Security Policy Engineer
Posted on Nov 14, 2018 by Request Technology
- Serve as a subject matter expert for Information Security, consulting to technical management (serving on project teams, discussing application and systems architectures, etc), non-technical management (educating the user community on information security) and attorneys (eg litigation-related technical education) as necessary.
- Manage and support GRC technology and Security Governance solutions. Create and maintain system, procedural and support documentation.
- Manage and support the 3rd Party Security Vendor Risk Management program and life cycle. Document and perform Risk assessments as well.
- Vulnerability Management: collect information on emerging threats including software vulnerabilities. Coordinate triage of and response to vulnerability information. Disseminate this information regularly to firm staff and management as appropriate.
- Security Awareness: assist in coordination of the program, including development of awareness content, scheduling of awareness activities and measuring progress of the program.
Relevant Training and Certifications:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Auditor (CISA)
- Certified Information Security Manager (CISM)
- GRC tool management: Administration, Engineering or both
- Ability to facilitate project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
- Demonstrate ability to create and maintain security policy, standard, guideline and procedure documents.
- Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG
- Experience (Administration or Engineering) in GRC platforms
Core Security Technologies
- Strong knowledge and use of GRC platforms.
- Knowledge of host and network-based anti-malware technologies.
- Knowledge of security event management (SIEM), event correlation and analysis technologies.
- Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
- Knowledge of web filtering and email SPAM prevention techniques.
- Knowledge of vulnerability assessment and forensic investigations tools.
- Knowledge of mobile device security and Mobile Device Management solutions