Job Summary: 

• Create and manage information security strategies.
• Build and manage IT security governance (policies and processes).
• Oversee information security audits, whether performed by an organization or third-party personnel.
• Drive security within the infrastructure and IT technical teams.
• Control access for the production environment, development environment, internal systems, and data warehouse.
• Research and implement new detection technologies and methodologies proactively.
• Manage the assessment of the current technology architecture for vulnerabilities, weaknesses, and possible upgrades.
• Implement and oversee remediation, improvements, and fixes to the information security environment from items identified through audit work.
• Communicate information security goals and new programs effectively with other department managers within the organization.
• Create and apply a security framework, ensuring it is consistently adhered to.
• Develop and provide appropriate awareness training, plans, and communication.

Skills on Resume: 

• Security Strategy (Hard Skills)
• IT Governance (Hard Skills)
• Audit Management (Hard Skills)
• Infrastructure Security (Hard Skills)
• Access Control (Hard Skills)
• Threat Detection (Hard Skills)
• Vulnerability Assessment (Hard Skills)
• Security Communication (Soft Skills)

Job Summary: 

• Establish and maintain the corporate-wide Information Security governance framework and program.
• Maintain and implement Information Security policies, guidelines, and procedures.
• Conduct periodic Information Security risk assessments.
• Ensure compliance with external Information Security regulations.
• Manage the corporate-wide Information Security awareness program.
• Review and maintain access management controls for business-critical applications.
• Review and maintain change management controls for the internal software development team.
• Review and maintain IT operations change controls for the internal infrastructure team.
• Conduct periodic disaster recovery tests.
• Continuously review and refine the configuration of Information Security monitoring tools.
• Lead activities within the Incident Management process.
• Participate in reviews of third-party and service provider legal agreements.

Skills on Resume: 

• Governance Framework (Hard Skills)
• Policy Management (Hard Skills)
• Risk Assessment (Hard Skills)
• Regulatory Compliance (Hard Skills)
• Awareness Training (Soft Skills)
• Access Control (Hard Skills)
• Change Management (Hard Skills)
• Disaster Recovery (Hard Skills)

Job Summary: 

• Manage security compliance engagement activities and support existing compliance controls.
• Collaborate with cross-functional teams to integrate control requirements.
• Manage, document, and communicate compliance requirements, timelines, and roadmaps to stakeholders.
• Manage risks and work with project teams to resolve issues.
• Track and report on compliance-related remediation activities.
• Provide ongoing guidance and consultation to the organization.
• Collaborate with support teams to design and implement an automated control strategy.
• Develop and maintain a strategy for a centralized audit evidence repository for all security compliance.
• Stay current on changes to laws, regulations, and NIST frameworks.

Skills on Resume: 

• Compliance Management (Hard Skills)
• Cross-Functional Collaboration (Soft Skills)
• Requirement Communication (Soft Skills)
• Risk Management (Hard Skills)
• Remediation Tracking (Hard Skills)
• Guidance Provision (Soft Skills)
• Control Automation (Hard Skills)
• Audit Strategy (Hard Skills)

Job Summary: 

• Coordinate security assessment and accreditation activities.
• Address legal and administrative constraints related to the handling of restricted data.
• Define, design, and implement an Information Security Management System (ISMS).
• Conduct risk assessments of information systems and the global infrastructure of the secure network.
• Establish and implement a structured process for assessing IT security threats and vulnerabilities.
• Develop a security plan and write and implement information security policies and related operating procedures.
• Define security tests and participate in their execution.
• Develop and maintain business continuity and disaster recovery plans.
• Perform risk assessments and ensure mitigation activities are in place.
• Report findings and progress to management.

Skills on Resume: 

• Security Assessment (Hard Skills)
• Data Compliance (Hard Skills)
• ISMS Implementation (Hard Skills)
• Risk Assessment (Hard Skills)
• Threat Analysis (Hard Skills)
• Policy Development (Hard Skills)
• Security Testing (Hard Skills)
• Business Continuity (Hard Skills)

Job Summary: 

• Manage the security team, including day-to-day operations, project management, cross-functional coordination, hiring, mentoring, and staff development.
• Promote a security-conscious culture throughout the organization as a security advocate.
• Own, evolve, and drive the organization’s security roadmap.
• Collaborate with Compliance to improve and maintain information security policies and guidelines.
• Lead the security team in engineering and implementing practices and tools that ensure security policies are followed during product development.
• Analyze, design, implement, and manage information security services, including services in cloud environments such as AWS.
• Perform and oversee periodic internal security audits to ensure systems and infrastructure are updated with the latest security patches.
• Develop technical solutions and new security tools to mitigate vulnerabilities and automate repeatable tasks.
• Enhance security over time by identifying risks and proposing innovative techniques and solutions to address them.

Skills on Resume: 

• Team Leadership (Soft Skills)
• Security Advocacy (Soft Skills)
• Security Roadmap (Hard Skills)
• Policy Collaboration (Soft Skills)
• Secure Development (Hard Skills)
• Cloud Security (Hard Skills)
• Security Audits (Hard Skills)
• Risk Innovation (Hard Skills)

Job Summary: 

• Develop and take ownership of internal security policies, documentation, consultation, and support to management and associates.
• Spearhead education and awareness while leading company-wide compliance.
• Support all departments to identify security risks and provide solutions in data, processes, and projects.
• Conduct internal audits and remediation to comply with operational and legal regulations.
• Perform root cause analysis on security incidents and evaluate and define countermeasures.
• Act as company liaison for corporate governance functions.
• Provide ongoing support to internal stakeholders to facilitate their business objectives.
• Propose realistic and reasonable solutions for the intentions, goals, and strategies of information security and data protection.
• Offer practical and pragmatic solutions on the interpretation and implementation of standards, policies, and requirements.
• Support projects and teams by proposing rational solutions.
• Minimize vulnerabilities, residual risk, and deviations from policies.

Skills on Resume: 

• Policy Management (Hard Skills)
• Awareness Training (Soft Skills)
• Risk Identification (Hard Skills)
• Internal Audits (Hard Skills)
• Incident Analysis (Hard Skills)
• Governance Liaison (Soft Skills)
• Stakeholder Support (Soft Skills)
• Risk Mitigation (Hard Skills)

Job Summary: 

• Provide expertise in compliance programs for regulatory and compliance frameworks such as PCI DSS, PSD2, and ISO 27001.
• Create, review, and maintain security policies, standards, and procedures.
• Coordinate internal and external reviews for security frameworks such as PCI DSS.
• Define and manage security processes.
• Conduct annual reviews of existing vendors.
• Report security status and events to management.
• Identify and implement new methods to automate and improve security across the organization.
• Review and critique security designs during architectural design reviews.
• Identify problem areas, propose multiple solutions, and educate stakeholders on risks and opportunities.
• Measure and monitor the effectiveness of the security controls framework and maintain the Information Security Management System (ISMS).

Skills on Resume: 

• Compliance Expertise (Hard Skills)
• Policy Development (Hard Skills)
• Framework Reviews (Hard Skills)
• Process Management (Hard Skills)
• Vendor Assessment (Hard Skills)
• Security Reporting (Hard Skills)
• Security Automation (Hard Skills)
• Design Review (Hard Skills)

Job Summary: 

• Own security risk management processes and policies.
• Manage compliance activities, including internal and external auditing.
• Lead incident management processes.
• Manage people and support learning and development initiatives.
• Report to and manage relationships with internal and external stakeholders.
• Act as a key lead within Information Security and IT functions during technical transformations.
• Perform day-to-day and ad hoc tasks to support the business within the Information Security and Cyber function.
• Manage, implement, and maintain the Information Security Management System (ISMS).
• Deliver awareness and training programs for employees.
• Drive information security awareness across the company.
• Test existing controls to ensure effectiveness.
• Work closely with stakeholders to ensure they are aware of and able to remediate vulnerabilities.
• Track Key Risk Indicators (KRIs) and provide periodic updates to stakeholders and senior management.

Skills on Resume: 

• Risk Management (Hard Skills)
• Compliance Auditing (Hard Skills)
• Incident Management (Hard Skills)
• People Management (Soft Skills)
• Stakeholder Relations (Soft Skills)
• Technical Leadership (Hard Skills)
• ISMS Management (Hard Skills)
• Security Awareness (Soft Skills)

Job Summary: 

• Define project scope and objectives.
• Initiate, plan, execute, and complete project plans.
• Interface with all areas affected by projects, including CISO, business units, IT leadership, vendors, procurement, legal, HR, and finance teams.
• Provide direction and mentoring to junior team members.
• Plan and manage resource allocation and task assignments within the project team.
• Coordinate the local team in alignment with the global Information Security area managers.
• Review Data Protection Impact Assessments (DPIAs) and perform third-party risk assessments.
• Perform threat management and threat modeling, identify threat vectors, and propose mitigation techniques.
• Create reports, dashboards, and metrics for senior management.
• Ensure compliance with all applicable standards and regulations, such as MLPS and GB 2020.

