This is an 18 months contract, Work From Home.
The Sr. Information Security Advisor is aligned with a business unit and conducts and manages the Information Security Risk Assessment and review process, reviews security contracts, conducts suppliers risk assessments, advises on secure software development practices, and reviews emerging security strategies. There is interaction with all Digital, Application Services, Enterprise Infrastructure, Architecture, Security Architecture, Legal, Compliance and Risk, Privacy, and external service providers and vendors.
The Sr. Information Security Advisor applies privacy and security laws and regulations and assists business units with compliance matters as they relate to Information Security. The key role in this process is to gather technical information for analysis and to make recommendations for action.
· Ensuring alignment with Information Security policies and directives with a specific focus on implementation of controls in applications and infrastructure services. Participates in Enterprise Technology Review Board, Architecture Leadership Council or similar processes for the Business Groups to ensure proper technical security controls on systems and applications and processes
· Suggesting ways to implement security requirements to protect Company information from intentional or accidental disclosure, modification, or destruction and improve overall Security. Performs research on issues as needed to ensure suggestions meet necessary business and regulatory requirements
· Consults broadly with the Business Groups and Enterprise Services using technical expertise to guide and influence implementation of security in wide or high-impact technology decisions and initiatives
· Supports a balanced approach for security controls and support of governance practices and approaches. Constantly promoting and advocating that adequate levels of control mechanism are in place.
· Provides the management team with an in-depth analysis of information security trends, the status of identified risks, penetration testing and vulnerability scan results, security incidents, current work activities, and work completed by the department. Provides preliminary recommendations to the management team on information security related risks.
· Participate in the security review and assessment program in support of the Information Security strategy. Plans and schedules specific security assessment of systems, vulnerability identification and assessment considering executive priorities and business needs and IT resources.
· Tracks information security related risks and corresponding action plans with dues dates to ensure that the issues are resolved. Work with the respective business and/or technology owner if dates are not met. Provides reports to the management team outlining the status of information security risks.
Minimum 7 years IT/Information, preferably with experience in areas of IT Security and/or Application and Technology management and support.
· In depth knowledge of IT Security principles, protocols, practices and industry standards
· Experience performing risk assessments of cloud based technologies such as Amazon Web Services (AWS)
· Strong understanding of existing and emerging IT Security technologies
· Strong abilities in all areas of communication, able to interface and negotiate with senior staff
· Advanced skills in report writing, project management
· Familiarity with contract wording and interpretation of security clauses
· Good technology generalist, with a good understanding of all aspects of technology
· Must be able to work with the business on a business perspective and interpret technical. context into common business language