Information Security Specialist

Role: Information Security – Lead/Sr. Lead/ Associate Manager

Department: Information Security

Experience: 7-9 Years

Roles & Responsibilities:

• as the primary point of contact for client security-related issues, escalating and resolving technical client escalation issues.
• as the Client Assurance Subject Matter Expert (CA SME) in collaboration with the Service Management (SM) team.
• in and host client meetings to review deliverables, discuss requests, and provide high-level security expertise and support on existing controls and frameworks.
• with client management aspects, including questionnaires, timely response to client queries, and concerns.
• technical client escalation issues before reaching the Director CA, documenting and mitigating future escalations.
• technical support during the entire audit process, including following up on audit findings for remediation.
• collect, document, and store evidence needed for client audits.
• SMEs from different business units through quarterly meetings.
  
• client security control requirements to the SM team through regular training sessions.
• engage SMEs to update the evidence library with new information.
• FAQs for all business units annually and update with the latest information.
• and maintain customer-facing Security overview presentations.
• new vulnerabilities from external sources, internal penetration tests, or client notifications.
• the impact of vulnerabilities and generate initial communications for clients.
• real-time vulnerability calls for urgent issues and follow up on remediation progress.
• and respond to technical issues raised by the RFP team.
• SharePoint folders for easy access to information and evidence.
• Jira updates and maintain accuracy in the CA confluence space.
• and update the Client Assurance Standard Operating Procedure after consulting with the team.
• SME support for client audits in collaboration with the CA Service Management team.
• teams on security controls and processes monthly, storing sessions in an easily accessible location.
• the Service Management team on updates and new developments in the security space.
• training opportunities from SMEs for the team to learn different security controls.
• the annual review with Compliance of company-wide Security information presentations.
• client-facing teams in sales meetings and client communications requiring security specialist support.
• with urgency for fast turnaround in competitive situations.

  Looking to get Placed? Try our Placement Guarantee Plan

  Get Hired
• in SOC operations threat tracking.
• in incident management, change control meetings, and cloud migration initiatives.

Requirements:

• to prioritize tasks, make quick decisions, and a strong understanding of security controls and governance.
• degree in computer science, Engineering, Information Systems, Business, or other Information security disciplines OR 7+ years of relevant professional experience in Information Security or IT Risk Management.
• relevant information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) and GRC tools.
• of legal and regulatory compliance standards and requirements against data and IT, including, CIS, FERPA, Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST, and COBIT.
• the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization; Excellent interpersonal, verbal, and written communication, including good presentation skills.
• multi-task, communicate clearly, learn new technologies and processes, and provide support to process/solution owners.
• drive projects focused on continuous improvement and efficiencies in the organization. Is someone who takes initiative and doesn’t require continuous monitoring.
• to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• to understand technology, management, and leadership issues related to organization processes and problem-solving.
• of new and emerging information technology (IT) and cybersecurity technologies.
• of information security program management and project management principles and techniques.
• of products that protect systems, such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring, and logging mechanisms, etc.