Skills on Resume: 

• Project Management (Hard Skills)
• Cross-Functional Coordination (Soft Skills)
• Team Mentoring (Soft Skills)
• Resource Planning (Hard Skills)
• Risk Assessment (Hard Skills)
• Threat Modeling (Hard Skills)
• Security Reporting (Hard Skills)
• Regulatory Compliance (Hard Skills)

Job Summary: 

• Design and implement security strategies, frameworks, and objectives aligned with business needs.
• Oversee the execution of vulnerability assessment and penetration testing activities across the organization.
• Lead security awareness initiatives, with a strong focus on the technology department.
• Assess applicable threat advisories from various sources, determine mitigating controls, and propose action plans.
• Lead and conduct risk assessment activities across the business.
• Collaborate with technology departments, including IT Operations and IT Service Delivery.
• Build a Centre of Excellence on information security practices to support internal stakeholders.
• Partner closely with business, product, and technology stakeholders to provide clear direction and guidance for managing risks appropriately.
• Foster a risk and control culture focused on proactive awareness and continuous improvement of the control environment.
• Perform gap assessments against best practices and regulations, and lead audits and certification processes.

Skills on Resume: 

• Security Strategy (Hard Skills)
• Penetration Testing (Hard Skills)
• Awareness Initiatives (Soft Skills)
• Threat Analysis (Hard Skills)
• Risk Assessment (Hard Skills)
• Stakeholder Collaboration (Soft Skills)
• Control Improvement (Hard Skills)
• Audit Management (Hard Skills)

Job Summary: 

• Review systems, services, and work practices to identify security weaknesses.
• Update and implement security strategies to manage identified risks.
• Develop documentation required to achieve security compliance.
• Investigate major security breaches and recommend control improvements.
• Maintain a security risk register.
• Build strong relationships with key stakeholders across the organization.
• Provide security training and advice to external customers.
• Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, ensuring all security features applied to systems are implemented appropriately and functionally.
• Identify opportunities for continuous improvement of technology standards and processes.
• Provide subject matter expertise on a broad range of information security standards and best practices, such as NIST, SOC 2, and ISO 27001.

Skills on Resume: 

• Security Review (Hard Skills)
• Risk Management (Hard Skills)
• Compliance Documentation (Hard Skills)
• Incident Investigation (Hard Skills)
• Risk Register (Hard Skills)
• Stakeholder Relations (Soft Skills)
• Security Training (Soft Skills)
• Standards Expertise (Hard Skills)

Job Summary: 

• Perform internal controls activities, follow internal security compliance policies, and conduct annual controls processes.
• Ensure security compliance documents such as the Business Continuity Plan, Disaster Recovery Plan, Emergency Alternative Procedures, Business Impact Assessment, Records Management, and Data Field Inventory/PII are up to date and complete.
• Participate in internal audits, provide required information to auditors, ensure accurate scoring for IT applications, and remediate issues.
• Perform ongoing reviews, updates, and tasks, including stewardship documentation for applications, application repository system updates, and support user list management.
• Implement technical security capabilities and controls in line with organizational policy to ensure the protection of assets.
• Assess the security capabilities of critical third parties, review contracts and associated risk profiles, and coordinate security interventions for remediation.
• Enhance information security capabilities as a source of solutions and drive accountability within the First Line of Defense.
• Use testing results such as penetration testing, vulnerability scanning, and vetting tools as primary data sources for risk mitigation, gap elimination, and vulnerability identification and remediation.
• Act as an ambassador for information security policies and standards and contribute to their development.
• Identify application vulnerabilities and document mitigation plans or define security requirements for application development teams.

Skills on Resume: 

• Internal Controls (Hard Skills)
• Compliance Documentation (Hard Skills)
• Audit Support (Hard Skills)
• System Reviews (Hard Skills)
• Technical Controls (Hard Skills)
• Third-Party Security (Hard Skills)
• Risk Mitigation (Hard Skills)
• Security Advocacy (Soft Skills)

Job Summary: 

• Lead the planning, implementation, and tuning of technical information security safeguards.
• Coordinate building requirements, product evaluations, and proofs of concept, and document the effectiveness of tools and technologies to meet organizational needs.
• Execute the implementation and operationalization of technical security safeguards.
• Continuously identify gaps and opportunities for improvement in security safeguards.
• Provide consultative advice to ensure the security design of safeguards aligns with business needs and overall security governance.
• Apply a risk-based approach in control selection and implementation.
• Document and maintain designs for new or improved security controls and create work instructions for Security Operations personnel.
• Create security standards and procedures.
• Stay current with evolving security threats, trends, and controls.
• Engage and collaborate with vendors on projects and security control improvements.
• Support business projects by providing information security expertise and knowledge of applicable security controls.

Skills on Resume: 

• Security Safeguards (Hard Skills)
• Product Evaluation (Hard Skills)
• Safeguard Implementation (Hard Skills)
• Gap Analysis (Hard Skills)
• Security Consulting (Soft Skills)
• Risk-Based Controls (Hard Skills)
• Control Documentation (Hard Skills)
• Security Standards (Hard Skills)

Job Summary: 

• Oversee key areas of the Information Security Program, including vulnerability management, data protection, and risk management.
• Establish and coordinate remediation and mitigation activities for identified security risks.
• Provide subject matter expertise in information security and define key security program elements.
• Maintain security policies, standards, guidelines, processes, and procedures to ensure ongoing protection of information assets.
• Ensure technical security controls and technologies are properly maintained and resourced.
• Design and implement public cloud security architectures in AWS and Azure.
• Design and implement security controls that support frameworks such as NIST, SOC 2, and SOX.
• Deliver both strategic and tactical security guidance for IT, Engineering, and DevOps initiatives.
• Integrate security checks into existing and new systems.
• Embed security controls into Engineering and DevOps pipelines, including build automation and configuration management.
• Design and implement network-based and host-based security tools.
• Design, implement, and integrate diverse security solutions into an analyst-friendly security analytics platform.

Skills on Resume: 

• Vulnerability Management (Hard Skills)
• Risk Mitigation (Hard Skills)
• Security Expertise (Hard Skills)
• Policy Management (Hard Skills)
• Technical Controls (Hard Skills)
• Cloud Security (Hard Skills)
• Framework Compliance (Hard Skills)
• DevOps Security (Hard Skills)

Job Summary: 

• Plan and manage an enterprise-level security monitoring program that identifies, reviews, analyzes, communicates, and tracks security control deficiencies.
• Monitor and coordinate security incident response activities for major local or enterprise-wide security incidents.
• Advise stakeholders as an IT Security subject matter expert on risks and risk mitigation strategies.
• Drive improvement processes in collaboration with system and application owners, third-party service providers, and information security officers.
• Plan and coordinate external security audits and follow up on findings with relevant action owners.
• Support the design of an IT Security roadmap aligned with industry standards and best practices.
• Collaborate with internal and external IT organizations on strategic and tactical plans for information security and major system changes.
• Ensure information security standards and risks are addressed early in major changes and projects.
• Conduct risk assessments on internal and external vendors, systems, and applications as part of the vendor risk assessment program.
• Participate as a member of the Information Security team in security monitoring, risk management, and compliance management activities.
• Work closely with colleagues in Risk and Compliance to ensure an aligned approach to operational risk monitoring and reporting, including information security risks.
• Educate and inform stakeholders on their information security responsibilities and associated risks.

Skills on Resume: 

• Security Monitoring (Hard Skills)
• Incident Response (Hard Skills)
• Risk Advisory (Soft Skills)
• Process Improvement (Hard Skills)
• Audit Management (Hard Skills)
• Security Roadmap (Hard Skills)
• Vendor Assessment (Hard Skills)
• Security Education (Soft Skills)

Job Summary: 

• Initiate, develop, and maintain information security policies and procedures, ensuring that security strategies are followed to meet organizational goals and standards.
• Identify and resolve security risks, perform assessments, and act as an auditor for information security.
• Document security policies and promote activities and procedures to create awareness about the significance of security within the organization.
• Prepare an information security roadmap, develop strategic plans, execute them, and monitor progress through action plans.
• Develop and direct the implementation of security standards and best practices across the organization.
• Ensure that risks posed by a variety of cyber threats are minimized.
• Collaborate with organizational functions and departments to ensure employees are aware of cybersecurity issues, trained in best practices, and applying safe and secure methods for data collection, transfer, storage, and the use of social media, mobile devices, and applications.
• Research and track the latest information technology security trends and apply them to organizational practices.
• Ensure periodic IT security audits are conducted, follow up on findings, and complete actions as planned.

