IT Security Engineer III

Job Description

Position Summary:

As a member of the Corporate Infrastructure and Security - Risk & Assessments team, the Security Engineer is responsible for:

• Providing key input and assistance in the development and implementation of a global cybersecurity risk management program
• Maintaining and executing the risk management policy throughout the entire risk lifecycle
• Executing various risk analysis processes within the team including intake and analysis of reported risks, risk management, and ensuring teams are properly managing plans to reduce or eliminate risk
• Ensure consistency of security practice and standards across the organization
• Conduct Information Security assessments including and documenting controls, identifying potential gaps and or inconsistencies and making sound recommendations for improvement and/or migration
• Collaborate on the technical definitions and oversee implementation of security controls and requirements for systems, infrastructure and solutions
• Provide consultative advice ensuring security design for systems aligns with business needs and the company's security posture
• Cultivate and maintain strong working relationships with IT teams, Legal, Privacy, and Internal Audit.

• Intake and analysis of identified cyber security issues and risks from a variety of sources including security assessments, compliance checks, automated vulnerability systems, and other internally or externally reported risks.
• Complete analyses and reports to develop a comprehensive view of risk across the company.
• Assist and track for accurate risk measurement and response activities, provide necessary information and analysis to help business leaders prioritize risks
• Review and track action plans developed by risk owners and ensure plans are completed appropriately
• Perform ad-hoc risk analysis as assigned
• Review and advise on internal security capabilities in the context of negotiations with customers or auditors.
• Perform other duties as assigned.

• 5+ years' experience in risk analysis, information risk management, , data privacy, information technology, or equivalent with exposure to cybersecurity and/or information security risk.
• Bachelor's Degree in Risk Management, Information Assurance, Information Security, Cybersecurity, IT, Law or Data Privacy or equivalent work experience.
• Experience with risk analysis.

• Ability to explain complex risk management topics to a broad audience
• Understanding of relevant industry frameworks such as ISO 27001 series, NIST 800-53, FISMA and others
• General understanding of cybersecurity technologies and controls with the ability to bridge the gap between governance and technical concepts
• Excellent writing skills, with experience as a writer or technical editor is considered a plus
• Demonstrated ability to complete work with minimal direction and self-identify tasks
• Excellent written and oral communication skills with experience presenting to senior leadership
• Strong interpersonal, organizational, and excellent documentation skills
• Excellent customer service skills
• Relevant certifications such as CRISC, CISSP or CISA are considered a plus
• Experience of various risk management frameworks such as the NIST Risk Management Framework or Center for Internet Security Risk Assessment Methodology will be considered plus.

• Customer service mindset
• Strong attention to detail, organizational skills, time management
• Excellent verbal and written communication skills
• The ability to interact professionally with a diverse group: executives, managers, and subject matter experts.
• Ability to take direction and independently work through projects as required