Sr. Cyber Security Risk Expert (Hybrid)

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Systems, or related field. If the degree is not in the applicable field, then 4 additional years of related experience is required.
• 13+ years of experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocols.
• Strong knowledge of automation coding, to automate data extrapolation, organization and dissemination, to meet the needs of the organization.
• Ability to review, investigate and assign cybersecurity vulnerabilities, for a variety of applications, systems and hardware, including cloud computing.
• Proficiency in successfully evaluating and supporting documentation, validation and remediation processes required to ensure new and existing information technology (IT) systems meet the organization's vulnerability remediation expectations and requirements.
• Demonstrated ability to review and understand security blueprints, principles, models, designs, standards, and guidelines to ensure enterprise cybersecurity remediation support is consistent and beneficial to the organization.
• Proven experience with vulnerability remediation and remediation processes and efforts, as well as remediation tools.
• Ability to serve as subject matter expert (SME) for the VRM process, including providing guidance to stakeholders, business units and new CISO resources, as necessary.
• Strong organizational skills and ability to build and maintain schedules and step-by-step action plans.
• Effective communication and collaboration skills to work with cross-functional teams, business units, stakeholders and IT professionals, and to conduct presentations to varying audiences and technical knowledge levels.
• Must be a US Citizen and able to obtain a Position of Public Trust Clearance.
• Be able to pass a drug screening, criminal history, and credit checks.
• Must have lived in the United States for the past 5 years.
• Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)

Responsibilities

• Design, administer, and execute procedures for identification, assessment, documentation, and communication of risks that could compromise the data and operations stemming from weaknesses in technology platforms, solution architectures, governance processes, and security capabilities, against industry standards and best practices.
• Provide recommendations to improve and sustain the security of the enterprise's data and operations and document the organizational risk response plan (accept, mitigate, transfer, or avoid).
• Monitor, report on, and validate, the status and efficacy of risk mitigation, transfer, or avoidance plans.
• Demonstrate expert-level knowledge and proficiency with ServiceNow (SNOW) Vulnerability Response (VR) and generally associated modules, including but not limited to the following skills, abilities and knowledge: General: Deep understanding of SNOW platform’s core functionalities and components, including forms, MID servers, tables, dashboards and access control lists (ACLs) Scripting: Proficiency in rules and scripting (e.g., JavaScript), adequate to develop, test and deploy Integrations: Proficiency to develop and troubleshoot VR integrations, including knowledge of APIs and service graph connectors Dashboarding: Proficiency in designing and developing VR-focused dashboards and reports
• Design and administer procedures within the organization to sustain the security of the organization’s data and access to its technology and communication systems.
• Assess the risk of exposure of proprietary data through weaknesses in platforms, access procedures and forms of access, to the organization’s systems and data contained within.
• Review, collate, understand and present data, from various sources, to meet the remediation needs and expectations of the organization.