This Job Vacancy has Expired!

Security GRC Specialist

Request Technology - Robyn Honquest

Posted on Jun 7, 2022 by Request Technology - Robyn Honquest

Chicago, IL 60601
IT
Immediate Start
$110k - $120k Annual
Full-Time

NO SPONSORSHIP

Security GRC Specialist II

You will support both internal and 3rd party risk management, GRC, ISO 27001, NIST, SOC. Prefer a person who came up technical in security, intrusion detection, intrusion prevention, vulnerability assessment, forensic investigation, privileged access management. certification a big plus

The Security GRC Specialist II serves on the Governance, Risk Compliance (GRC) team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management.

Qualifications

  • Bachelor's degree or five (5) years of work experience in IT Security is required.
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
  • Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required
  • Prior IT Security experience in the legal industry experience is preferred.
  • Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred.
  • Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred.
  • Three or more years of experience managing timelines and being self-directed preferred.
  • Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred.
  • Client focus, including tact and diplomacy is required.
  • Interview, gather, and understand content from subject-matter experts
  • Maintain accurate records and manage client security and risk requests
  • Ability to perform as primary Security Subject Matter Expert (SME).
  • Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
  • Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls.
  • Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents.
  • Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users.
  • Communicates succinctly and effectively
  • Strong organization and problem-solving skills required
  • Strong project and time management skills required
  • Strong reading comprehension skills required
  • Strong analytical ability with excellent written and verbal communication skills required
  • Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required
  • Ability to work independently and as a group member is required
  • SharePoint administration is preferred for team Intranet site management

Technologies/Software

  • Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options.
  • Strong knowledge of risk management principles and practices.
  • Strong knowledge of security administration and role-based security controls.
  • Strong knowledge and use of GRC platforms.
  • Knowledge of host and network-based anti-malware technologies.
  • Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote.
  • Knowledge of client and server Firewalling technologies and capabilities.
  • Knowledge of security event management (SIEM), event correlation and analysis technologies.
  • Knowledge of data encryption technologies.
  • Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
  • Knowledge of web filtering and email SPAM prevention techniques.
  • Knowledge of vulnerability assessment and forensic investigations tools.
  • Knowledge of mobile device security and Mobile Device Management solutions.
  • Knowledge of Privileged Access Management technologies.

Certificates, Licensures, Registrations

  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.

Reference: 1621175415

Set up alerts to get notified of new vacancies.