OverviewProvides support to business and IT teams including security consulting for major corporate initiatives and information security projects. Performs risk assessments, security assessments and policy reviews of WSFG systems and third-party vendors to identify areas of noncompliance with established information security standards and regulations, and helps recommend mitigations strategies and countermeasures. Provides security guidance to other IT and project teams in the evaluation, design, or implementation of secure computing environments. Develops, reviews, and monitors information security policies and procedures and makes recommendations for improvement. Identifies and defines overall security requirements for the proper operation and design of business and IT applications to ensure the protection of WSFG systems and data. Contributes to the development of the organization's information security awareness program. Escalates when needed and updates Director on a regular basis.ResponsibilitiesWhat you will do: Assists team in performing third-party vendor due diligence security reviews to ensure compliance with information security policy, security procedures, and regulatory requirements. Identifies and reports deficiencies or risks to the appropriate stakeholders. Follows up with business teams and third parties to escalate issues when necessary. Participates in the effort to address identified IT audit findings and cybersecurity risks with corrective action plans. Works with senior team members to support process/program improvements. Conducts ongoing monitoring of the first-party security posture and performance. Acts as a liaison with Internal Audit on IT audits. Works with project teams to ensure PMLC/SDLC tollgates are being met for security and that the appropriate security artifacts are being maintained. Helps in PMLC/SDLC planning and makes certain it assesses the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. Conducts in-depth research to understand industry best practices, emerging trends and the latest open source methods that will help address current security challenges and enable new ways of delivering value to the Enterprise. Works with IT and the business serving as a technical security consultant on IT and business projects. Provides input on complex business problems and helps deliver solutions that address risks to the corporate network and information assets. Ensures the appropriate level of controls are applied based on industry standards, best practices, and cybersecurity regulations by developing repeatable processes to identify, evaluate, and measure IT security risk. Helps manage the information security policy lifecycle, including policy creation, policy maintenance, policy exception, and policy change requests. Works with them to help improve the overall security policy framework. Works with the business and IT management to ensure that the security policy framework and internal controls are being appropriate followed. Conducts risk assessments based on policy and control evaluations. Contributes to the development, review, implementation, and maintenance of the organization's information security awareness program. Assists in effort to collaborate with HR and Corporate Communication teams to deliver security training and security awareness to associates and consultants.