cybersecurity processes and procedures
• Explain inheritance models and resources

Skills: Threat Mitigation, Cloud Security, STIG Analysis, RMF Assessment, Policy Enforcement, Vulnerability Scanning, Incident Reporting, Risk Communication

• Working collaboratively between the Security Platforms, Security Intelligence and Software Security Programs
• Learning how MassMutual translates information about the cyber threat landscape into actionable intelligence that drives prioritization of building new cybersecurity capabilities and programs
• Applying this knowledge about the external threat landscape to help build these new capabilities including the use of data science techniques and a data model-driven approach
• Maintaining a professional development plan to continue to learn and apply new skills to ensure a career path that enables continued growth and opportunity
• Conduct in-depth security standard gap assessments with business and technology partners
• Research and understand emerging information security threats and their impact on the business environment and therefore on security requirements and standards
• Evaluate authoritative sources and frameworks to understand the appropriateness of security standards/requirements and policy statements
• Report and escalate information security risks appropriately and timely manner
• Provide recommendations to leadership on program effectiveness and enhancements
• Take full responsibility for customers asking for security expertise
• Taking into consideration that every customer has their own context
• Identify vulnerabilities in the IT infrastructure, analyse security threats and provide recommendations / best practices

Skills: Threat Intelligence, Security Collaboration, Gap Assessment, Standards Evaluation, Risk Escalation, Customer Advisory, Vulnerability Analysis, Policy Recommendation

• Mainly support the CIO, the CISO, the Data Protection Officer, and the Security Governance team
• Manage activities aimed at developing the IT Security Governance team's efficiency and effectiveness
• Implement ISO 27001 compliant information security policies, controls processes
• Conduct of data vulnerability assessment and penetration testing
• Planning and conducting internal audits for ISO 27001 compliance verification
• Performing data classifications and reviewing data classification reports,
• Developing risk scenarios based on chosen architectural set-ups,
• Assessing existing security controls and proposing additional required security measures by determining the final residual risk
• Analyze information systems, and their supporting IT infrastructure (Operating Systems, Databases and Network Devices), to identify risks and points for improvements
• Participate in understanding of clients’ processes and procedures in various industries
• Use knowledge of the current IT environment and industry IT trends to identify the engagement and client issues
• Serve as a key resource in delivering quality client services on IT control projects and attestation engagements
• Apply EY key principles, practices and techniques
• Engage in constant communication with clients’ personnel
• Document the outcome of the work performed
• Communicate work status and issues to the team on a timely basis

Skills: Security Governance, ISO Implementation, Risk Assessment, Data Classification, Penetration Testing, Internal Audits, Client Engagement, Infrastructure Analysis

• Provide Information Security Consultant services
• Provide Digital Forensics assistance
• Provide Penetration Testing engagement assistance
• Provide Incident Response (IR) support
• Provide threat and vulnerability analysis as well as security advisory services
• Analyze and respond to previously undisclosed software and hardware vulnerabilities
• Investigate, document, and report on information security issues and emerging trends
• Coordinate with analysts on open source activities impacting customers
• Integrate and share information with other analysts and other teams
• Develop a strategy for building a security advisory practice and determine key practice-building activities for the team
• Develop and enhance security solution offerings and assets (e.g., whitepapers, best practices, methodology, etc.)
• Identify new business development opportunities
• Develop responses to Requests for Proposals (RFP) and Statements of Work (SOW)
• Develop and sustain trusted business advisor relationships with clients
• Develop a strategy for recruiting and onboarding talented staff to meet growing project demands

Skills: Security Consulting, Digital Forensics, Penetration Testing, Incident Response, Threat Analysis, Trend Reporting, Client Relations, Practice Development

• Assist clients in meeting GRC obligations by evaluating business, technology and operations against published security standards (ex., PCI DSS, NIST, CIS or HIPAA)
• Share expertise with clients and collaborate to help make top-level decisions on strategy and scope for the client’s security assessment and be capable of interpreting the standards to fit their unique environment
• Provide clear, organized findings and recommendations to clients, tracking progress towards resolution and compliance
• Produce detailed, high-quality reports for clients and industry third parties (ex., payment card brands and the PCI Security Standards Council)
• Contribute to the team's knowledge base including methodology development and tool enhancements
• Easily juggle several concurrent client projects at any given point in time and prioritize workload to successfully meet schedules and deadlines
• Undertaking the review of ISO standards
• Conduct ad hoc risk assessments
• Monitoring all security incidents and vulnerabilities reported by Smart Energy Code (SEC) Parties and providing an expert assessment of the materiality of the security incident or vulnerability
• Monitor the threat landscape and advise on changes arising from threats or business impact levels
• Conduct analysis, produce papers and presentations
• Provide advice and make recommendations
• Maintaining and reviewing documentation including the Security Controls Framework

