Information Security Engineer

Yondr Group•Dallas, TX

About The Position

Our business is growing and we need an experienced Information Security engineer to join our Global Technology Security team with a proven track record of building/operating in a modern Information Security practice in a global organisation. You will have developed, managed and implemented information security controls and processes. This will involve a range of activities including consultative engagements, project-work, pro-active security testing, vulnerability management, auditing, reporting and investigations. You’ll be responsible for conducting risk assessment, policy creation and awareness training while staying up to date with other industry best practices. You’ll be hands-on with a variety of security technology and interact with various internal teams to lead and deliver best-in-class solutions in an exciting fast-paced environment. Dynamic, smart people and inspiring, innovative technologies are the norms here.

Requirements

Experience with regulatory and compliance standards; ISO27001, SOC2, PCI DSS
5+ years experience working as an information security professional within a medium to large sized global organisation
Proven experience implementing, maintaining and leading an effective information security control assurance programme
Strong stakeholder management and communication skills, including technical members of staff and senior non-technical business leaders
Applied working knowledge of networking principles and the OSI model to evaluate control effectiveness and support investigation of network‑based security incidents
Background in working with international organizations that provide 24x7x365 operations
Must understand OT, Network and Zero-trust architecture
Understanding of email security tools, vulnerability management, penetration testing and remediation
Strong analytical, troubleshooting, and problem-solving skills
Information Security, alongside significant knowledge and experience of Cyber security
Working knowledge of Microsoft Sentinel, Qualys, Microsoft Defender, Knowbe4 are essential.
Excellent verbal and written communication skills
Ability to manage multiple priorities and work independently or within a team environment

Nice To Haves

Exposure to Microsoft Purview, MDR services, UBA and IT/OT network environment are desirable
Relevant certifications preferred, such as: CISSP, Security+, CISA, CEH, GSEC, Microsoft Certifications

Responsibilities

Drive the evolution of the company’s Information Security standards to maintain best practice and alignment with corporate policies and regulatory requirements
Be hands on in managing and maturing our security technology and processes
Investigate and respond to information and cybersecurity incidents
Provide consultation and/or education as needed and drive the adoption of security as a value add/best practice
Work in partnership with stakeholders, to ensure all projects, changes, IT standards and procedures are compliant with Information Security Standards and Policies
Manage (third party) penetration testing and facilitate any subsequent remediation activities
Act as a subject matter expert on matters of Information security relating to Yondr
Conduct 3rd party risk assessments to ensure suppliers are aligned with our security standards and fall within our risk tolerances
Manage phishing platform, training and related reporting
Provide guidance and subject matter expertise on processes, controls, and objectives around audit and information security activities, best practices, and process improvements
Conduct vulnerability assessments, risk analyses, and remediation tracking to drive the attack surface management program
Conduct Identity and Access Management entitlement reviews of key platforms and applications
Engage in audits, compliance assessments, and regulatory security requirements
Maintain documentation related to security processes, incidents, and compliance requirements