Senior Automated Risk Controls Engineer / REMOTE

Senior Risk Automated Controls Engineer, Senior Automated Risk Controls Engineer
Full Time
$140,000 - $160,000

Job Description

***We are unable to sponsor for this permanent Remote role***

***Position is bonus eligible***

Prestigious Enterprise Company is currently seeking a Senior Automated Risk Controls Engineer. Candidate will be primarily focused on continuous development and implementation of Cyber Risk Assurance Automation initiative. This includes implementing interfaces between tools and solutions, designing technical control tests and success criteria, developing alerts and dashboards, and maintaining existing architecture and infrastructure. The person in this role will contribute to the execution of strategic information security architecture to enable effective business operations, manage enterprise risk, and address business or regulatory issues.

Responsibilities:

  • Partners with cybersecurity and technology subject matter experts to design control tests that assess the effectiveness of cybersecurity capabilities.
  • Implements technical interfaces between tools and solutions to automate designed control tests.
  • Produces timely and effective alerts, dashboards, and metrics to support the results of automated control testing.
  • Maintains and performs continuous improvement initiatives to existing automated control testing processes, architecture, and infrastructure.
  • Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks.
  • Provides guidance on effectively managing the risk of ineffective capabilities, and influences decision making by educating business stakeholders on the risk.
  • Works closely with other members of the Cyber Risk team to lead changes in the organization's defense posture.

Qualifications:

  • 8+ years of experience in Information Security or a related field.
  • A complete or working understanding of information security technology solutions including advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, big data user and entity behavior analytics, SIEM, active adversary deception, and others.
  • Knowledge of laws, regulations, and standards, including NIST 800-53, PCI-DSS, HIPAA, and others, and experience in performing control assessments associated with these frameworks.
  • Relevant security certifications (CISSP, CISM, SSCP, GMON).
  • Proficiency with at least one interpreted programming language (Python, Ruby, etc).
  • Proven ability to effectively communicate findings and mitigation strategies to stakeholders and develop comprehensive and accurate reports and presentations for both technical and executive audiences.
  • Teamwork and ability to promote a working environment that increases collaboration, predictability, transparency and promotes a culture of experimentation, innovation, and taking risks.
  • Ability to clearly present complex/security subjects and findings to technical staff and management.
  • Exceptional technical writing skills including documentation development, process mapping, and visualization.
  • Effective and consistent collaboration through available mediums that enable remote team communication.
  • Ability to work effectively in a diverse team and promote team diversity.
Dice Id : napil006
Position Id : CJ-RiskControl
Originally Posted : 4 months ago
Have a Job? Post it