Skills on Resume: 

• Policy Development (Hard Skills)
• Risk Assessment (Hard Skills)
• Security Awareness (Soft Skills)
• Security Roadmap (Hard Skills)
• Standards Implementation (Hard Skills)
• Threat Mitigation (Hard Skills)
• Cybersecurity Training (Soft Skills)
• Security Audits (Hard Skills)

Job Summary: 

• Own the Information Security function to assess, analyze, and report on security needs and drive the development and implementation of the Information Security strategy.
• Provide leadership in assessing security governance, risk, and compliance requirements across all business units and coordinate between technology groups.
• Provide security expertise across security standards, including ISO 27001.
• Maintain awareness of policies, standards, risk methodologies, regulatory and legal requirements, and reports that impact the program.
• Partner with business and technology teams to develop and enhance key risk indicators.
• Ensure effective challenge of risks through established challenge mechanisms.
• Manage a team, including hiring, performance, and development decisions.
• Support business initiatives, projects, and regulatory compliance efforts.
• Apply in-depth knowledge of information security, security policies, account security policies, and standards for logical and physical security implementations.
• Apply understanding of information security control measures as defined in ISO 27001 and conduct risk assessments.
• Perform, manage, and run information security audits.

Skills on Resume: 

• Security Strategy (Hard Skills)
• Governance Compliance (Hard Skills)
• Standards Expertise (Hard Skills)
• Risk Indicators (Hard Skills)
• Risk Challenge (Hard Skills)
• Team Management (Soft Skills)
• Business Support (Soft Skills)
• Security Audits (Hard Skills)

Job Summary: 

• Work closely with IT leadership and the Data Protection Officer to ensure appropriate security guidance is provided to relevant stakeholders.
• Develop and maintain ISMS standards, policies, operating procedures, guidelines, and architectural principles to ensure cyber and information security goals are met and aligned with organizational objectives.
• Promote security awareness by developing and implementing a security awareness and training program.
• Obtain, maintain, and manage ISO 27001 and ISO 27701 certification.
• Provide risk-based assessments for IT products and projects for current and future systems, services, and products in line with departmental strategies, including innovation and PMO projects.
• Assist with internal and external information security audits.
• Support the creation and management of risk maturity modeling.
• Manage, maintain, and remediate penetration testing and vulnerability assessment activities to identify security weaknesses within the environment.
• Develop and maintain secure technology solutions across IT operations, PMO, QA, and development teams.
• Assist in the delivery and management of key technology security platforms, including SIEM, DLP, and IDS/IPS.
• Provide technical assistance and knowledge to the Data Protection team.
• Report information security risks to the consolidated IT risk register.

Skills on Resume: 

• Security Guidance (Soft Skills)
• ISMS Management (Hard Skills)
• Awareness Training (Soft Skills)
• Certification Management (Hard Skills)
• Risk Assessment (Hard Skills)
• Audit Support (Hard Skills)
• Penetration Testing (Hard Skills)
• Technology Security (Hard Skills)

Job Summary: 

• Define and implement the IT security operations framework, including security operations role definitions, monitoring, incident and event management, privileged access management, and overall security architecture.
• Work with IT infrastructure management to implement appropriate segregation of duties in compliance with standards and industry best practices.
• Create and promote a security-focused culture throughout the organization.
• Define, implement, document, and conduct reviews of information security policies and procedures, information security risk management, project risk management, and change management.
• Take accountability for information security policies and procedures among employees, contractors, partners, and third parties, and report on security policy lapses.
• Collaborate with business units, vendors, IT applications, and infrastructure teams during the software development life cycle.
• Ensure sufficient security controls are in place to meet information security policies and guidelines.
• Apply risk management practices in an operational environment, including audit procedures, controls, and systems hardening.
• Perform information security risk assessments and act as the internal auditor for information security processes.
• Review all system-related information security plans across the organization’s network.

Skills on Resume: 

• Security Operations (Hard Skills)
• Access Management (Hard Skills)
• Security Culture (Soft Skills)
• Policy Management (Hard Skills)
• Policy Accountability (Soft Skills)
• SDLC Security (Hard Skills)
• Risk Management (Hard Skills)
• Security Audits (Hard Skills)

Job Summary: 

• Perform technical risk analysis for corporate functional and technical areas relevant to information security.
• Assist with the management of internal audits and regulatory examinations.
• Identify and recommend changes or supplements to existing data security policies and procedures to mitigate key security risks, and partner with business areas to enhance policies and procedures.
• Initiate, facilitate, and promote information security awareness activities within the organization, including delivering training to staff.
• Oversee compliance with security policies and procedures among employees, contractors, alliances, and third parties, manage the information security incident response plan, and take corrective action.
• Oversee internal control systems by reviewing internal network activity and system access reports to ensure appropriate information access levels and security clearances are maintained.
• Monitor advancements in information security technologies as well as changes in legislation and accreditation standards affecting information security.
• Assist in coordinating projects involving organizational systems to ensure reasonable risk and security objectives are met.
• Ensure security best practices are integrated into network, system design, configuration, and implementation.
• Review and present risk assessments, disaster recovery and business continuity testing schedules and results, compliance testing, and other system or project updates to the IT committee, management team, and Board of Directors.

Skills on Resume: 

• Risk Analysis (Hard Skills)
• Audit Management (Hard Skills)
• Policy Improvement (Hard Skills)
• Security Awareness (Soft Skills)
• Incident Response (Hard Skills)
• Access Monitoring (Hard Skills)
• Technology Tracking (Hard Skills)
• Business Continuity (Hard Skills)

Job Summary: 

• Own the operational and technical side of the security function by reviewing and questioning current processes, suppliers, technologies, and ways of working.
• Collaborate with the Head of Information Security to use these insights to inform strategy.
• Partner with technologists, business SMEs, and the data compliance office to ensure teams are enabled and controls are fit for purpose, including working with squads and engineering teams to automate tasks and optimize existing processes.
• Own security operations, including incident management.
• Partner with the Managed Service Provider to strengthen security operations.
• Evolve the information security function to ensure continuous maturity.
• Recruit, lead, and support a small high-performing information security team.
• Partner with technologists to help inform and design security architecture.
• Oversee security projects and provide expert guidance on security matters for other IT projects.
• Design, coordinate, and oversee security testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.

Skills on Resume: 

• Process Review (Hard Skills)
• Strategy Collaboration (Soft Skills)
• Control Optimization (Hard Skills)
• Incident Management (Hard Skills)
• Security Operations (Hard Skills)
• Team Leadership (Soft Skills)
• Security Architecture (Hard Skills)
• Security Testing (Hard Skills)

Job Summary: 

• Assist technical and management leadership on major tasks or technology assignments.
• Establish goals and plans that meet project objectives.
• Assist in direction and control activities, taking overall responsibility for security management, methods, and staffing to ensure technical requirements are met.
• Participate in client negotiations and interface with senior management.
• Support decision-making and provide domain knowledge with a critical impact on overall project implementation.
• Provide support to plan, coordinate, and implement cybersecurity lab information security.
• Facilitate and help the lab identify its current security infrastructure and define future programs, including design and implementation of lab system security.
• Support security staff in designing, developing, engineering, and implementing solutions to security requirements.
• Implement and develop DHS IT security standards.
• Gather and organize technical information about the lab’s mission goals, needs, existing security products, and ongoing programs.
• Perform risk analyses, including risk assessments.
• Plan and lead major technology assignments.

Skills on Resume: 

• Project Planning (Hard Skills)
• Security Management (Hard Skills)
• Client Relations (Soft Skills)
• Decision Support (Soft Skills)
• Lab Security (Hard Skills)
• Solution Development (Hard Skills)
• Standards Implementation (Hard Skills)
• Risk Assessment (Hard Skills)

Job Summary: 

• Manage the development and implementation of security policies, standards, guidelines, and procedures to ensure ongoing maintenance of security.
• Maintain security-related corporate certification standards and coordinate with external consultants for independent security audits.
• Lead security investigations and forensics to determine the root cause of breaches and implement corrective actions.
• Identify vulnerabilities related to APIs, containers, services, and applications, and support developers in mitigation efforts.
• Apply metrics to measure, monitor, and report on the effectiveness of information security controls and compliance with policies.
• Perform regular vulnerability assessments to evaluate the effectiveness of existing controls.
• Oversee network security architecture, information security architecture, network access, monitoring policies, and the information security awareness program.
• Collaborate with executives to prioritize security initiatives and plan a security budget aligned with risk management needs.
• Oversee incident response planning, investigate security breaches, and assist with disciplinary and legal matters.
• Support the business in participating in security processes such as application assessments, product certification, and connectivity to the intranet and the internet.
• Provide periodic information security awareness programs.
• Participate in business continuity and disaster recovery planning.

