Write security control implementation statements, specifically documenting Microsoft 365 implementation.
Perform security scans, review scan results, and provide application architecture consultation.
Protect the organization's information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording and destruction.
Manage security initiatives for cloud-based environments, with a strong emphasis on Microsoft Azure, O365, and Intune.
Conduct and maintain vulnerability scanning on networks; systems and applications.
Produce actionable; risk-based reports on security assessment results.
Assist with vulnerability remediation when necessary.
Continuously improve risk models; metrics; reports; processes; and activities.
Provide information security solutions compliant with the Risk Management Framework (RMF).
Collaborate with the customer security organization to ensure RMF processes are followed, policy is translated to operational procedures, proper tools are leveraged and verification that security policy and procedures are enforced.

Bachelor’s degree in Information Security, Computer Science, or a related field (or equivalent experience).
At least 5 years of experience in information security, with a focus on cloud security.
Deep knowledge and hands-on experience with Microsoft Entra, Intune, Defender, Security Center, Sentinel, Azure, Office 365 (O365).
Familiarity with security frameworks and monitoring tools.
Experience managing vulnerability mitigation and information security process in an enterprise environment.
Proven ability to Lead customer-facing reporting and negotiation activities.
Ability to produce and disseminate reports for vulnerability assessments and compliance reporting.
Ability to learn complex computing environments quickly.
Broad understanding of all aspects of IT and enterprise systems interoperability.

Information Systems Security Officer

Key skills