Engineer, Information Security GRC

• Preventing impactful cybersecurity and physical security incidents,
• maintaining a reputation with customers, regulators, and key stakeholders as running a best-in-class cybersecurity and physical security program, and
• avoiding negative impact to business agility and growth from cybersecurity and physical security policies and controls.

• Security Metrics – Uses automated and manual processes to produce regular reports communicating the status of the Information Security program
• Policies and Procedures – Maintains corporate Information Security policies and departmental procedures and maps them to relevant control standards
• Regulator, Audit, and Customer Inquiries – Organizes and updates departmental documentation and responds to inquiries in an organized and repeatable fashion
• Recertification – Operates periodic processes to ensure hire, transfer, and termination protocols are complied with and regular access reviews are conducted
• Security Awareness – Builds and maintains company awareness and education programs
• Risk Assessment – Builds and operates the company platform to document, measure, and report assessments, risks, controls, findings, and remediation activity

• University degree in Information Security, Engineering, MIS, CIS, or related discipline
• 3+ years of relevant work experience
• Experience in Cybersecurity Framework (such as NIST, COBIT)
• Experience with Systems Administration and/or IP Networking is a plus
• Experience with Regulatory Compliance
• Experience in an exchange, trading facility, or financial services a plus
• Experience in Customer communication and Vendor evaluation
• Experience with senior management and board metrics generation and communication
• Advanced certifications (for example, the CISSP)
• Advanced technical writing and/or communication education and experience

Black Knight