Engineer, Information Security GRC

About The Position

Requirements

• University degree in Information Security, Engineering, MIS, CIS, or related discipline
• 3+ years of relevant work experience
• Experience in Cybersecurity Framework (such as NIST, COBIT)
• Experience with Regulatory Compliance
• Excel, Workflow automation tools, Data collection, normalization, indexing, correlation, and visualization. Scripting, regular expressions, string-parsing, light SDLC, and project management. NIST Cyber Security Framework, CIS, and GRC Platforms.

Nice To Haves

• Experience with Systems Administration and/or IP Networking is a plus
• Experience in an exchange, trading facility, or financial services a plus
• Experience in Customer communication and Vendor evaluation
• Experience with senior management and board metrics generation and communication
• Advanced certifications (for example, the CISSP)
• Advanced technical writing and/or communication education and experience

Responsibilities

• Security Metrics – Uses automated and manual processes to produce regular reports communicating the status of the Information Security program
• Policies and Procedures – Maintains corporate Information Security policies and departmental procedures and maps them to relevant control standards
• Regulator, Audit, and Customer Inquiries – Organizes and updates departmental documentation and responds to inquiries in an organized and repeatable fashion
• Recertification – Operates periodic processes to ensure hire, transfer, and termination protocols are complied with and regular access reviews are conducted
• Security Awareness – Builds and maintains company awareness and education programs
• Risk Assessment – Builds and operates the company platform to document, measure, and report assessments, risks, controls, findings, and remediation activity