Description
***This candidate must be a U.S. citizen (U.S. born or naturalized) who does not hold dual citizenship and agrees to complete a U.S. federal government Minimum Background Investigation (MBI) for a Moderate Public Trust position.
In this role, you have accountability for a specific deliverable in GCC and are responsible for working with Engineering stakeholders, partners, and other members of GCC to deliver exceptional quality that reduces risk and ensures ongoing compliance for our customers. You are expected to own the area of responsibility with minimal guidance from senior team members. You should innovate, challenge the status quo, embrace operational excellence best practices and use automation and emerging technologies to enhance delivery of your work product.
Responsibilities:
Assess security risk and ensure that controls are designed to appropriately mitigate security risk.
Assess control effectiveness to ensure ongoing compliance.
Drive existing or newly identified initiatives between stakeholder organizations creating synergies and reducing risk of non-compliance with internal or external requirements
Consult with business or security stakeholders on information security requirements and applicability to their business processes, products, or services
Create and maintain relationships with key business, legal, Employee Success, Internal Audit, technical/engineering stakeholders, and other organizations throughout the company who provide expertise in security requirements and solution management
Focus on continuous improvement of operational processes and designing innovative and automated functionality for added efficiency
Identify and create metrics and dashboards to quantify and measure the impact of security processes that you drive
Effectively communicate compliance positions and programs to applicable business stakeholders
Minimum Qualification:
Minimum 3 years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas and a minimum of 3-5 years of total work experience
Experience working with Government Cloud environments such as AWS, Azure, GCP (SaaS, IaaS, PaaS etc)
Experience in security related analysis, creating metrics and dashboards and summarizing large data sets
Ability to work with both business and technical areas and translate between the two areas
Skilled at building rapport and establishing partnerships
Excellent verbal and written communication skills and ability to communicate results to multiple levels of management
Knowledge of multiple regulatory compliance frameworks (NIST CSF & 800-53, ISO27001, SOX, SOC, HITRUST, HIPAA, FedRAMP (including FedRAMP 20x), DOD SRG IL4/IL5, PCI, etc.)
Operational process design, improvement, and implementation experience
Demonstrated desire to learn new skills and innovate
Agile, proactive, comfortable working with ambiguous specifications and can prioritize quickly and effectively
Drive improvements in existing processes and develop new innovative and efficient solutions
Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc.
Required Qualifications:
Experience building productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance, Engineering, and other stakeholders
Experience working with the Authorizing Officials and DISA Cloud Assessment Division
Experience working with Information Security, GRC, ERM, Technology, Business, and Legal/Privacy functions
Preferred Qualifications:
Knowledge of, or experience working with, Cloud technologies/environments is a plus
CISSP, CISA, CISM, AWS or similar certifications a plus