Sr. IT Security Specialist

"Risk Management", "Information Security", Senior, Leadership, "Fortune 500", Global, international, Vendor, Contract, Negotiations, eCommerce, "Industry 4.0", ISO 27001, IS/ITIL, COBIS/IT, NIST, GDPR, PCI, "Disaster Recovery", "Business Continuity", Policies, "Security Risks", Mobile, "Social Media", "Cloud Solutions", Metrics, CISSP, CISM, CISA
Contract W2, 12 Months
Depends on Experience
Travel not required

Job Description

Position:            Sr. IT Security Specialist
Client:                Fortune 100 Company
Location:           St Louis, MO (Remote until further notice)
Initial Duration: 12 mo (12 mo extensions typical)
Terms:               W-2 Hourly with benefits available; paid overtime

 

Key Skills

 

Risk Management/Info Sec/IT Senior Leadership Role

Risk Management/Info Sec/IT Roles

Fortune 500-level Experience

Representing Security in Various Core Team Meetings

Operating within Global Environment with Virtual Teams

Developing Info Sec Policies/Procedures

Vendor Contract Negotiations

Implementing Info Sec within eCommerce or Industry 4.0

Info Sec Frameworks (ISO 27001, IS/ITIL, COBIS/IT, NIST)

Knowledge of Relevant Legal/Reg Requirements: GDPR, PCI, etc.

Developing/Overseeing Disaster Recovery/Biz Continuity Policies

Digital Solutions Assessments to ID Security Risks:
(Web Sites, Mobile/Social Media Apps, Cloud Solutions, etc.)

Facilitating a Metrics and Reporting Framework

Info Sec Certification (CISSP/CISM/CISA, etc.) (plus)

 

Description

 

Under the supervision and guidance of her/his primary Community of Practice Lead and Product Group Manager. The Cyber and Digital Security Specialist is responsible for establishing and maintaining security products, platforms and solutions designed to mitigate IS/IT risks across Corporation to ensure that information assets are adequately protected. S/He is responsible for the identification, evaluation and reporting of information security risks in a manner that meets compliance and regulatory requirements, aligning with and supporting the risk posture of the enterprise. The Senior Cyber and Digital Security Specialist requires to be a visionary leader with strong skills in business management and a working knowledge of information security technologies. S/He will proactively work with IS/IT and business units to implement practices that meet defined policies and standards for information security. Acting as a security business partner for the IS/IT Product Groups, s/he represents Security in various core team meetings. The Senior Cyber and Digital Security Specialist continuously researches and stays on top of emerging security threats, technologies and trends.

Key Outputs


  • Conducts systematic security assessments of Digital Solutions (Web Sites, Mobile and Social Media Applications, Cloud Solutions and associated infrastructure, etc.) to identify security risks
    • Ensures new products, platforms and solutions are implemented ""Secure & Compliant by Design""
    • Develops, maintains and publishes up-to-date security policies, standards and guidelines, and oversees training and dissemination of security policies and practices
    • Works directly with IS/IT Product Managers, BRMs and IS/IT Customers to facilitate business IS/IT risk assessment and risk management processes, and works with stakeholders through the enterprise on identifying acceptable levels of residual risk
    • Provides periodic reporting on the current status of the information security program to enterprise risk teams, senior business and IS/IT leaders – in collaboration with the Office of the CIO - as part of a strategic enterprise risk management program
    • Facilitates a metrics and reporting framework in collaboration with the Office of the CIO to measure the efficiency and effectiveness of the program, promoting appropriate resource allocation, and increase the maturity of the security
    • Defines and facilitates the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings
    • Creates a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection
    • Provides strategic risk guidance for IS/IT projects and product management, including the evaluation and recommendation of technical controls
    • Liaises with the Enterprise Architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures
    • Ensures that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings
    • Creates and manages a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations
    • Liaises among the information security team and corporate compliance, audit, legal and HR management teams as required
    • Coordinates the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources in collaboration with the Office of the CIO
    • Develops and oversees effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinates the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event, and provides direction, support and in-house consulting in these areas

    Knowledge

  • Knowledge and understanding of relevant legal and regulatory requirements, General Data Protection Regulation (GDPR), Payment Card Industry/Data Security Standard (PCI) or relevant local or global laws, standards and regulations
    • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is preferred
    • Knowledge of common information security management frameworks, such as ISO 27001, IS/ITIL, COBIS/IT and NIST
    • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
    • Excellent analytical skills, able to manage multiple projects under strict timelines, work well in a demanding dynamic environment and meet overall objectives
    • Project management skills; financial/budget management, scheduling and resource management
    • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals
    • Ability to work well under minimal supervision
    • Poise and ability to act calmly and competently in high-pressure, high-stress situations
    • Must be a critical thinker with strong problem-solving skills
    • High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
    • High degree of initiative, dependability and ability to work with little supervision
    • High degree of ethical standards and values

    Experience

  • Degree in business administration or a technology-related field, or equivalent work- or education-related experience
    • 8+ years of experience in a combination of risk management, information security and IS/IT jobs — at least four must be in a senior leadership role
    • Employment history must demonstrate increasing levels of responsibility
    • Successful experience in implementing cyber security with Digital teams and products (eCommerce or Industry 4.0)
    • Proven track record and experience developing information security policies and procedures and successfully executing programs that meet objectives of excellence in a dynamic environment
    • Experience with contract and vendor negotiations
    • Experience in effective communication at different level in the organization and in English
    • Preference to have worked in a global environment and with virtual teams

 

Dice Id : fglobal
Position Id : 6601236
Originally Posted : 1 month ago
Have a Job? Post it

Similar Positions

Principal Security Engineer
  • GuidePoint Security
  • St. Louis, MO
Cloud Security Architect
  • FuseGlobal Partners
  • St. Louis, MO
Security Engineer, SME
  • Credence Management Solutions
  • Scott Afb, IL
Cyber Security Analyst
  • Leidos
  • St. Louis, MO
Information Security Engineer
  • Strategic Staffing Solutions
  • Saint Louis, MO