Skills: GRC Evaluation, Standards Interpretation, Compliance Tracking, Report Writing, Risk Assessment, Threat Monitoring, Client Advisory, Framework Maintenance

• Oversee the implementation and maturation of security controls in China against local and global information security and data protection regulations and industry-recognized security frameworks and standards (e.g., NIST CSF, NIST 800-53, and ISO 2700x)
• Engage with business partners and Dell’s China leadership team, customers, other external stakeholders and governmental authorities, inspiring confidence in Dell’s overall security posture and brand, through direct consultations and industry engagements
• Coordinate country-specific compliance activities with existing SRO programs and initiatives related to information security and data protection
• Implement Dell’s information security response plan
• Complete data security risk assessments
• Facilitate security education and training drills
• Handling of data security complaints
• Engage, as a technical subject-matter expert, directly with stakeholders within Dell’s Business Units and Information Technology organizations to ensure products, services and solutions are designed to adhere to identified security requirements, controls and best practices
• Integrate security and resiliency risk insights and advice into regional business operations through forward-leaning engagement and deep integration with regional business unit and IT management activities to determine corrective action plans in support of CISO objectives
• Develop and maintain comprehensive documentation of evaluations performed and findings, risks and/or issues identified
• Perform and Report Application audits, Vulnerability Assessments/Penetration testing for IT infrastructure including network devices, operating systems, Databases, applications, etc.
• Conducting application security testing ( manual and automated), source code review, and providing recommendations for the mitigation of vulnerabilities
• Develop scripts, frameworks and custom codes to automate scans using open source tools
• Understanding of TCP/IP protocol suite, network security concepts and devices
• Manage Audit assignments, meet deadlines and manage stakeholder expectations

Skills: Control Implementation, Stakeholder Engagement, Compliance Coordination, Risk Assessment, Security Training, Vulnerability Testing, Code Review, Audit Management

• Strategic skills to assist with the development of a long-term vision for the firm's risk management, security framework and approach
• Ability to appropriately balance firm security needs with business impact and benefit
• Ability to build relationships across K+C internal operations teams
• Ability to work well with others to facilitate and enhance the understanding and compliance with security policies
• Experience with conducting risk, impact and vulnerability assessments, vendor and third-party risk assessments and recommending risk remediation strategies
• Knowledge of or experience working with common information security standards, such as ISO 27001/27002, NIST, PCI and COBIT
• Knowledge of or experience with cloud technology solutions, API, Webhooks and plugins
• Extensive experience in the information security aspects of Infrastructure Security
• Must have the ability to research and understand complex technology as well as Information Security Industry best practices and associated risks
• Must have excellent verbal and written communication skills to convey complex technology to others with different technical backgrounds
• Solid organizational skills, able to work effectively with minimal guidance
• Ability to research, analyze, and identify improvements to quantify minimum expectations for technology implementations and risk mitigation programs

Qualifications: BA in Business Administration with 8 years of Experience

• Work experience in information security, program/project management, or similar capacities
• Strong understanding of information security concepts and ability to apply them at scale
• Demonstrable experience independently investigating complex security matters, interpreting and mapping them to regulatory contexts and explaining the situation to both technical and non-technical stakeholders
• Experience in technical concepts similar to cloud computing environments such as logical access control, agile development process, secure coding principles, security architecture, information security, network security, and privacy
• Written and verbal communication skills across technical and non-technical stakeholders and attention to detail
• Experience performing information security risk assessments and control gap assessments
• Analytical, problem-solving, negotiation and organisational skills with clear experience under pressure
• Experience driving projects end-to-end independently, including evaluating, defining and improving end-to-end processes
• Experience in influencing stakeholders and partner teams, especially in collaborating with different individuals across the organisation and within other geographies
• Experience managing competing priorities and simultaneous/concurrent projects in a fast-paced environment
• Strategic thinker with analytical and technology-focused problem-solving experience
• Experience in demonstrating negotiation and conflict management
• Experience with executing day-to-day activities required for the development and tracking of information security initiatives, including the communication and management of policies, controls, and practices
• Experience in the development of strategic roadmaps for security and privacy programs
• Experience working with Security Controls across security domains such as Access Management, Encryption, Network Security, Data Security, Configuration Management, Vulnerability Management, Physical Security, etc
• Experience working with leadership and engineers
• Capable of both working independently and collaboratively across various levels and teams

