REQUIREMENTS: Bachelor's or foreign equivalent degree in Information Systems, Computer Science, Computer Applications,or a related field, and 8 years of experience in the job offered or as a Security Specialist, Systems Engineer, and Security Engineer, or in a related/similar position. Experience therein to include 8 years of experience in security analysis and risk management. Experience therein to include 4 years of experience in IT Compliance Management using PCI DSS, CIS, and ISO27001. Experience therein to include 3 years of experience in Vulnerability Management using Nessus and Incident Response Management using EDR and SIEM. Experience therein to include 2 years of experience with Identity and Access Management using MS Active Directory and Azure AD.

In lieu of a Bachelor's degree, employer will accept 10 years of experience in security analysis and risk management. Experience therein to include 6 years of experience in IT Compliance Management using PCI DSS, CIS, and ISO27001. Experience therein to include 5 years of experience in Vulnerability Management using Nessus and Incident Response Management using EDR and SIEM. Experience therein to include 4 years of experience with Identity and Access Management using MS Active Directory and Azure AD.

REFER TO: Job code VENJ- I

#xind

#LI-DNIREQUIREMENTS: Bachelor's or foreign equivalent degree in Information Systems, Computer Science, Computer Applications, or a related field, and 8 years of experience in the job offered or as a Security Specialist, Systems Engineer, and Security Engineer, or in a related/similar position. Experience therein to include 8 years of experience in security analysis and risk management. Experience therein to include 4 years of experience in IT Compliance Management using PCI DSS, CIS, and ISO27001. Experience therein to include 3 years of experience in Vulnerability Management using Nessus and Incident Response Management using EDR and SIEM. Experience therein to include 2 years of experience with Identity and Access Management using MS Active Directory and Azure AD.

In lieu of a Bachelor's degree, employer will accept 10 years of experience in security analysis and risk management. Experience therein to include 6 years of experience in IT Compliance Management using PCI DSS, CIS, and ISO27001. Experience therein to include 5 years of experience in Vulnerability Management using Nessus and Incident Response Management using EDR and SIEM. Experience therein to include 4 years of experience with Identity and Access Management using MS Active Directory and Azure AD.

RATE OF PAY: $140,650 per year.

REFER TO: Job code VENJ- I

#xind

#LI-DNINotice of Filing of Application for Alien Employment Certification

This Notice is being provided as a result of the filing of an application for permanent alien labor certification for the position shown below. Any person may provide documentary evidence bearing on the application to the Certifying Officer, U.S. Department of Labor, Employment and Training Administration, Office of Foreign Labor Certification, 200 Constitution Avenue, NW, Room N-5311, Washington, DC 20210, Telephone: (202) 513-7350, Fax: (202) 513-7395

EMPLOYER: Overhead Door Corporation

JOB TITLE: Governance, Risk, and Compliance-Analyst

LOCATION: Lewisville, TX

DUTIES: Assess and document company compliance and risk posture as it relates to information assets. Provide highly skilled technical and information security (IS) expertise for the development and implementation of the IS risk management program. Ensure effective system-wide security analysis, intrusion detection, standards and testing, and risk assessment. Monitor the organization's networks for security breaches and remediate. Drive security awareness and education, and develop policies, standards, and guidelines. Guide the security and compliance team members in understanding the relevant security frameworks and their adaptability, help design the security systems and strategy, lead the creation and maintenance of policies, standards, baselines, guidelines, and procedures and conduct vulnerability audits and other technical assessments. Develop and participate in incident management and system investigation efforts within established protocols and legalities. Lead the development and implementation of the system-wide risk management function of the IS program to ensure IS risks are identified and monitored. Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the organization's information and technology systems. Lead the system-wide IS compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations. Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure IS and compliance with relevant legislation and legal interpretation. Execute strategy for dealing with the increasing number of audits, compliance checks, and external assessment processes for internal/external auditors, Third-Party Risk Assessments, PCI DSS, NIST 800-53/CSF, Secure Controls Framework (SCF), HIPAA, Data Privacy Laws and Regulations, and ISO27001. Assess computer hardware, software, and systems for security risks or violations and work with extended IT teams, business users, and technology vendors to recommend solutions. Develop and execute incident response plans including incorporating lessons learned into the enterprise security strategy and initiatives roadmap, identify the root cause, drive mitigation to prevent future occurrences, develop monitoring and visibility capabilities, and report on incidents, vulnerabilities, and trends. Monitor organization's networks for security breaches, investigate and mitigate using the security tools such as Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM). Assist in mitigating future risks and closing gaps through analysis of recurring incident trends, and maintain incident metrics and assist in reporting to leadership. Provide advice, evaluation, and oversight for IS training and awareness programs, and conduct phishing, social engineering, and tabletop exercises to simulate threats. Enforce the company's security policies and mitigate security risks to preserve confidentiality, integrity, and availability of systems. Review systems and processes for compliance with IS standards. Perform security assessments using network scanning tools such as Nessus to identify, prioritize, document, and communicate findings to relevant stakeholders. Assist with the delivery of KRIs and KPIs by collecting and translating relevant threat, vulnerability, and risk data into insight.EMPLOYER: Overhead Door Corporation

JOB TITLE: Governance, Risk, and Compliance-Analyst

LOCATION: Lewisville, TX

DUTIES: Assess and document company compliance and risk posture as it relates to information assets. Provide highly skilled technical and information security (IS) expertise for the development and implementation of the IS risk management program. Ensure effective system-wide security analysis, intrusion detection, standards and testing, and risk assessment. Monitor the organization's networks for security breaches and remediate. Drive security awareness and education, and develop policies, standards, and guidelines. Guide the security and compliance team members in understanding the relevant security frameworks and their adaptability, help design the security systems and strategy, lead the creation and maintenance of policies, standards, baselines, guidelines, and procedures and conduct vulnerability audits and other technical assessments. Develop and participate in incident management and system investigation efforts within established protocols and legalities. Lead the development and implementation of the system-wide risk management function of the IS program to ensure IS risks are identified and monitored. Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the organization's information and technology systems. Lead the system-wide IS compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations. Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure IS and compliance with relevant legislation and legal interpretation. Execute strategy for dealing with the increasing number of audits, compliance checks, and external assessment processes for internal/external auditors, Third-Party Risk Assessments, PCI DSS, NIST 800-53/CSF, Secure Controls Framework (SCF), HIPAA, Data Privacy Laws and Regulations, and ISO27001. Assess computer hardware, software, and systems for security risks or violations and work with extended IT teams, business users, and technology vendors to recommend solutions. Develop and execute incident response plans including incorporating lessons learned into the enterprise security strategy and initiatives roadmap, identify the root cause, drive mitigation to prevent future occurrences, develop monitoring and visibility capabilities, and report on incidents, vulnerabilities, and trends. Monitor organization's networks for security breaches, investigate and mitigate using the security tools such as Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM). Assist in mitigating future risks and closing gaps through analysis of recurring incident trends, and maintain incident metrics and assist in reporting to leadership. Provide advice, evaluation, and oversight for IS training and awareness programs, and conduct phishing, social engineering, and tabletop exercises to simulate threats. Enforce the company's security policies and mitigate security risks to preserve confidentiality, integrity, and availability of systems. Review systems and processes for compliance with IS standards. Perform security assessments using network scanning tools such as Nessus to identify, prioritize, document, and communicate findings to relevant stakeholders. Assist with the delivery of KRIs and KPIs by collecting and translating relevant threat, vulnerability, and risk data into insight.