Roles and Responsibilities:
- Collaborate to define security and IT standards and support the execution of organizational policies.
- Perform security and compliance assessments on new and existing systems, processes, technology.
- Support vendor due-diligence process and help to lead and define overall third-party risk management efforts.
- Work with various business units to ensure controls are adequate, appropriate, and effective.
- Support internal and external audit processes for relevant compliance concerns, including state regulations, privacy laws, and security frameworks such as ISO 27001, SOC, NYDFS, NIST and more.
- Perform business impact analysis and assist with the development of IT/InfoSec risk register.
- Participate in disaster recovery and business continuity planning.
- Stay up to date and informed on developing regulatory concerns and changing information security trends.
- Over 3 years of relevant security & GRC experience.
- Experience with IAM concepts.
- Good understanding of organizational security risk concepts.
- Good knowledge and experience of PCI and ISO 27001 requirements and security frameworks such as NIST.
- Familiarity with cloud and SAAS technologies.
- Good understanding of fundamental information security concepts and technology.
- Good project management skills - a huge advantage.
- Experience with security tools and technologies - a huge advantage.