Info Security Gov & Risk Specialist

• Defines, enhances, and implements information security configuration controls, while ensuring consistent and effective information security administration procedures and processes.

Key Responsibilities and Duties:

• Review industry configuration safeguards and monitor compliance for infrastructure assets: databases, workstations, network, middleware, servers, cloud services, and mobile
• Partners with multiple business stakeholders to drive work and monitor through completion
• Analyze internal information security controls and convert control criteria and their severity into functional compliance scanning results
• Create and support program governance documentation such as standard operating procedures, control assessments and training materials
• Monitor industry security updates, technologies and best practices to improve security management
• Generate metrics and reports in assigned functional business area to inform decisions on tactical issues that impact the business
• Perform QA/QC activities to drive configuration management program maturity
• Support remediation efforts through gap identification and action plan creation to operationalize scan results
• Participates in various tool testing and validation efforts for on-prem and cloud scanning

Required Qualifications:

• Bachelor s degree in IT or Cybersecurity
• Experience with developing, customizing, reviewing and updating a wide range of enterprise security configuration baselines, with input from subject matter experts
• Experience interpreting and applying CIS Benchmarks, DISA STIGs, SRGs, and has an awareness of the National Vulnerability Database (NVD) and Common Vulnerability Enumeration (CVE)
• 1 year of direct experience working with teams in an agile and horizontal environment
• Experience with remediation activities within Cybersecurity
• Ability to translate the low-level security baseline requirements into security baselines
• Ability to work independently to anticipate needs, support a changing landscape and willingness to act with minimal supervision

Preferred Qualifications:

• Knowledge and understanding of technology operations/processes, as well as experience with evaluating technology-related risks and controls
• Experience in working with the NIST 800 Special Publication series and providing guidance for risk management and security control implementation, including 800-53 and others.
• Experience with one or more of the following technologies: Networking (including CISCO or Palo Alto); Operating Systems (including Windows Server, RedHat, or Linux); Cloud Services (including GCP, AWS, and Azure)
• Ability to apply a technical skill set to research and document industry knowledge and best practices with established or newly released applicable security controls
• Written and verbal communication skills: articulate and effective communicator and presenter, able to describe complex problems in both technical and business terms
• Demonstrated experience learning new technologies
• Experience with an Agile methodology
• Knowledge of ServiceNow and Archer