This position will be responsible for the implementation of security measures and monitor the effectiveness of IT controls for security. This position participates in raising the level of security awareness among employees, works to assess branch facilities for security, works with external vulnerability assessments and auditor activities, and assists with security policies, activities, standards and mitigation of information security risks.
Essential Duties and Responsibilities
Using independent judgment and discretion, responsible for tracking enterprise compliance across several security frameworks including NIST and SCF.
Respond to client third-party assessment requests to facilitate business transactions and maintain strategic business relationships.
Observe third-party risk assessments and assist in internal assessments.
Collaborate on IT projects to make sure that security policy/risk issues are being handled.
Develop, define and execute metrics to track and ensure compliance with policies/standards.
Aid the development of security processes and procedures and manage security controls.
Engage in the development of security and privacy awareness training.
Perform information security assessments, compliance gap analyses, and risk assessments
Build information security programs
Develop written information technology and security policies and procedures
Work directly with clients to provide advisory services and guidance that will reduce organizational risk, improve their overall security posture, and achieve compliance
Prepare reports and other deliverables that contain strategy, technical analysis, findings and recommendations
Supervisory Responsibility
This position has no supervisory responsibilities.
Travel Requirements
Travel Requirements: Less than 25%
Education
Minimum/Preferred Education Description
Minimum 4 Year / Bachelors Degree in a related field
Minimum Certification One or more of the following Certifications: CISSP, CRISC, CISA, CCNP, CISM or other equivalents
Experience
Minimum Years of Experience Description
3 experience in Information & Network Security or IT Compliance.
2 experience in a computer field such as networking, software engineering, or data analytics
Knowledge, Skills, and Abilities
Ability to write solution workflow diagrams, system documentation, playbooks, etc.
Strong analytical skills
Excellent written and verbal communications skills, including presentational skills
Ability to work with others in both individual and team settings.
Understanding of or experience with industry and regulatory standards, including NIST 800-53, HIPAA Security Rule, ISO 2700x, AICPA SOC 2, PCI DSS, GDPR, CCPA
Working knowledge of network, system, database, and application-level security.
Prior experience auditing and performing quality control actions of audits.
Experience with GRC tools for information gathering and reporting
Working Conditions and Physical Requirements
Able to sit/ stand for a long period of time in an office environment
Dexterity of hands and fingers to operate a computer keyboard, mouse, tools, and to handle other computer components
Regular and predictable attendance required.
Positive attitude, team player, good interpersonal communication skills and able to work across company departments.
Disclaimer
This position has access to highly confidential, sensitive information relating to the employees, customers, and technologies of Sorenson Communications and CaptionCall. It is essential that applicant possess the requisite integrity to maintain the information in strictest confidence.
Equal Employment Opportunity:
CaptionCall and Sorenson Communications are an EOE, Disability/Age Employer.