Information Security Risk Management Specialist
Harris Computer
- Florida
- Permanent
- Full-time
- Perform risk and security assessments of applications, databases, and servers and supporting network technologies, such as routers, switches, access points, to identify, evaluate, and prioritize risks.
- Responsible for security controls, processes and architecture consultation, design and monitoring.
- Responsible for overall access control risk management including but not limited to auditing current access controls to identify potential risks, making recommendations for improvement in security and tracking remediation.
- Responsible for conducting risk assessments against various regulatory compliance such as HIPAA, PCI, etc. and industry recognized security frameworks.
- Develop and execute corrective action and remediation plans for identified issues, risks or vulnerabilities.
- Analyze and assess security incidents and escalate incidents by following incident plan.
- Develop and maintain standard practices and procedures for appropriate response to identified threats.
- Monitor activities and events to detect, classify and act upon anomalous behavior appropriately in a timely manner.
- Assess potential risks and vulnerabilities to develop baselines and assist with response to deviations.
- Work with IT teams to solve information security system problems and issues in a timely and accurate manner.
- Assess emerging technologies against security architecture to determine where they fill gaps, overlap with existing solutions or extend capabilities.
- Participate in annual security audits, incident response exercises, security reporting, audit and compliance support.
- Work with the information security team to provide security incident escalation support and remediate security issues.
- Perform reviews and assessments of security controls before hardware/software is migrated to production.
- Work with business units to ensure vendors are reviewed through the vendor risk management process and are in compliance with applicable regulations and standards.
- Develop and maintain risk registers and other risk management documentation.
- Monitor and report on the effectiveness of risk mitigation strategies and plans.
- Support the development and testing of disaster recovery and business continuity plans.
- Oversee security awareness program, including phishing campaigns, periodic training and tracking compliance.
- Minimum of 5 years of experience in IT security risk management, a security operations center and/or system administration role.
- 3 years of experience assessing security controls and processes, vulnerabilities, regulatory and legal changes, and security standards that may impact the security of systems or data.
- Hands on experience managing security and governance, risk and compliance tools.
- Ability to write security requirements and design documents.
- Experience in access control and identity management for on premise and cloud environments.
- Bachelor’s degree in Computer Science, Information Systems, Network Security Engineering or related major or equivalent work experience.
- CISSP, CRISC, CISA or equivalent certifications would be considered an asset.