Are you interested in posting a position with us? Contact us at firstname.lastname@example.org to add a position here.
Job Posting-------------------------------------------------------------POSTED 08/17/2021
Principal Engineer - Cloud Security Technology Operations - Telecommute
Cloud Professionals - don't miss this opportunity to join U.S. Bank and WFH; apply at the link provided below!
Be part of something big, a place where you're challenged to be your best.
Where integrity matters and success inspires, where great people collaborate, innovate, and give back.
Where you feel included, valued, and proud.
Apply now at:
#cybersecurity #cloudsecurity #Cloud #usbank #usbanklife #careers #security #cloud #opportunity2021 #WFH
Job Posting-------------------------------------------------------------POSTED 07/26/2021
Greenberg Traurig, a global law firm, currently has excellent full-time employment opportunities for IT Risk and Compliance Analyst in our Doral, Phoenix, Austin, Salt Lake City, Miami, Dallas, Tallahassee and Atlanta offices. We offer competitive compensation and an excellent benefits package.
The IT Risk and Compliance Analyst will provide administrative and technical assistance in the ongoing design, development, and management of the firms’ Information Security Program. This position will primarily assist in developing, monitoring, and enforcing information security practices and controls to ensure information and computing assets are kept secure from unauthorized access and inappropriate alteration.
Duties & Responsibilities:
- Complete vendor risk assessments submitted to GT by clients and prospective clients.
- Respond to client Requests for Proposals (RFPs) and questionnaires related to security.
- Perform information security due diligence on third party vendors to determine the effectiveness of their controls to protect the firm’s data, identify any discrepancies and escalate all issues to management.
- Develop, implement, assign, and monitor third party vendor assessments
- Execute and document assessment activities following established processes and procedures.
- Perform third party online reviews to assess their current information security posture and practices.
- Improve existing questionnaire response process
- Keep abreast of regulatory and compliance related information to enhance the third-party due diligence program.
- Collaborate with team members to create and update documents and presentations that can be used to inform internal employees, external auditors or internal auditors about the Firm’s Information Security third party program.
- Contribute to the continuous improvement, including automation where possible, of all aspects of the Information Security Program based on expert knowledge, industry best practices, business objectives and risk tolerance, keeping the program relevant and in alignment with the business objectives.
- Provide threat notification to third party vendors
- Track vendor mitigation progress of identified threats
- Assist in development, implementation, monitoring and support of access control, data confidentiality, system integrity, system reliability, system audit and recovery controls.
- Coordinate, execute, and provide support with Information Security & Business projects.
- Develop and update security policies, procedures, and best practices.
- Assist in the management & monitoring of the firm’s Information Security Program.
- Collaborate with other departments to resolve security related issues and incidents.
- Collaborate with other business units to ensure compliance to standards and policies.
- Perform penetration tests, application & vulnerability assessment scans.
- Actively participate in outside Information Security communities.
- Conduct security research and knowledge of current security events in order to keep abreast of latest issues.
- Assist in the development, management & maintenance of the Information Security Awareness Program.
- Identify Information Security & Business Continuity risks to senior management & make recommendations for corrective actions/mitigation of risks.
- Perform other related duties as required / assigned.
Skills & Competencies:
- Understanding of information security (IS) concepts, IT, information security awareness and third-party risk management processes, methodologies, and practices.
- Proficient knowledge of third-party related regulatory policies.
- Experience working with compliance issues dealing with sensitive data preferred.
- Working knowledge of operating systems, web applications, penetration testing, anti-spam solutions, web content filtering solutions, threat analysis, risk, and vulnerabilities.
- Ability to use the following security systems: vulnerability scanners, data loss prevention (DLP), and log management tools.
- Working knowledge of core security concepts such as encryption, DLP, patch management, configuration management, vendor risk management, and vulnerability assessments.
- Ability to investigate security incidents using all available tools, logs, and coordination with various IT groups.
- Demonstrate strong customer service skills to ensure a smooth data collection experience for both our customers and our internal business unit partners
- Excellent written & verbal communication skills.
- Must be available in an on-call status 365/24/7.