Skills on Resume: 

• Policy Management (Hard Skills)
• Certification Management (Hard Skills)
• Forensic Investigation (Hard Skills)
• Vulnerability Management (Hard Skills)
• Security Metrics (Hard Skills)
• Network Architecture (Hard Skills)
• Incident Response (Hard Skills)
• Business Continuity (Hard Skills)

Job Summary: 

• Lead and manage the global Governance, Risk, and Compliance (GRC) process.
• Develop and maintain robust information security controls to protect solutions from security breaches and incidents.
• Establish, operate, and enhance compliance and risk management processes to ensure SOC 2 and HIPAA compliance.
• Conduct vulnerability assessments for applications and networks.
• Lead threat modeling and design reviews for applications developed or utilized within the organization.
• Conduct risk-based penetration tests and business logic tests.
• Lead the implementation of security assurance, VAPT, and application security measures.
• Design, develop, and implement process and security audits for enterprise-wide applications.
• Conduct regular security architecture and configuration reviews.
• Manage and own all aspects of network security, data security, and EUC security.
• Manage and investigate data leakage incidents if they occur.
• Oversee gap analysis for vulnerability management processes and ensure continuous security integration with SAST, DAST, and other tools.
• Identify information security risks and improve the overall information security posture of the organization.
• Review security activities and reports, providing both technical and non-technical oversight to prevent information security incidents.

Skills on Resume: 

• GRC Management (Hard Skills)
• Security Controls (Hard Skills)
• Compliance Management (Hard Skills)
• Vulnerability Assessment (Hard Skills)
• Threat Modeling (Hard Skills)
• Penetration Testing (Hard Skills)
• Security Audits (Hard Skills)
• Network Security (Hard Skills)

Job Summary: 

• Create information security strategies that implement and support business objectives over the short, medium, and long term.
• Develop and continuously improve the organizational information security management framework, prioritizing information security in line with business objectives.
• Monitor agreed KPIs to measure improvements in information security.
• Continuously monitor regulatory developments and requirements to ensure necessary compliance initiatives are implemented.
• Maintain an ongoing, proactive information security risk assessment program encompassing all new and existing information assets.
• Work with departments to facilitate risk assessment and risk management processes.
• Oversee the initiation of appropriate mitigating actions to rectify identified risks and manage risk acceptances.
• Partner with stakeholders across the organization to raise awareness of information security risk concerns at the senior level.
• Communicate risks to the Operating Board and Risk Committee in a comprehensive but non-technical manner to enable evidence-based decisions for securing information and systems.
• Advise departments on strategies to mitigate risks in information assets and information systems under their control, ensuring a coordinated organizational approach.
• Partner with internal auditors to monitor and report on departmental compliance.
• Oversee all ongoing activities related to developing, implementing, and maintaining information security policies and procedures, ensuring they meet the stated information security aims over the short, medium, and long term.

Skills on Resume: 

• Security Strategy (Hard Skills)
• Framework Development (Hard Skills)
• KPI Monitoring (Hard Skills)
• Regulatory Compliance (Hard Skills)
• Risk Assessment (Hard Skills)
• Risk Mitigation (Hard Skills)
• Stakeholder Awareness (Soft Skills)
• Policy Management (Hard Skills)

Job Summary: 

• Lead, coordinate, and execute information security initiatives in line with the security roadmap.
• Participate in IT system projects and provide technical advice to ensure security principles are adhered to.
• Ensure all identified information security risks are mitigated and appropriate security controls are implemented throughout the project lifecycle.
• Collaborate with the IT Infrastructure team to monitor, maintain, and fine-tune existing network and security infrastructure, including endpoint security, next-generation firewalls (NGFW), encryption, email and network proxy gateways, Microsoft 365, and DLP.
• Write comprehensive reports detailing assessment findings, outcomes, and recommendations for further system security enhancements.
• Support projects, initiatives, and security activities such as security awareness programs and security incident response in collaboration with relevant teams.
• Report on security KPIs, vulnerabilities, non-compliance, and other exposures, including misuse of information assets.
• Develop, maintain, and implement security policies, standards, and procedures.
• Maintain a security risk register and remediation plans with relevant stakeholders to achieve compliance with security requirements and mitigate risks to acceptable levels.
• Conduct research and perform proof of concepts to evaluate emerging technologies while maintaining an up-to-date understanding of the latest threats, vulnerabilities, mitigations, industry best practices, and regulations.

Skills on Resume: 

• Security Initiatives (Hard Skills)
• Technical Advisory (Hard Skills)
• Risk Mitigation (Hard Skills)
• Infrastructure Security (Hard Skills)
• Security Reporting (Hard Skills)
• Incident Response (Hard Skills)
• Policy Management (Hard Skills)
• Threat Research (Hard Skills)

Job Summary: 

• Work closely with global and regional information security teams to ensure local activities, processes, and practices comply fully with global and local information security regulations.
• Collaborate with management, legal, and internal controllers to ensure policies, programs, and processes are implemented, communicated, and consistently administered in compliance with organizational objectives, policies, and regulations.
• Assist global and regional information security teams and the internal control department in conducting regular information audits and related follow-up.
• Work closely with the IT operations team to design, deploy, follow up, and review information security tools, processes, and procedures to ensure alignment with group standards and local regulations.
• Manage day-to-day vulnerability scanning and assessment processes and ensure vulnerabilities are resolved on time.
• Initiate, design, and deploy information security campaigns and activities to continuously improve end users’ security awareness across the region.
• Develop a needs assessment process and formulate an information security training schema with appropriate delivery methods, relevant topics, and post-training evaluations.
• Lead the ISP process with IT project teams, business teams, and group information security teams to ensure timely integration of security requirements.
• Collaborate with coding vendors to ensure the quality of code aligns with group standards.
• Continuously monitor and forecast regional information security trends, and provide knowledge and resources to secure the information environment.
• Lead regional and local information security projects within assigned timeframes.
• Analyze business and operational processes to identify potential information security risks and provide advice and solutions to secure the business.

Skills on Resume: 

• Regulatory Compliance (Hard Skills)
• Policy Implementation (Hard Skills)
• Audit Support (Hard Skills)
• Tool Deployment (Hard Skills)
• Vulnerability Management (Hard Skills)
• Awareness Campaigns (Soft Skills)
• Security Training (Soft Skills)
• Risk Analysis (Hard Skills)

Job Summary: 

• Manage a team of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership, coaching, and development programs for team members.
• Oversee the activities of IT security support teams for both infrastructure operations and project needs.
• Develop a security program and security projects that address identified risks and business security requirements.
• Lead the process of gathering, analyzing, and assessing the current and future threat landscape, and provide leadership with a realistic overview of risks and threats in the enterprise environment.
• Work closely with departmental managers to determine the maintenance and growth needs of security applications and tools.
• Manage production issues and incidents, and participate in problem and change management.
• Collaborate with leadership and business stakeholders to define metrics and reporting strategies that communicate security program successes and progress effectively.
• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Research, evaluate, design, test, and recommend or plan the implementation of new or updated information security hardware or software, analyze its impact on the existing environment, and provide technical and managerial expertise for security tool administration.
• Work with the enterprise architecture team to ensure convergence of business, technical, and security requirements.
• Maintain a knowledge base including a technical reference library, security advisories and alerts, information on security trends and practices, and applicable laws and regulations.
• Manage day-to-day threat and vulnerability management activities, define risk tolerances, recommend treatment plans, and communicate information about residual risk.

Skills on Resume: 

• Team Management (Soft Skills)
• Security Program (Hard Skills)
• Threat Analysis (Hard Skills)
• Tool Management (Hard Skills)
• Incident Management (Hard Skills)
• Metrics Reporting (Hard Skills)
• Technical Controls (Hard Skills)
• Vulnerability Management (Hard Skills)

Job Summary: 

• Drive the team’s business processes, including executive reporting, business reviews, and senior forum or committee coordination.
• Enhance and execute daily activities and long-term strategic goals for the client protection program.
• Develop and execute a transparent and proactive communication plan within the team and with partners and stakeholders, including maintaining an intranet or digital presence.
• Assist the management team with ad hoc special projects or issues, such as budget tracking and reporting.
• Analyze and assess team processes and develop reengineering plans to continually improve products and services delivered to customers.
• Develop and maintain strong business relationships and influence change as a trusted advisor for customers.
• Partner with technology and infrastructure teams to ensure existing and new solutions are designed to meet organizational policies and standards.
• Provide strategic advice to ensure sound architecture and control effectiveness.
• Define, deliver, and maintain secure architectures in existing and future environments consisting of complex global systems.
• Provide leadership and drive risk remediation by managing risks, issues, action plans, remedies, and closure verification processes.
• Challenge assumptions methodically to best support internal customers.
• Ensure all pertinent information, risk, and control regulatory requirements and policies are understood by internal business partners, technologists, and Information Security Management staff, and ensure policies are implemented and monitored successfully.