Qualifications: BA in Risk Management with 12 years of Experience

• Good client-facing skills / Interpersonal skills
• Experience in information security, or willing to learn
• Experience in Information system risk assessment, or willing to learn
• Experience in areas of information security/cybersecurity with foundational knowledge of general application, cloud and network security concepts
• Written and verbal fluency in English and Mandarin
• Strong knowledge and understanding of information security practices and policies, including Information security frameworks, standards, best practices and information security and data protection regulations
• Ability to drive and integrate complex, multi-functional, cross-organizational initiatives
• Demonstrates thought leadership and possesses best practice awareness across functional areas of responsibility
• Experience liaising with governmental officials, regulatory agencies and customers and with Legal and Government Affairs teams on security and data protection issues
• Must have Information Security Certification(s), e.g., CISSP, CISM, CCSP, CCSK, AZ-500, MS-500

Qualifications: BS in Computer Science with 7 years of Experience

• Experience in ISO27001 requirements
• Experience in UK data protection, CCPA and HIPAA
• Strong knowledge of PCI DSS
• Ability to multitask and react very quickly to business requirements
• Effective interpersonal skills to build and maintain relationships
• Proficient in computer skills, especially Microsoft Office applications
• Ability to train others and build a sustained compliance culture
• Experience in e-commerce or online retail
• Experience in cloud hosting services
• Experience in the service industry (Hotel, restaurant, SPA, gym)

Qualifications: BA in Information Technology with 5 years of Experience

• Experienced in Information Security and related topics such as Testing and Assurance, Cyber Security, Data Privacy, Continuity and Resilience
• Knowledge of control and risk management processes
• Ability to frame decisions in terms of risk
• Ability to make risk judgments
• Excellent planning skills and a high level of organization to meet specific targets and objectives
• Able to work with others across the organization, building relationships and trust
• Excellent communication skills, both in presentation and writing, with stakeholders
• Understanding of Governance and Risk principles
• Must have recognized professional information security qualification, e.g., Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP)
• Experience in the implementation of information and cybersecurity solutions across a variety of technologies
• Experience working in Financial Services, Investments, or Asset Management environments
• Ability to balance security with other factors or concerns
• Experience in managing threats and risks in a sophisticated environment and in particular balancing these against business requirements
• Able to research and interpret, including trend analysis
• Must have a willingness to seek and understand the various security regulations and statutes
• Ability to confidently represent business on a range of security topics to external parties including clients, regulators, and suppliers

Qualifications: BA in Communication Studies with 10 years of Experience

• Previous technology security consultancy experience
• Good understanding of some of the information security requirements and knowledge of applicable regulations and standards, e.g., ISO 27002, ISO 27001:2013, ISO 13335, ISO 13569, Data Protection Act (2018), RMADS, EU Data Protection Directive and PCI DSS
• Knowledge of IT security solutions and their integration and operation into business systems and processes
• Experience in using a formalised security risk management methodology
• Experience in ITIL and/or Prince2
• Experience in ISO 27001/2 and/or ISF
• Experience with cloud and SaaS security
• Good technical and analytical skills across a range of technologies (particularly Windows, networks, Linux, Oracle, web applications)
• Proven experience in working with 3rd party security providers

Qualifications: BS in Network Security with 6 years of Experience

• Knowledge of Threat Monitoring Procedures
• Ability to comply with any regulatory requirements
• Demonstrated knowledge and understanding of cyber risks and threats related to cyber attackers
• Good understanding of security trends/threats/market analysis, and regularly attends threat forums
• Understanding of information security constraints and best practices
• Able to contribute to architecture sessions on security tools in complex environments
• Proven experience delivering continuous service improvements for the business
• Must have ISO27001 and/or PCI-DSS qualification

