Title: Security Specialist
Job ID: AB17299099
Our client is undergoing a large-scale digital transformation involving the replacement of core technology and cybersecurity services are required to support the transition to new platforms, applications and services. Additionally, core Cybersecurity capabilities are needed to be enhanced irrespective of any digital transformation activities.
This person must have experience in a wide range of subject areas of Cybersecurity including: Security Risk Assessments and Risk Management, Security Engineering, Security Operations, and Security Governance.
What you will be doing:
- Conduct Cybersecurity Risk Assessments and subsequent risk management activities to manage risks arising from CRAs.
- Develop and manage security awareness training and phish test campaigns.
- Manage exceptions to cybersecurity policy and underlying cybersecurity standards.
- Participate in cybersecurity incident response activities, from initial response, containment/eradication, all the way to recovery and post-incident.
- Deploy leading cybersecurity technologies and solutions based on experience with such technologies and underlying foundational technologies (such as but not limited to Windows®, AD, cloud and SCCM).
- Applies cybersecurity best practices throughout the organization based on discoveries made through day-to-day activities.
- Analyze application security test results from the development and test teams and provide cybersecurity subject matter expertise on how to address results.
- Drive the remediation of Identity Access Management/IAM activities around privileged accounts, password policies, least privilege, and need-to-know.
- Drive Data Loss Prevention/DLP activities in assessing Crown Jewels and establishing security controls to monitor and protect these assets.
- Draft cybersecurity standards to facilitate the organization completing its suite of cybersecurity standards which support its overall cybersecurity policy.
- Develop strategies to integrate various threat intelligence sources into the internal cybersecurity ecosystem, and implement said strategies.
- Review agreements between the organization and third parties from a cybersecurity perspective to ensure that agreements satisfy requirements.
- Collaborate with the IT team to drive the cybersecurity program forward from delivery and operational perspectives.
Things you need to have:
- Ability to act independently with minimal supervision for the described activities above.
- Cybersecurity jack-of-all trades – broad knowledge of the various domains of cybersecurity and experience with those activities. Ability to pivot from one activity to another quickly, and manage activities based on risk/priority.
- Knowledge of the following technologies and processes, and best practices on how to deploy and utilize: Endpoint Detection and Response/EDR, SIEM, IDS/IPS, firewalls, vulnerability management, application security, web application firewalls, VPN, IAM
- Process re-design and optimization – revamping or creating a new process from scratch to support cybersecurity activities that will strengthen the overall security posture of organization
- Experience using leading cybersecurity frameworks and standards (such as but not limited to NIST, ISO 7002, CIS, PCI-DSS).
- In-depth knowledge and understanding of complex technology ecosystems (such as but not limited to applications, middleware, data, infrastructure, network and web.).
- Understanding of foundational IT concepts that extend into cybersecurity (such as but not limited to asset management, identity management, patching and development/coding).
- Excellent written and oral communication and presentation skills to present complex and highly technical issues, IT strategies and solutions to non-technical audiences.
- Ability to develop and manage relationships. Deliver “bad news” in cybersecurity concerns to stakeholders, while maintaining a strong working relationship with the business.
- Adding value – provide recommendations and solutions to assist stakeholders in addressing cybersecurity risks.
- Ability to project manage a variety of initiatives from internal remediation initiatives within IT and cybersecurity to the delivery of technologies and solutions from vendors.
- Cybersecurity certifications/designations are a plus.
For more information about TEEMA and to consider other career opportunities, please visit our website at www.teemagroup.com