Skills on Resume: 

• Business Processes (Hard Skills)
• Client Protection (Hard Skills)
• Communication Planning (Soft Skills)
• Process Improvement (Hard Skills)
• Business Relations (Soft Skills)
• Secure Architecture (Hard Skills)
• Risk Remediation (Hard Skills)
• Policy Implementation (Hard Skills)

Job Summary: 

• Manage technology, operational, and regulatory risks within the business line.
• Develop a comprehensive understanding of the business and the associated technology risk and control environment.
• Establish governance practices to manage and proactively identify issues and changes in the risk profile of underlying systems.
• Support application, product, and information owners in understanding the end-to-end risk posture of applications and infrastructure to ensure appropriate controls are implemented and operating effectively for both existing systems and new application development.
• Curate a robust risk and control environment, ensuring technology solutions comply with organizational risk and regulatory requirements.
• Collaborate with other control functions, including software developers, business control managers, compliance, internal audit, and external regulators.
• Drive a risk-mitigating culture to proactively identify, assess, and manage inherent risks within the technology space.
• Provide oversight and advisory services regarding regulatory and policy requirements across a wide variety of technologies.
• Promote innovation and strengthen the technology control environment by driving control optimization, education, process efficiency, and improved client experience.
• Perform security risk assessments to identify threats, risks, and appropriate mitigation strategies to support informed risk decisions.
• Develop an integrated technology control framework that balances business growth, risk mitigation, and financial returns.
• Collaborate with audit, compliance, business control management, and technology teams to drive transparent, measurable, and sustainable control improvements.

Skills on Resume: 

• Risk Management (Hard Skills)
• Governance Practices (Hard Skills)
• Control Environment (Hard Skills)
• Application Security (Hard Skills)
• Regulatory Advisory (Hard Skills)
• Risk Culture (Soft Skills)
• Control Optimization (Hard Skills)
• Security Assessment (Hard Skills)

Job Summary: 

• Develop and maintain the information security policy and accompanying standards, procedures, and guidance.
• Apply applicable data protection requirements (e.g., GDPR, HIPAA).
• Develop and deliver a programme of planned compliance reviews and ensure any gaps are addressed.
• Promote data protection and security awareness (including data protection legislation and HIPAA) by developing and implementing a training programme.
• Investigate suspected and actual security incidents/data breaches in accordance with the security incident management standard and associated legislative requirements, produce reports with recommendations, and ensure any remedial action is taken.
• Produce monthly reports on the effectiveness of the information security management system to the Information Security Joint Committee (ISJC).
• Work with internal stakeholders to develop relationships to help promote and improve information security and provide security advice on procurements, projects, and new initiatives.
• Collaborate with external stakeholders such as potential new clients, external auditors, internal auditors, and Accreditor.
• Provide input to the wider development of the information governance strategy and business planning process.
• Maintain currency with emerging security trends, risks, new guidance or standards (internal and external), and security-enhancing technologies.
• Manage the ISM risk register encompassing risk assessments across information security and data protection.
• Support new business through the completion of RFPs and security questionnaires.

Skills on Resume: 

• Policy Management (Hard Skills)
• Data Protection (Hard Skills)
• Compliance Reviews (Hard Skills)
• Awareness Training (Soft Skills)
• Incident Investigation (Hard Skills)
• ISMS Reporting (Hard Skills)
• Stakeholder Relations (Soft Skills)
• Risk Register (Hard Skills)

Job Summary: 

• Work with cross-functional managers to develop and implement security standards, policies, and response practices for continuous improvement within the security program.
• Oversee the development, implementation, and evaluation of information security programs to ensure ongoing improvements and performance indicators for effectiveness and compliance.
• Perform compliance checks for continuous monitoring plans, such as audit log reviews, security patching, permission audits, and software and hardware configuration management, and achieve KPIs for the effectiveness of the security program.
• Ensure security measures comply with applicable policies, provide configuration management, and accurately assess the impact of modifications and vulnerabilities.
• Participate in contract agreement reviews to ensure compliance with security program requirements meets or exceeds expectations.
• Support risk registries, risk treatment plans, and exception handling processes.
• Represent the information security program during audits and third-party assessments.
• Support the review and completion of security questionnaires and develop an index to improve the efficiency of the process.
• Prepare and maintain security assessments and manage metrics with performance indicators for evaluations with the Information Security technical team, including vulnerability assessment and penetration testing outcomes.
• Ensure the effectiveness and lifecycle of documentation, presentations, and training activities for Information Security education and awareness.
• Apply cybersecurity standards, directives, and guidance, and update policies for special programs such as mergers and acquisitions, technology adoption, and new business strategies.
• Assist with investigations of security incidents by providing an independent evaluation for incident handling and determining if lessons learned and continuous improvements occurred.

Skills on Resume: 

• Security Standards (Hard Skills)
• Program Management (Hard Skills)
• Compliance Monitoring (Hard Skills)
• Configuration Management (Hard Skills)
• Contract Review (Hard Skills)
• Risk Management (Hard Skills)
• Audit Support (Hard Skills)
• Security Awareness (Soft Skills)

Job Summary: 

• Build, lead, and develop the information security team by organizing, prioritizing, and delegating work.
• Provide staff training and development and make appropriate personnel-related recommendations.
• Monitor vulnerability management, including overseeing Nessus scans and result remediation.
• Manage patching and endpoint policy compliance.
• Conduct and oversee security log reviews of services and solutions.
• Validate the success of backup program tasks and ensure recovery activities are tested.
• Manage relationships and interactions with third-party vendor dedicated SOC analysts.
• Recommend process and program improvements to enhance organizational security and compliance.
• Evaluate emerging technologies and make strategic technology recommendations to meet business requirements.
• Plan, coordinate, and implement security measures to safeguard information in computer files, databases, cloud services, and transmissions against accidental or unauthorized damage, modification, or disclosure.
• Monitor and enforce security policies and best practices, ensure compliance with security software licensing and services agreements.
• Perform risk analysis for corporate functional and technical areas relevant to information security.
• Maintain compliance and exceptions to information security policies, standards, and procedures.

Skills on Resume: 

• Team Leadership (Soft Skills)
• Staff Development (Soft Skills)
• Vulnerability Management (Hard Skills)
• Patch Management (Hard Skills)
• Log Review (Hard Skills)
• Disaster Recovery (Hard Skills)
• Vendor Management (Hard Skills)
• Risk Analysis (Hard Skills)

Job Summary: 

• Provide input into business strategy to ensure information and cybersecurity are integrated into business change and the security portfolio to meet organizational needs.
• Build and maintain effective relationships with business, technology, and cybersecurity stakeholders.
• Act as a point of contact for coordination, remediation activities, and escalation of operational risks and issues such as cyber incidents, vulnerabilities, penetration testing, application security, and DAST/SAST findings.
• Provide oversight of business-based information security controls and ensure assurance that those controls are operating effectively for local management.
• Engage with internal resources to maintain controls on an ongoing basis throughout the year.
• Assess and present risks to the business when evaluating internal security exceptions.
• Participate as a subject matter expert in business application security questionnaires.
• Assist and respond to routine support requests from the business and clients related to security, risk, privacy, and internal audit.
• Assist in the client contracting process by supporting legal resources, sales leaders, and business leaders in negotiating information security, privacy, and other requirements within contracts and service agreements.
• Conduct annual self-assessments and flag security gaps to relevant stakeholders.
• Assess compliance with information security strategies during application migrations to cloud environments.
• Work with development and internal IT teams to ensure compliance with organizational security standards.
• Manage and oversee ad hoc projects to enhance information and cybersecurity controls for the business to meet compliance requirements.

Skills on Resume: 

• Business Integration (Hard Skills)
• Stakeholder Relations (Soft Skills)
• Risk Escalation (Hard Skills)
• Control Oversight (Hard Skills)
• Risk Assessment (Hard Skills)
• Application Security (Hard Skills)
• Contract Support (Soft Skills)
• Cloud Compliance (Hard Skills)

Job Summary: 

• Support the Security department in developing and delivering the Information Security strategy.
• Design and manage security systems, including IDPS systems (e.g., SourceFire), SIEM systems (e.g., Splunk, Sentinel), and IAM/PAM systems.
• Design and implement enterprise-wide security solutions.
• Review contracts, support sales teams, and contribute to new customer development.
• Develop products and services with a focus on security.
• Manage vendor relationships.
• Continuously benchmark industry trends and standards for products and threats.
• Understand cybersecurity implications across networks, operating systems, hardware platforms, applications, and supporting services and protocols.
• Establish and maintain security programs to meet business objectives.
• Monitor Security Key Performance Indicators (KPIs) to identify trends, develop mitigation strategies, and implement recovery actions.
• Drive security solutions for endpoint protection, vulnerability management, SIEM, SOAR, data loss prevention, and EDR.
• Leverage automation, API integrations, and scripting (in various languages).

