What is your mission?

We are looking for someone who will also assist in developing, deploying, and maintaining the organization's information security strategy. In the event of a security incident or breach, you will be part of the IT Security Incident Response Team, contributing to incident management and resolution.

You will provide the best service to our partner client by performing these tasks:

Information Security Management

• Conduct regular security assessments and vulnerability scans to identify potential risks and weaknesses in our information systems.
• Implement and maintain security controls to protect against unauthorized access, data breaches, and other security threats.
• Monitor security events and incidents, analyze security logs, and respond to security breaches promptly.
• Assist in the development and enforcement of security policies, procedures, and guidelines.
• Collaborate with IT teams to ensure secure configurations of systems, applications, and network devices.
• Stay up-to-date with the latest security technologies, trends, and best practices to continually improve our security posture.

Compliance and Regulation

• Ensure compliance with relevant industry standards, laws, regulations, and contractual obligations (e.g., GDPR, HIPAA, ISO 27001, PCI DSS).
• Conduct compliance assessments and audits to validate adherence to security standards and requirements.
• Prepare reports and documentation for internal and external stakeholders to demonstrate compliance.
• Collaborate with legal and regulatory affairs teams to interpret and implement applicable data protection and privacy laws.
• Provide guidance to internal teams on compliance-related matters and assist in remediation efforts when needed.

Risk Assessment and Mitigation

• Identify, assess, and prioritize information security risks based on the potential impact and likelihood of occurrence.
• Develop risk mitigation strategies and recommendations to enhance overall security posture.
• Work with business units to ensure that security measures align with business objectives and are properly integrated into their processes.

Training and Awareness

• Conduct security awareness training sessions for employees to promote a security-conscious culture.
• Educate staff on security policies, best practices, and procedures to reduce human-related security risks.

Incident Response and Forensics

• Participate in incident response activities and support investigations into security incidents.
• Assist in collecting evidence, conducting forensic analysis, and preparing incident reports.

 
Who are we looking for?

• At least 5 years experience in cybersecurity or information security.
• Bachelor’s degree in computer science, Information Technology, or a related field. Relevant certifications such as CISSP, CISA, or CISM are a plus.
• Proven experience in information security, compliance, or a related field.
• Strong knowledge of security frameworks, such as NIST, CIS, or ISO 27001.
• Familiarity with regulatory requirements and privacy laws (e.g., GDPR, HIPAA, CPPI, CPPA etc.)
• Understanding of risk assessment methodologies and risk management practices.
• Experience with security tools and technologies, such as firewalls, IDS/IPS, SIEM, etc. 
• Excellent analytical and problem-solving skills with attention to detail.
• Effective communication and collaboration skills to work with cross-functional teams.
• Ability to stay abreast of industry trends and emerging security threats.
• Experience handling and protecting information at a variety of sensitivity levels.
• Understanding of laws and standards such as FISMA, GLBA, FERPA, PCI DSS, ISO, and NIST.
• Experience in Privacy Management and regulation. 
• Experience with AWS (Amazon Web Services) and Azure Cloud. 
• Experience with Firewalls, Load Balancers, WAFs, VPN concentrators.
• Experience with hardening standards for servers, desktops, laptops, networking devices.
• Experience with security tools and technologies, such as firewalls, IDS/IPS, SIEM, etc.
• Experience with Pen Tests and Vulnerability Scans. 
• Understanding of malware, network threats, attack vectors, incident response.
• With experience in information security issues in an open, highly distributed network environment.
• With experience in enterprise intrusion prevention systems.
• Knowledgeable in the secure use and system administration of desktop and server operating systems.
• With experience with internet protocols and data formats (HTTP, TLS, SSL, HTML, and XML) 
• With experience in database technologies such as Elasticsearch, SQL, or Oracle.  
• With experience in Identification and authentication technologies.
• Knowledge of cloud, container-based and virtualization architectures.
• With knowledge in Encryption techniques, algorithms, and approaches.
• With experience in SUMO – SIEM platform.
• Has the ability to execute excellent problem-solving solutions and must be analytical.
• Experience in securing containerized environments (Docker, Kubernetes).
• Knowledge of DevSecOps and automation tools.
• Experience with zero-trust architecture and identity management solutions.
• Higher education or government agency information security experience.
• Master’s degree in Cybersecurity or a related field is a plus.