Full TimeUnited States - Missouri - Maryland HeightsPosted 04/20/2021Areas of interest: Cybersecurity, Information TechnologyRequisition Number: 279643BRISE341
JOB SUMMARY Leverage industry and technical expertise to assist leadership teams to more effectively address enterprise security risk remediation. Lead discussions with leadership around remediation of security risks and control gaps. Establish a project around remediation plans to eliminate risk and control gaps. Responsible for identifying opportunities for organization to remediate security gaps and improve business performance. In addition, this role will apply the concepts of Enterprise Risk Management to help organization identify, assess, and mitigate emerging risks.
MAJOR DUTIES AND RESPONSIBILITIES Actively and consistently supports all efforts to simplify and enhance the customer experience.
Identify and address business needs while delivering prioritized security risks from Risk Registry to leadership groups within departments and functions of the organization.
Conduct client discussions and meetings to communicate a broad range of services.
Prepare and manage engagements to include preparing concise, accurate documents and balancing project economics management with the occurrence of unanticipated issues.
Plans, manages, and monitors security remediation projects from risk stage through implementation
Act as escalation point of contact for Security Remediation and oversee key stakeholder requirements and project objectives for the entire team.
Manage and advise on project management processes and methodologies for remediation team to ensure assigned projects are delivered on time, within budget and meet high quality standards in remediation measures and leadership expectations using the appropriate tools.
Identify opportunities proactively to remediate security gaps to improve business or department performance.
Define security controls and processes and propose recommendations to remediate security risk and control gaps/solutions.
Develop meaningful metrics to reflect true posture of the environment to present to organization, allowing for educated decision making based on risk.
Research methods to improve security remediation program and security infrastructure processes to be more effective and efficient to include implementing current security practices in industry.
Liase with business groups to provide awareness for IT security services, understand key security principals to apply, and gain an understanding of their programs to provide security-related assistance where needed requiring strong business knowledge and security domain expertise.
Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, and vendors.
Identify, assess, and mitigate emerging risks using concepts and methodologies under Enterprise Risk Management methods used by organization.
Maintain deep subject matter expertise of current threat, vulnerabilities, attacks and countermeasures in order to respond effectively to findings.
Provide regular coaching and mentoring and training to team members on findings and plans for remediation.
Serve as escalation point in absence of leadership for team members and external departments’ inquiries.
Monitor workflow of team’s engagements, audit schedule, and testing timeframes and provide recommendations to prioritize team deliverables.
Update and review department documentation, procedures and program effectiveness as needed.
Perform other duties as assigned.
REQUIRED QUALIFICATIONS Skills/Abilities and Knowledge Ability to read, write, speak and understand English Advanced knowledge of performing IT Risk & Security assessments across a broad range of technologies, leveraging thorough technical and operational knowledge of Information Security best practices and industry standards Advanced knowledge of project management methodologies and practices Advanced knowledge of various operating systems (Window, UNIX, Linux, AIX, etc.) with an emphasis on vulnerability assessment and hardening. Advanced Knowledge and experience required in the areas of security assessment and vulnerability scanning, risk based threat analysis, and security mitigation techniques Advanced knowledge of at least one scripting language Advanced knowledge of Common Vulnerability Scoring System (CVSS) Advanced knowledge of technical aspects of the following areas: IT Audits, IT Risk Management, Information Security and/or Technical Privacy. Intermediate working knowledge of planning and executing remediation projects in one or more of the following areas: Information Security, Risk Management, Technical Privacy/Compliance, IT Security Audit, and / or IT Risk Management. Intermediate knowledge of Internal and External Audit practices and/or knowledge of Information Security practices in a professional services firm or large enterprise. Intermediate knowledge of utilization of network and application security assessment tools and methodologies to manage and address security and control issues with the following technologies: UNIX, Windows Servers, databases (Oracle, SQL, DB2, etc), mainframe, firewalls, routers, wireless environments, mobile devices, and cloud computing. Intermediate understanding of Information Security strategy, organization, policy and Governance fundamentals. Intermediate Experience with Vulnerability Scanner a plus Ability to implement change management practices and facilitate process change in external departments Ability to present technical concepts to non-technical audiences Ability to be adaptable and flexible while working in a dynamic environment Foster and maintain relationships with key stakeholders, departmental leadership, and business partners Excellent oral and written communications skills
Education Bachelor’s degree in BA or BS Management Information Systems, Computer Science, Accounting, and / or business related discipline, or equivalent work experience. One of the following or equivalent certifications required or in the process of obtaining: Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) certifications Certified Ethical Hacker (CEH) or other security, risk, or audit professional related certifications
Related Work Experience 6 plus years IT Security and/or Corporate Risk Work experience 3 plus years IT Risk Management and/or IT Internal Audit including experience in Information Security & Technical Privacy.
PREFERRED QUALIFICATIONS Related Work Experience Experience working within a data center Experience communicating with business professionals to articulate problems that may arise
WORKING CONDITIONS Office environment
The health and safety of our employees and candidates is very important to us. Spectrum has adopted virtual mobile recruiting tools that allow us to continue meeting new candidates. We look forward to “virtually” meeting you.
The Spectrum brands (including Spectrum Networks, Spectrum Enterprise and Spectrum Reach) are powered and innovated by Charter Communications. Charter Communications reaffirms its commitment to providing equal opportunities for employment and advancement to qualified employees and applicants. Individuals will be considered for positions for which they meet the minimum qualifications and are able to perform without regard to race, color, gender, age, religion, disability, national origin, veteran status, sexual orientation, gender identity, or any other basis protected by federal, state or local laws.