Skills on Resume: 

• Security Strategy (Hard Skills)
• System Management (Hard Skills)
• Enterprise Solutions (Hard Skills)
• Contract Support (Soft Skills)
• Secure Development (Hard Skills)
• Vendor Management (Hard Skills)
• Trend Analysis (Hard Skills)
• Security Automation (Hard Skills)

Job Summary: 

• Lead a geographically remote team to help design, manage, and build security technology processes and solutions.
• Manage a team of information security professionals, recruiting and training employees, communicating job expectations, and monitoring job performance.
• Enforce policies and procedures to ensure compliance with regulatory and legal requirements as well as security best practices.
• Contribute to the oversight and monitoring of information security risk to ensure activities align with organizational risk appetite.
• Support the implementation of physical security directives.
• Manage employees within the division.
• Support internal and external audits on information security topics.
• Review and adjust policies, principles, standards, procedures, and methodologies to ensure legal, regulatory, and contractual requirements are addressed and communicated.
• Participate in delivering company-wide information security awareness and training activities.
• Research and monitor new technologies, threats, and vulnerabilities that may impact organizational and customer environments.
• Participate in industry-relevant workshops, conventions, and working groups.
• Collaborate with and support all departments in executing company objectives.

Skills on Resume: 

• Remote Team Management (Soft Skills)
• Staff Development (Soft Skills)
• Policy Enforcement (Hard Skills)
• Risk Oversight (Hard Skills)
• Physical Security (Hard Skills)
• Audit Support (Hard Skills)
• Awareness Training (Soft Skills)
• Threat Monitoring (Hard Skills)

Job Summary: 

• Provide strategic vision for Information Assurance and Risk Management within the program.
• Assess future customer and corporate requirements in a rapidly evolving environment.
• Define, develop, review, deliver, and maintain information security policies, processes, and procedures in support of organizational requirements.
• Identify risks and issues that will impact services.
• Produce concise risk assessments to be communicated to business risk owners and drive practical remediation activities.
• Implement proportionate security controls using appropriate risk management methodologies.
• Review designs of new systems and services in line with current industry guidelines.
• Identify security requirements and work with technical experts to ensure requirements are delivered so services are secure by design.
• Deliver and maintain accreditation for services and systems.
• Scope, assess risks, and implement security controls to maintain services and systems within risk appetite.
• Review and deliver Risk Management and Accreditation Document Sets.
• Maintain targets of accreditation in accordance with relevant policies and standards.

Skills on Resume: 

• Strategic Vision (Soft Skills)
• Policy Management (Hard Skills)
• Risk Assessment (Hard Skills)
• Remediation Planning (Hard Skills)
• Security Controls (Hard Skills)
• Secure Design (Hard Skills)
• Service Accreditation (Hard Skills)
• Risk Documentation (Hard Skills)

Job Summary: 

• Conduct proportionate through-life assurance activities, including assessment of services and systems for vulnerabilities.
• Identify requirements and scope of penetration tests and vulnerability scans, interpret results, and create remediation plans.
• Assist with investigating potential security incidents, reporting on cause analysis, and producing recovery and mitigation plans.
• Produce situational and performance reports for the Head of Security through the Security Manager.
• Work with primary suppliers to contribute to security management, development, and improvement of cybersecurity practices.
• Conduct audits and reviews of suppliers.
• Contribute to the development and maintenance of cybersecurity training and awareness programs.
• Represent security at internal meetings and attend external events and conferences.
• Remain agile and prepared to travel to other sites to attend official meetings, briefings, or training.
• Foster good working relationships, engagement, and support from senior management in support of security initiatives.
• Manage and deliver project work set by the Information Assurance Manager or the Security Manager.
• Contribute toward the maintenance of security certificates and standards such as ISO27001 and Cyber Essentials Plus.

Skills on Resume: 

• Assurance Activities (Hard Skills)
• Penetration Testing (Hard Skills)
• Incident Response (Hard Skills)
• Security Reporting (Hard Skills)
• Supplier Management (Hard Skills)
• Audit Reviews (Hard Skills)
• Awareness Training (Soft Skills)
• Certificate Maintenance (Hard Skills)

Job Summary: 

• Oversee and enforce all activities necessary to comply with the Security Rule and verify alignment with its requirements.
• Establish, update, and maintain written policies and procedures to comply with the Security Rule.
• Provide copies of policies and procedures to management and make them available for review by all applicable workforce members.
• Review and update documentation periodically to respond to environmental or operational changes affecting the security of ePHI.
• Facilitate audits to validate information security compliance efforts throughout the organization.
• Document all activities and assessments completed to comply with the Security Rule.
• Implement procedures for the authorization and supervision of workforce members who work with ePHI or in locations where it may be accessed.
• Maintain a program encouraging workforce members to report non-compliance with established information security policies and procedures.
• Investigate reported violations promptly, properly, and consistently, and take steps to prevent recurrence.
• Work with Human Resources to apply consistent and appropriate sanctions against workforce members who fail to comply with security policies and procedures.
• Mitigate, to the extent practicable, any harmful effect of a use or disclosure of ePHI in violation of policies and procedures.

Skills on Resume: 

• Security Compliance (Hard Skills)
• Policy Management (Hard Skills)
• Documentation Review (Hard Skills)
• Audit Facilitation (Hard Skills)
• Access Authorization (Hard Skills)
• Non-Compliance Reporting (Soft Skills)
• Incident Investigation (Hard Skills)
• Risk Mitigation (Hard Skills)

Job Summary: 

• Report security efforts and incidents to the administration on time.
• Assist in the administration and oversight of business associates and agreements in place with them.
• Perform ongoing compliance monitoring activities.
• Participate in the development, implementation, and ongoing monitoring of all business associate agreements to ensure security concerns, requirements, and responsibilities are addressed.
• Establish and maintain a mechanism to track access to protected health information as required by law to allow qualified individuals to review or receive reports on such activity.
• Establish and administer a process for receiving, documenting, tracking, investigating, and acting on all complaints concerning security policies and procedures in coordination with other functions and legal counsel.
• Review all system-related information security plans throughout the organization’s network to ensure alignment between security and privacy practices and act as liaison for users of clinical and administrative systems.
• Maintain current knowledge of applicable federal and state information security laws and accreditation standards, and monitor advancements in security technologies to ensure organizational compliance and adaptation.
• Cooperate with the U.S. Department of Health and Human Services Office of Civil Rights, other legal entities, and organizational officers in compliance reviews or investigations.

Skills on Resume: 

• Incident Reporting (Hard Skills)
• Compliance Monitoring (Hard Skills)
• Agreement Management (Hard Skills)
• Access Tracking (Hard Skills)
• Complaint Handling (Soft Skills)
• Policy Alignment (Hard Skills)
• Regulatory Knowledge (Hard Skills)
• Legal Cooperation (Soft Skills)

Job Summary: 

• Ensure the Information Security strategy is implemented throughout the Market Area (MA) and communicate feedback from the MA back to Group Security.
• Collaborate with IT Security Managers to execute cybersecurity initiatives in the MA and coordinate activities within the MA and other relevant units.
• Act as liaison between Group Security, IT Security, and Product Security on information and cybersecurity priorities and investigations.
• Serve as liaison with hosted business area functions from an MA perspective in matters related to security.
• Ensure Information Security virtual resources are utilized efficiently across the MA.
• Participate in the development of the global ISMS and support its implementation in the MA.
• Ensure relevant ISMS/ISO 27000 series controls are implemented and ensure the Statement of Applicability (SoA) is documented.
• Develop and maintain MA-wide steering documents, processes, tools, and templates for information security.
• Ensure standard methodologies, processes, templates, and tools are shared across the MA.
• Act as a senior advisor on information security within the MA to leadership or customers, and assist in presales activities.
• Support and coordinate the handling of critical issues by customers, partners, or internal information security incidents, and act as liaison between the MA and other involved parties in investigations.
• Supervise market requirements on international information security standards and drive initiatives for alignment and certification requests.
• Represent the MA and engage in activities to raise information security awareness within the MA and ICT market space, and participate in relevant assessments and audits.
• Coordinate with other cross-MA security disciplines to ensure unified ways of working throughout the MA and take responsibility for information security training and awareness in the MA.

