Compliance and Regulation:
· Ensure compliance with relevant industry standards, laws, regulations, and contractual obligations (e.g., GDPR, HIPAA, ISO 27001, PCI DSS).
· Conduct compliance assessments and audits to validate adherence to security standards and
requirements.
· Prepare reports and documentation for internal and external stakeholders to demonstrate compliance
· Collaborate with legal and regulatory affairs teams to interpret and implement applicable data protection and privacy laws.
· Provide guidance to internal teams on compliance-related matters and assist in remediation efforts when needed.
Risk Assessment and Mitigation:
· Identify, assess, and prioritize information security risks based on the potential impact and likelihood of occurrence.
· Develop risk mitigation strategies and recommendations to enhance overall security posture.
· Work with business units to ensure that security measures align with business objectives and are properly integrated into their processes.
Training and Awareness:
· Conduct security awareness training sessions for employees to promote a security-conscious culture.
· Educate staff on security policies, best practices, and procedures to reduce human-related security risks. Incident Response and Forensics:
· Participate in incident response activities and support investigations into security incidents. · Assist in collecting evidence, conducting forensic analysis, and preparing incident reports.
JOB SKILLS AND TRAITS
· Experience in Privacy Management and regulation. GDPR, CPRA, CCPA, etc.
· Experience with AWS and Azure Cloud.
· Experience with Firewalls, Load Balancers, WAFs, VPN concentrators.
· Experience with hardening standards for servers, desktops, laptops, networking devices.
· Experience with Pen Tests and Vulnerability Scans.
· Understanding of malware, network threats, attack vectors, incident response.
· Information security issues in an open, highly distributed networked environment.
· Enterprise Intrusion Prevention Systems.
· The secure use and system administration of desktop and server operating systems.
· Internet protocols and data formats such as HTTP, TLS, SSL, HTML, and XML.
· Database technologies such as Elasticsearch, SQL, or Oracle.
· Identification and authentication technologies.
· Knowledge of cloud, container-based and virtualization architectures.
· Encryption techniques, algorithms, and approaches.
Desired
• Higher education or government agency information security experience
• Experience handling and protecting information at a variety of sensitivity levels
• Understanding of laws and standards such as FISMA, GLBA, FERPA, PCI DSS, ISO, and NIST Information security certifications such as CISSP, CSFA, CEH, GWAPT, GPEN, etc, a plus
QUALIFICATIONS
· 5+ years experience in cybersecurity or information security
· Bachelor's degree in Computer Science, Information Technology, or a related field. Relevant certifications such as CISSP, CISA, or CISM are a plus.
· Proven experience in information security, compliance, or a related field.
· Strong knowledge of security frameworks, such as NIST, CIS, or ISO 27001.
· Familiarity with regulatory requirements and privacy laws (e.g., GDPR, HIPAA, etc.).
· Understanding of risk assessment methodologies and risk management practices.
· Experience with security tools and technologies, such as firewalls, IDS/IPS, SIEM, etc.
· Excellent analytical and problem-solving skills with attention to detail.
· Effective communication and collaboration skills to work with cross-functional teams.
· Ability to stay abreast of industry trends and emerging security threats.