Über
Licenses/Certifications Required: From the list of certification vendors, 3 related Information Security professional certification or ability to obtain via self-study within one year of hire date (ex: (ISC)2, GIAC, ISACA, CompTIA, e-Council, etc.). Required: ITIL v3 and three or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CEH, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP). Related Experience Required: 8 years of related Cyber Security or IT experience (Information Systems Audit or Assessor role, Information Security role, systems management, systems administration, information systems security, system certification, risk analysis) with a focus on DLP and/or FIM solutions and security controls. Required: • ITIL v3 and three or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CEH, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP). Possess an expert level of knowledge in the discipline of cybersecurity as well as a high level of competency in architecture, methodologies, and best practices for IAM, Data Protection, and Application and Infrastructure Security concepts, strategies, standards, functions, capabilities, and technologies. • A solid understanding of fundamental principles of cybersecurity, including threat landscape, vulnerabilities, and risk management. • Significant high-level system/security engineering experience with broad knowledge across many technologies. • Knowledge of systems security engineering (SSE) principles and practices. • Knowledge of secure software deployment principles and practices. • Knowledge of data classification tools and techniques. • Knowledge of enterprise architecture (EA) reference models, frameworks, principles, and practices. • Knowledge of the Open Systems Interconnect (OSI) reference model. • Knowledge of configuration management tools and techniques. • Knowledge of Confidentiality, Integrity, Availability, Authenticity, and Non-repudiation (CIAAN) principles and practices. • Familiarity with relevant security standards and frameworks such as NIST Special Publication 800-53, ISO 27001, and others depending on the industry. • Knowledge of applicable laws and regulations governing information security, privacy, and data protection. • Understanding of information technology systems, network architecture, and common technologies to assess security controls effectively. • Knowledge of security control frameworks and their implementation, including access controls, encryption, and incident response. • Knowledge of advanced cybersecurity tools and platforms, such as SIEM, IDS/IPS, endpoint protection, and threat intelligence solutions, for effective risk analysis and mitigation. • Ability to conduct comprehensive risk assessments, identifying and analyzing security risks to information systems. • Technical skills to assess security controls, perform vulnerability assessments, and understand the technical aspects of security implementations. • Strong communication skills to effectively convey assessment findings, risks, and recommendations to technical and non-technical stakeholders. • Ability to create clear and detailed documentation, including assessment plans, reports, and recommendations. • Critical thinking and problem-solving skills to analyze complex security issues and recommend appropriate solutions. • Keen eye for detail to identify vulnerabilities, weaknesses, and discrepancies in security controls and documentation. • Ability to adapt to evolving cybersecurity threats, technologies, and regulatory requirements. • Ability to analyze complex datasets and identify trends and patterns that could indicate cybersecurity risks or vulnerabilities. • Adherence to ethical standards and professionalism, as SCAs often have access to sensitive information and play a critical role in maintaining the integrity of security assessments. • Collaboration with various stakeholders, including system owners, security teams, and management, to ensure a comprehensive understanding of the information system and its security controls. • Commitment to continuous learning and staying updated on the latest.
WORKING CONDITIONS Normal working condition with occasional weekend and overtime requirements, including on-call rotational support.
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.