Our client is seeking a Regional Information Security Officer for a direct hire opportunity. This resource can work remote, but must be okay with west coast hours daily.
- Participate in the design and deployment of new software systems, services, components, features, etc.
- Perform information security audits for third party suppliers and vendors including support for RFPs and client audits
- Participate in implementation and management of company security platforms such as endpoint protection, encryption, SIEM, CASB, perimeter controls and more
- Develop appropriate plans to proactively mitigate potential security risks
- Work with internal teams to identify and reduce weaknesses on a continuous basis
- Help develop, maintain and enforce information security policies, standards, and procedures including incident investigations
- Participate in training/awareness programs throughout the company to ensure all staff and appropriate contracted staff are aware of policies, common risks, and how to identify and respond to potential security incidents
- Review and redesign existing workflows to create operational efficiencies
- Maintain up to date knowledge of emerging security trends, risks, new guidance or standards (internal and external) and security enhancing technologies
Requirements for this position include:
- 5+ years experience with managing enterprise level security or 5+ years in a related role with increasing scope, responsibility, and complexity at a multinational company
- College degree (BA or BS) Management Information Systems, Information Security, Information Technology, or related field
- CISA, CISM, CRISC, CCSP certifications are preferred
- Ability to cultivate relationships and act as a consultancy to varied stakeholders including cross-functional / peer relationships with diverse, global teams
- Experience in project management and corporate security environment for a global company in such areas as policy creation, training / awareness, physical security controls, etc.
- Technical audit experience such as PCI-DSS, NIST, OWASP, ISO27001, SOX, pen testing, etc. and ability to assess complex systems
- Awareness of global data protection / privacy laws and regulations and risk management methodologies
- Good understanding of security, administration, design, and implementation of operating systems and network security controls for both physical hardware and cloud-based SAAS / hosted solutions
- Strong interest in and of understanding of infrastructure security concepts, cloud-based architecture, security controls and technologies, industry best practices, access controls, forensics and metrics
- Advanced understanding of Microsoft 365