Information Technology Security Specialist

Education and Qualifications

Bachelor's in computer science, Computer Engineering, Information Systems or related field or equivalent work experience

Up to 2 years of experience managing Information Security audits (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA)

Experience implementing security techniques, practices, and controls that can be applied to address risks

Experience operating as part of an Information security program in alignment with common information technology management frameworks such as ISO 27001, NIST, CIS, ITIL, COBIT, etc.

Strong written and verbal communication skills

Strong program management skills

Experience working closely with auditors and/or external regulators

Experience managing security tools

Key Responsibilities/Duties:

Maintain proactive ongoing compliance by utilizing GRC compliance tool to perform periodic security tasks and checks.

Liaison with Engineering/IT by coordinating requests for information and coordinating responses to any observations.

Monitor and analyze security systems to identify irregularities that can lead to potential threats.

Responsible for Incident Management, be readily available for: Incident documentation, ensure risk analysis and severity, manage containment, lead investigation, ensure proper notification protocol, conduct & document lessons learnt, Report on findings and to then communicate them to the client.

Conduct Vulnerability Management Program

Perform daily security health check procedures.

Support and monitor remediation efforts of audit findings and validate the closure by reviewing relevant evidence.

Provide actionable, technical advice to engineers to enhance security control design & effectiveness (including for cloud environments)