Qualifications: BS in Information Assurance with 4 years of Experience

• Experience in the field of Information Security, Information Management and/or IT Controls with expertise
• Good understanding of the enterprise architecture, business functions and operations
• Domain knowledge in Cybersecurity, including governance, IT infrastructure security and risk management, cyber program assessments including cyber transformation and enterprise resilience
• Demonstrate excellent interpersonal skills, inspire teamwork and responsibility with engaged team members
• Very good command of English
• Must have the ability to analyze and problem-solve 
• Ability to work effectively as a team member, observant with an eye for detail
• Ability to critically review IT processes to identify control gaps and weaknesses
• Ability to liaise with stakeholders and strong project management skills
• Must have Professional certificates in CISA, CISSP, CISM, ISO27001

Qualifications: BS in Electrical Engineering with 6 years of Experience

• Previous experience with DLP products
• Working knowledge of M365 Compliance and Security Center
• Experience working in Information Security, Information Technology, Consulting, Operational or Enterprise Risk, or Compliance roles
• Analytical ability, consultative and communication skills, teamwork, and strong judgment
• Understanding of Information Security frameworks and Information Technology
• Demonstrated experience and success with senior management service delivery and communication to include product deliverables, conference calls/meetings, consulting process interviews/workshops, and briefings
• Knowledge of ISO 27001, HIPAA/HI-TECH, COBIT, International data protection requirements, GDPR, and Privacy Shield
• Previous experience as a Security Architect, Security Manager, or equivalent
• Solid background with experience in managing system delivery, including SDLC and security tools and technologies
• Familiarity with standard network security technology solutions, e.g., firewall, router, VPN, IDS
• Understanding network protocols, network topologies, virtual infrastructure, network segmentation, operating systems, databases, applications, and mobile security
• Experience designing security in large public cloud technologies (AWS/Azure/GCP)
• Excellent organizational, written, and verbal communication skills
• Solid knowledge of Security and Technology Architecture
• Ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity

Qualifications: BS in Information Technology Management with 9 years of Experience

• Ability to work independently to execute all tasks required with minimum oversight
• Subject matter expertise in health authority information security policies, practices and standards
• Knowledge of Information Security concepts, tools and practices
• Knowledge of how to conduct information security and risk-related audits and assessments, particularly in a Canadian/BC Health Authority environment
• Experience providing advisory services to management and staff to ensure information security is considered in the design and/or redesign of programs, services, projects and initiatives
• Experience providing monitoring and oversight of information security controls
• Experience with implementing and managing SIEM tools
• Must have Certified in Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), SANS/GIAC security certification, or an equivalent combination of education, training and experience

Qualifications: BS in Computer Networking with 4 years of Experience

• Must have professional information security 
• Strong understanding of the threat landscape
• Expertise in one or more of the following areas: Incident Response, Security Operations, Security Governance, Threat Intel, Cloud Security, Architecture, Data Protection, Network Security, Endpoint Security, IAM
• Basic understanding of regulatory requirements such as GDPR
• Basic understanding of security frameworks, such as ISO 27001, NIST 800-53, HIPAA/HITECH, or PCI DSS
• Basic knowledge of tools used in security event analysis, incident response, computer forensics, malware analysis or other areas of security operations
• Basic understanding of networking, including TCP/IP protocols and network topology
• Basic understanding of security controls for common platforms and devices
• Ability to successfully communicate with a range of technical and executive stakeholders
• Ability to explain technical details in a clear and concise manner

Qualifications: BS in Digital Forensics with 5 years of Experience

• Must have CISSP, CISM or similar industry certification
• Experience in Vulnerability Management or related field
• Expert knowledge of the Vulnerability Management process, including vulnerability identification, false negative/positives identification and elimination
• Strong knowledge of Qualys, Nexpose or Nessus, including configuration and maintenance, scan execution, agent deployment and oversight
• Experience of industry standards relating to Vulnerability Management, including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP)
• Experience in technology and security topics, including operating systems, network security, protocols, application security, infrastructure hardening and security baselines
• Previous experience working in large-scale environments with diverse technologies
• Good knowledge of scripting languages 
• Experience with enterprise multi-cloud commercial and hybrid security systems integration
• Hands-on development experience and working knowledge of web application languages and frameworks
• Hands-on development experience on internet/enterprise identity management systems (CA, Biometrics, OIDC, etc.)
• Wide knowledge of local compliance requirements, international/domestic standards (ISO27001/SOC2 certification, CCSL, security controls and their rationale), and best practices in network, system, and application security
• Understand the container, K8s, key management security, and provider suggestions of configuration
• Able to build reports from ERPM and IIQ to be integrated into Tableau

Qualifications: BS in Data Science with 9 years of Experience