Skills
One submittal per supplier please. The EM actually needs three contingent workers. We will open a second request once the initial offer goes out and so that the EM can continue to source off this request. This will replace Beeline 38085 and 38992.so local is preferred. Those not local will be considered if they are willing to relocate at their own expense. This must be noted in the comments and on their resume. Please be sure to list the city and state that the candidate currently resides in
Job Description
2 positions and remote to start opportunity.
The Cyber Security Risk Assessment Specialist works closely with IT teams in assessing cybersecurity risks and the effectiveness of the controls throughout the software development lifecycle. The Specialist is responsible for the evaluation of new projects and conducting routine security assessments that adhere to the company's security guidelines.
Responsibilities:
Execute cybersecurity risk assessment and control attestation processes in ServiceNow GRC
Assess inherent cybersecurity risks in systems, infrastructure and cloud-based on the business criticality and cyber threat landscape
Review control effectiveness evidence to assess the quality and effectiveness of the implemented controls
Provide security architecture advice and recommendation for programs and projects
Conduct assessments to identify security risks in applications, systems, and networks before they are implemented
Work with development teams to provide appropriate and effective remediation guidance for vulnerabilities discovered during various assessments
Document residual risk
Prepare and communicate operational metrics and trend analysis for the Cybersecurity Leadership Team
Work with IT and business stakeholders to provide security guidance and promote a positive security mindset
Qualifications:
Minimum of 5 years of information technology industry experience and at least 3 years in cybersecurity
Minimum of 2 years of experience building/implementing security architecture and design
Bachelor's degree or equivalent experience
Solid understanding of multi-tiered and cloud architecture (i.e., AWS, Azure, Google Cloud)
Solid understanding of application security and system design
Solid understanding of the Software Development Lifecycle (SDLC) and Agile Technologies
Familiarity with common vulnerabilities and attack vectors
Strong written and oral communication skills
Information security certifications (GIAC, ISC2, ISACA), CISSP, CRISC, CISM, AWS certifications a plus
Responsibilities:
Execute cybersecurity risk assessment and control attestation processes in ServiceNow GRC
Assess inherent cybersecurity risks in systems, infrastructure and cloud-based on the business criticality and cyber threat landscape
Review control effectiveness evidence to assess the quality and effectiveness of the implemented controls
Provide security architecture advice and recommendation for programs and projects
Conduct assessments to identify security risks in applications, systems, and networks before they are implemented
Work with development teams to provide appropriate and effective remediation guidance for vulnerabilities discovered during various assessments
Document residual risk
Prepare and communicate operational metrics and trend analysis for the Cybersecurity Leadership Team
Work with IT and business stakeholders to provide security guidance and promote a positive security mindset
Qualifications:
Minimum of 5 years of information technology industry experience and at least 3 years in cybersecurity
Minimum of 2 years of experience building/implementing security architecture and design
Bachelor's degree or equivalent experience
Solid understanding of multi-tiered and cloud architecture (i.e., AWS, Azure, Google Cloud)
Solid understanding of application security and system design
Solid understanding of the Software Development Lifecycle (SDLC) and Agile Technologies
Familiarity with common vulnerabilities and attack vectors
Strong written and oral communication skills
Information security certifications (GIAC, ISC2, ISACA), CISSP, CRISC, CISM, AWS certifications a plus
Must Haves:
- Minimum 3 years in cyber risk management or cyber internal audit or NIST 800.53 or Application security architecture
- Excellent communication skills
- Minimum 3 years in cyber risk management or cyber internal audit or NIST 800.53 or Application security architecture
- Excellent communication skills