Hansell Tierney is one of the premier staffing and recruiting companies in the Pacific Northwest. Launched in 2001, we are a woman-owned business that serves and staffs Northwest organizations by doing things the right way, not just the easiest way. Hansell Tierney partners with candidates and clients to match the best candidates with interesting local opportunities. We navigate every relationship with the highest level of discretion and service while holding ourselves accountable to our promises. Our business thrives on our deep understanding of the job market and our ability to skillfully tailor our recruitment process to meet our clients’ unique needs. Hansell Tierney is helping our client, a lead PNW law firm, with their search for an IT Security Engineer to join their IT team. The position will lead the charge in developing, testing, documenting, and implementing information security controls and solutions firm wide.
- Responsible for developing, implementing, monitoring, and enforcing security policies and procedures for the Firm’s Information Technology.
- Define, build, and manage control test plans to test, validate, and audit controls. Test plans may include hands-on testing of infrastructure to validate control effectiveness.
- Recommend new and enhance existing policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of firm data.
- Perform network and systems audits, vulnerability scans, and implement system hardening standards.
- Design and build the security infrastructure for all IT-related projects.
- Manage and maintain configuration and patch management process.
- Research and analyze emerging security threats and recommend industry best practices for mitigating the Firm’s risk.
- Collaborate with local IT teams, consultants, Information Governance, and General Counsel in promoting and establishing an ideal security structure for all firm practices.
- Communicate complex concepts with senior management, IT personnel, auditors, and external stakeholders in a clear and concise manner.
- Key stake holder for change control process and procedures.
- Perform Vendor Risk Assessments.
- Provide security awareness orientation, training, and direction to all Firm employees.
- Perform other tasks under the direction of management.
- 5 + years' experience operating as a security resource in an enterprise environment
- Must hold a current Certified Information Systems Security Professional (CISSP) certificate
- Certifications in one or more of the following preferred: ISO 27001 Lead Auditor/Implementer, GIAC, GPEN, CISA, CRISC
- Cisco, Juniper, and Sonicwall networking security experience required
- Prince2, PMP, ITIL, MCSE certifications a plus
- Scripting skills in Python, Bash, Pearl, and/or Powershell a plus
- Hands on experience with security tools and solutions - PKI, AV, IPS/IDS, vulnerability and penetration testing, OS Hardening, VPN, Content Filtering, Proxies etc.
- Direct experience building enterprise security compliance policies
- Strong time management and organization skills required
- Strong project management skills required
- Must be a team player with excellent interpersonal and communication abilities
- Ability to communicate at a technical level with technical professionals and communicate complex technical concepts to non-technical Firm management