Conduct comprehensive risk assessments of technology systems, applications, and infrastructure to identify potential threats, vulnerabilities, and impacts on business operations.
Understand and apply security policies and standards to identify gaps and ensure compliance.
Review and sign off on application security measures during the software development lifecycle.
Ensure security requirements are integrated into the DevOps pipeline and security tests.
Consult with business, engineering, and architect teams to integrate security practices into their workflows.
Provide domain expertise in security incident investigations and response.
Ensure each information risk assessment completed is peer-reviewed & communicated to larger distribution to various partners.
Deliver training to key team members around the IRM processes.
Respond to audits, regulatory reviews, risk, and controls self-assessments.
Stay up to date on the latest security trends, threats, and technologies. Evaluate existing processes to redefine processes.
Requirements
Experience in cloud security, application security, and data protection.
Familiarity with DevOps pipelines and security testing methodologies.
5+ years of experience in a combination of relevant technical disciplines in the field of Information Security: network security, application security, identity and access management, IT operations security, vulnerability management, information protection, physical security, cybersecurity.
5+ years of IT/Information Risk management experience: vendor risk management, project risk management, IT audit or IT controls assessment.
Deep knowledge of cloud computing security and IaaS, PaaS, or SaaS environments.
Knowledge of security frameworks, regulatory requirements and standards.
Excellent business communication to lead presentation, facilitate discussion across all levels and audiences.
Influence behavior to reduce risks and foster a strong information security risk management culture.
Problem solving, analytical, and establish new way/processes to improve.
Collaborative with a coaching and development approach.
Strong time management and organizational skills to manage multiple tasks and changing priorities.
Tech Stack
Cloud
Cyber Security
Benefits
health, dental, mental health, vision, short
and long-term disability, life and AD&D insurance coverage
adoption/surrogacy and wellness benefits
employee/family assistance plans
various retirement savings plans (including pension and a global share ownership plan with employer matching contributions)
financial education and counseling resources
generous paid time off program including holidays, vacation, personal, and sick days