Skills on Resume: 

• Strategy Implementation (Hard Skills)
• Cybersecurity Coordination (Hard Skills)
• Security Liaison (Soft Skills)
• ISMS Support (Hard Skills)
• Control Implementation (Hard Skills)
• Process Development (Hard Skills)
• Security Advisory (Soft Skills)
• Awareness Training (Soft Skills)

Job Summary: 

• Define and embed an Information Security Policy Framework across the organization to support business strategy and objectives.
• Drive and deliver change to information and cybersecurity systems, processes, and procedures.
• Continuously analyze and review new security technologies and practices informed by industry best practices.
• Act as a subject matter expert and key member of the information security leadership team.
• Ensure that security standards and best practices are defined and embedded into all change initiatives, particularly project and development lifecycles.
• Work with the business to ensure prevention, identification, and detection of IT and information security risks supporting operations and key processes.
• Assist the compliance team in conducting audits of information security, service management systems, and data privacy, and identify corrective, preventative, and improvement actions.
• Identify, assess, and prioritize potential information and data governance risks across products, solutions, systems, data, people, and processes.
• Partner with business leaders to ensure effective mitigation actions and controls.
• Act as a business partner to provide information governance, security, and support to business leaders, and maintain a supporting documentation framework to fulfill customer requirements.

Skills on Resume: 

• Policy Framework (Hard Skills)
• Change Management (Hard Skills)
• Technology Analysis (Hard Skills)
• Security Leadership (Soft Skills)
• Standards Integration (Hard Skills)
• Risk Detection (Hard Skills)
• Audit Support (Hard Skills)
• Risk Mitigation (Hard Skills)

Job Summary: 

• Assess the current portfolio of systems and products to ensure adherence to best practice information security practices.
• Collaborate with Sales, Service Delivery, and Product Managers when rolling out new or existing products.
• Ensure IT, network infrastructure, and processes are designed with appropriate security practices and controls.
• Work with Sales as a customer-facing Information Security Manager to deliver customer requirements on demand.
• Lead the Customer Security Working Group (SWG) and provide progress updates on the customer security management plan.
• Provide input and support to bids and tender teams to complete information security questionnaires for new and existing businesses.
• Review security requirements within customer contracts and ensure adherence.
• Arrange vulnerability scans and penetration testing for products and services, and work with the business to remediate high vulnerabilities on time.
• Provide technical input to business continuity planning and help define disaster recovery scenarios related to data and information loss.
• Provide coaching and mentorship to leaders on information security best practices and develop a culture of strong information security awareness.

Skills on Resume: 

• Security Assessment (Hard Skills)
• Product Collaboration (Soft Skills)
• Infrastructure Security (Hard Skills)
• Customer Management (Soft Skills)
• Contract Review (Hard Skills)
• Penetration Testing (Hard Skills)
• Business Continuity (Hard Skills)
• Security Awareness (Soft Skills)

Job Summary: 

• Plan, implement, and upgrade security measures and controls.
• Establish plans and protocols to protect digital files and information systems against unauthorized access, modification, and destruction.
• Maintain data and monitor security access.
• Perform vulnerability testing, risk analyses, and security assessments.
• Conduct internal and external security audits.
• Anticipate security alerts, incidents, and disasters and reduce their likelihood.
• Manage network, intrusion detection, and prevention systems.
• Manage the incident response program.
• Recommend and install appropriate security tools and countermeasures.
• Define, implement, and maintain corporate security policies.

Skills on Resume: 

• Security Controls (Hard Skills)
• Access Protection (Hard Skills)
• Data Monitoring (Hard Skills)
• Vulnerability Testing (Hard Skills)
• Security Audits (Hard Skills)
• Incident Prevention (Hard Skills)
• Network Management (Hard Skills)
• Incident Response (Hard Skills)

Job Summary: 

• Train employees in security awareness and procedures.
• Coordinate security plans with outside vendors.
• Perform third-party risk assessments, mainly for SaaS solutions, including evaluation of SOC reports, penetration test results, security policies, and disaster recovery plans.
• Enforce and audit security controls, including discussions with managers, administrators, developers, and business users.
• Utilize and refer to NIST controls.
• Utilize and refer to NCUA ACET.
• Provide cloud security control recommendations.
• Conduct server access reviews.
• Prepare reporting dashboard metrics for management reviews.
• Understand and fulfill roles and responsibilities within the business continuity plan.

Skills on Resume: 

• Security Training (Soft Skills)
• Vendor Coordination (Soft Skills)
• Third-Party Assessment (Hard Skills)
• Control Auditing (Hard Skills)
• NIST Framework (Hard Skills)
• Cloud Security (Hard Skills)
• Access Reviews (Hard Skills)
• BCP Support (Hard Skills)

Job Summary: 

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program.
• Ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the organization.
• Facilitate information security governance through a hierarchical governance program, including the formation of an information security steering committee or advisory board.
• Develop, maintain, and publish up-to-date information security policies, standards, and guidelines.
• Oversee the approval, training, and dissemination of security policies and practices.
• Create and manage information security and risk management awareness training programs for employees, contractors, and approved system users.
• Work directly with business units to facilitate IT risk assessment and management processes, and collaborate with stakeholders to identify acceptable levels of risk.
• Provide regular reporting on the current status of the information security program to enterprise risk teams and senior business leaders as part of enterprise risk management.
• Implement structures for roles and responsibilities regarding information ownership classification, accountability, and protection.
• Liaise with the enterprise architecture team to ensure alignment between security and enterprise architectures and coordinate strategic planning across both.

Skills on Resume: 

• Information Security (Hard Skills)
• Risk Assessment (Hard Skills)
• Governance Development (Hard Skills)
• Policy Management (Hard Skills)
• Security Training (Hard Skills)
• Team Collaboration (Soft Skills)
• Stakeholder Communication (Soft Skills)
• Strategic Planning (Soft Skills)

Job Summary: 

• Coordinate information security efforts with IT organization resources and business unit teams.
• Ensure security programs comply with relevant laws, regulations, and policies to minimize or eliminate risks and audit findings.
• Facilitate the information security risk assessment process, including reporting and oversight of treatment efforts to address negative findings.
• Monitor the external threat environment for emerging threats and advise stakeholders on appropriate courses of action.
• Facilitate a metrics and reporting framework to measure program efficiency and effectiveness, ensure appropriate resource allocation, and increase security maturity.
• Engage with related disciplines through committees to ensure consistent application of policies and standards across technology projects, systems, and services, including risk management and compliance.
• Liaise with corporate compliance, privacy, audit, legal, and HR management teams to ensure coordinated security practices.
• Manage security issues and incidents, and participate in problem and change management forums.
• Work with stakeholders to identify information asset owners and classify data and systems as part of scaling and implementation.
• Collaborate with IT and business stakeholders to define metrics and reporting strategies that effectively communicate security program progress and success.

Skills on Resume: 

• Security Coordination (Hard Skills)
• Regulatory Compliance (Hard Skills)
• Risk Assessment (Hard Skills)
• Threat Monitoring (Hard Skills)
• Metrics Reporting (Hard Skills)
• Policy Alignment (Soft Skills)
• Cross-Functional Collaboration (Soft Skills)
• Incident Management (Hard Skills)

Job Summary: 

• Consult with IT and security staff to ensure security is included in the evaluation, selection, installation, and configuration of hardware, applications, and software.
• Recommend and coordinate the implementation of technical controls to support and enforce security policies.
• Research, evaluate, design, test, and recommend new or updated security hardware or software, analyze their impact on the existing environment, and provide expertise in administering security tools.
• Develop strong working relationships with the security engineering team to implement controls and configurations aligned with policies, legal, regulatory, and audit requirements.
• Coordinate, measure, and report on the technical aspects of security management.
• Manage outsourced vendors providing information security functions and ensure compliance with service-level agreements.
• Manage and coordinate operational components of incident management, including detection, response, and reporting.
• Oversee day-to-day threat and vulnerability management, define risk tolerances, recommend treatment plans, and communicate information about residual risk.
• Evaluate performance results and recommend major changes affecting short-term project growth and success.
• Function as a cyber technical expert across multiple project assignments.

Skills on Resume: 

• Security Integration (Hard Skills)
• Technical Controls (Hard Skills)
• Security Research (Hard Skills)
• Engineering Collaboration (Soft Skills)
• Security Reporting (Hard Skills)
• Vendor Management (Soft Skills)
• Incident Response (Hard Skills)
• Vulnerability Management (Hard Skills)

Job Summary: 

• Guide security policy and participate in broader information security governance efforts.
• Develop and maintain the Information Security Management System (ISMS) in collaboration with regional information security SMEs and technical consultants.
• Oversee and manage the ISMS and recommend appropriate mitigating controls.
• Oversee information security risk management activities, including risk identification, assessment, and communication to stakeholders.
• Provide expertise and leadership to executive leadership, sharing metrics on security program performance, executive risk score reports, and guidance on information security topics.
• Facilitate a committee of information security SMEs to ensure regional compliance, concurrence on security matters, and the development of optimal regional solutions.
• Collaborate with systems integrators, vendors, and partner organizations to embed security best practices, standards, policies, and regulatory requirements into system design, implementation, and sustainment, and support future projects.
• Conduct regular security reviews of software and processes, and advise on information security practices.
• Review and create threat models and recommend security enhancements consistent with security strategy and evolving threats.
• Support external IT security audits and assessments.

Skills on Resume: 

• Policy Governance (Hard Skills)
• ISMS Management (Hard Skills)
• Risk Management (Hard Skills)
• Executive Reporting (Soft Skills)
• Committee Facilitation (Soft Skills)
• Vendor Collaboration (Soft Skills)
• Security Review (Hard Skills)
• Threat Modeling (Hard Skills)

Job Summary: 

• Develop, update, implement, and conduct information security training programs to support ISMS objectives.
• Manage approvals for Identity and Access Management (IAM) and access control administration.
• Act as Incident Commander for security incident response activities whenever the Information Security Incident Response Plan is invoked.
• Participate as a stakeholder and provide oversight if incident response plans are invoked by partners or vendors.
• Participate in incident investigation and response efforts, perform root-cause analysis, and prepare incident reports.
• Serve as a member of the Change Advisory Board to evaluate change requests for potential impacts to information security and provide input to the change management process.
• Coach, mentor, and develop future information security staff as the ISMS matures.
• Stay current on information security trends, best practices, threats, and countermeasures.
• Champion organizational core values and demonstrate values-based behaviors in daily interactions.
• Contribute to a culture of diversity, equity, and inclusion in alignment with organizational policies.

Skills on Resume: 

• Security Training (Hard Skills)
• Access Management (Hard Skills)
• Incident Command (Hard Skills)
• Incident Investigation (Hard Skills)
• Change Management (Hard Skills)
• Staff Development (Soft Skills)
• Trend Awareness (Hard Skills)
• Cultural Leadership (Soft Skills)

Job Summary: 

• Lead, coach, and develop a small team of subject matter experts in managing the ISMS and its key attributes.
• Develop and maintain the Information Security Policy Framework in line with risk appetite, legislation, and industry standards.
• Conduct enterprise-level information security risk assessments and participate in the end-to-end risk management process.
• Maintain a strong understanding of the existing and emerging threat landscape and industry trends.
• Work with stakeholders within Security & Resilience and across the organization to ensure security policies, standards, and controls are embedded.
• Promote a strong information security culture across the organization.
• Implement and maintain information security compliance, including SOC 2 and 3, GDPR, HIPAA, and ISO 27001 across SaaS products.
• Perform periodic risk assessments and audits.
• Maintain compliance-related documents and provide support to teams.
• Assist the team in addressing security and compliance-related queries from users.
• Work closely with the Engineering and People Ops teams to implement data security controls and perform ongoing refactoring of implemented controls.
• Lead compliance audits and resolve non-conformances.

Skills on Resume: 

• Team Leadership (Soft Skills)
• Policy Framework (Hard Skills)
• Risk Assessment (Hard Skills)
• Threat Awareness (Hard Skills)
• Stakeholder Engagement (Soft Skills)
• Security Culture (Soft Skills)
• Regulatory Compliance (Hard Skills)
• Audit Management (Hard Skills)

Job Summary: 

• Create, manage, and take ownership of the information security assurance framework, designing and performing reviews to ensure controls.
• Manage stakeholders to perform or coordinate ISMS control assurance reviews in line with ISO 27001.
• Maintain and manage supplier risk assessments, ensuring agreed actions are effectively resolved.
• Work with business teams and other risk functions to drive assessments of information security risk, identify opportunities to reduce risk, and facilitate remediation of identified vulnerabilities.
• Work directly with the Head of Information Security to develop a comprehensive security program.
• Monitor and report on compliance with security policies and enforce those policies within the IT environment.
• Act as a trusted cybersecurity advisor covering security assurance.
• Investigate, assess, and report on the development or spread of potential cybersecurity threats and vulnerabilities impacting organizational and client information security.
• Perform security evaluations of infrastructure changes as the security stakeholder in the ITIL change management process.
• Participate in the resolution of security incidents as part of the incident and problem management teams.
• Provide risk assessments, security advice, and guidance to assigned customers, competency teams, and service delivery managers.
• Identify opportunities for business development within the existing client base through the creation of new services or the expansion of delivered services.

Skills on Resume: 

• Assurance Framework (Hard Skills)
• Control Reviews (Hard Skills)
• Supplier Risk (Hard Skills)
• Risk Reduction (Hard Skills)
• Policy Compliance (Hard Skills)
• Cybersecurity Advisory (Soft Skills)
• Threat Assessment (Hard Skills)
• Business Development (Soft Skills)

Job Summary: 

• Operate as a trusted advisor to support business strategy, manage risk, and align security controls and capabilities by engaging in the development, design, and execution of global and line-of-business control programs.
• Understand and interpret country-specific regulatory requirements and corporate policies, communicate these clearly with current statuses, and provide oversight of compliance.
• Manage and monitor the technology and cyber risk posture for the business, providing management with transparency over risks and how they can be addressed.
• Partner with technology teams, lines of business, and cybersecurity teams to ensure JPMC’s security architecture, policies, standards, risk assessments, monitoring, and regulatory requirements are followed.
• Participate actively and interface with Business Controls Management teams, audit, and external regulators.
• Conduct independent risk assessments of information security and information technology programs and provide effective challenge to the design and execution of technical and procedural controls.
• Provide periodic updates, reports, and recommendations on information security and information technology controls, risk assessments, and risk remediation strategies.
• Evaluate and supervise information security and information technology controls actively.
• Contribute to the annual risk assessment and coordinate risk-based investigations of controls.
• Conduct industry benchmarking, regulatory requirement gathering, and peer-based analysis of available controls, risk assessment methodologies, and risk mitigation practices to identify coverage gaps.
• Support the development of information security and information technology metrics, including KRIs and KPIs, to continuously monitor and guide program-level risks.

Skills on Resume: 

• Trusted Advisory (Soft Skills)
• Regulatory Oversight (Hard Skills)
• Risk Monitoring (Hard Skills)
• Security Architecture (Hard Skills)
• Audit Interface (Soft Skills)
• Independent Assessment (Hard Skills)
• Risk Reporting (Hard Skills)
• Control Evaluation (Hard Skills)

Job Summary: 

• Develop, implement, and monitor strategic and tactical plans, enterprise information security programs, and risk management initiatives.
• Ensure the confidentiality, integrity, and availability of information owned, controlled, or processed by the organization.
• Develop, maintain, and publish up-to-date security policies, standards, and guidelines.
• Oversee training and dissemination of security practices within the information security framework.
• Lead the daily operations of the Information Security team, including training, staff development, and oversight of third-party usage.
• Mentor and coach IT professionals to support skill development and career growth.
• Manage security, regulatory, and compliance requirements.
• Oversee periodic security assessments, vulnerability assessments, and business continuity tests in alignment with industry best practices.
• Develop metrics and reporting to measure and improve the effectiveness of the overall information security program.
• Drive continuous improvement to enhance service levels and reduce overall risk exposure for the organization.

Skills on Resume: 

• Strategic Planning (Hard Skills)
• Risk Management (Hard Skills)
• Policy Development (Hard Skills)
• Security Training (Hard Skills)
• Team Leadership (Soft Skills)
• Coaching Mentoring (Soft Skills)
• Regulatory Compliance (Hard Skills)
• Continuous Improvement (Soft Skills)

Job Summary: 

• Assess risk and perform ongoing gap analyses on security controls and strategies.
• Recommend changes to reduce risk while improving the protection of customer and organizational data.
• Manage security incidents and events to safeguard IT assets, serving as the primary control point during follow-up on significant incidents.
• Advise leadership on risk issues related to information security and recommend actions in support of broader risk management programs.
• Provide strategic risk guidance and advocacy for infrastructure investments and IT projects, including project prioritization and the evaluation of technical controls.
• Oversee IT Business Continuity and Disaster Recovery planning.
• Ensure systems can respond effectively to disasters, resume critical business functions within defined timeframes, and minimize data loss.
• Foster collaboration within IT frameworks and actively participate in “Communities of Excellence.”
• Partner with IT leadership to model and promote a standard of excellence across teams.
• Build relationships, provide work coordination, and act as an IT liaison with other departments, business units, and strategic partners.

Skills on Resume: 

• Risk Assessment (Hard Skills)
• Gap Analysis (Hard Skills)
• Incident Management (Hard Skills)
• Risk Advisory (Soft Skills)
• Strategic Guidance (Soft Skills)
• Business Continuity (Hard Skills)
• Disaster Recovery (Hard Skills)
• Collaboration Building (Soft Skills)