- Must be able to work independently without direct supervision at times.
- Must be able to take own initiative.
Qualifications & Prior Experience:
- Bachelor’s degree in information security related field required; or 3+ years of work experience in relevant information security position in lieu of degree.
- 1-3 years of experience in implementing and/or supporting IT risk management processes.
- 1-3 years of experience in responding to vendor risk assessments submitted
- 1-2 years of experience with DLP and SIEM systems
- Knowledge of risk assessment/management tools
- Multi-year experience in Information Security
- IT security related certificates (e.g. Security+, CRISC, CISA, CRCP, SSCP/CISSP) preferred
Job Posting-------------------------------------------------------------POSTED 06/21/2021
IT Security Architect
As a senior member of Information Security team this enterprise-wide role is integral in defining and assessing the organization's security strategy, architecture and practices. The enterprise security architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services, evaluate and incorporate emerging technologies and evaluate changes to the threat landscapes. Interacts with senior leaders across the enterprise and acts as a trusted senior advisor.
- Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
- Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
- • Develop security strategy plans and roadmaps based on sound enterprise architecture practices
- Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
- Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
- Participate in application and infrastructure projects to provide security-planning advice
- Assist in the development of security technology standards and patterns that will be utilized within the environment
- Validate security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection
- Review network segmentation to ensure least privilege for network access
- Liaise with the Third Party Risk Management (TPRM) team to conduct security assessments of existing and prospective vendors
- Liaise with the IT Security GRC team to review and evaluate the design and operational effectiveness of security-related controls
- Support the testing and validation of internal security controls
- Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics
- A minimum of 7-10 years of experience in a related field or equivalent experience in the
- Strong oral and presentation skills
- In-depth knowledge of cybersecurity frameworks including but not limited to NIST CF, HITRUST CSF, ISO 27001
- Strong knowledge of laws and regulations including but not limited to PCI DSS, HIPAA-HITECH
- Experience in using architecture methodologies such as SABSA, Zachman, or TOGAF
- Direct, hands-on experience or strong working knowledge of managing security infrastructure g., firewalls, intrusion prevention systems (IPSs), web application firewalls (>NAFs), endpoint protection, SIEM and log management technology
- Strong working knowledge of vulnerability management practices and tool
- Direct experience designing 1AM technologies and services such as AD, LDAP, and/or AWS 1AM
- Strong working knowledge of IT service management- lTIL related services
- Change management, Configuration management, Asset management, · Incident management, Problem management, etc.
- Experience designing and securing applications and infrastructures in cloud environments such as AWS and/or Azure
- Bachelor's degree in Computer Science or related field or equivalent experience required
- Multiple certifications preferred
Founder - Executive Recruiter
Job Posting-------------------------------------------------------------POSTED 05/12/2021
Royal Caribbean Group is in search of a Lead, IS Risk Assessments within the GIS department to supervise the evaluation and management of risk involving systems and applications.
The goal of the IS Risk Assessment program is to create and manage an automated, auditable, repeatable, and demonstrable program to manage information security risk to Royal Caribbean Group information assets.
This position assesses the risk of the group's applications and systems using structured interview processes, questionnaires, and review of security, compliance, and data protection documentation.
Essential Duties and Responsibilities:
- Supervise the IS risk assessment program intake, assessment, remediation, and risk treatment processes
- Create and introduce advanced processes and methodologies of IS risk assessments
- Improve IS risk management processes based on changing requirements.
- Lead discussions on the history and future perspective of IS risk assessment programs
- Lead the establishment of organizational IS risk management policies.
- Analyze application and system controls, documentation, and settings to identify information security risks to RCG
- Predict security issues and their potential impact on customer operations.
- Ensure potential information security and regulatory compliance risks (such as Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI-DSS), etc.) associated with systems and applications are examined thoroughly, documented, communicated, treated, and monitored
- Create enterprise-wide systems and practices for securing information
- Collaborate with RCG business sponsors, technology departments, and third parties (where applicable) to communicate requirements, initiate, conduct, and complete risk assessments in a timely manner
- Interact and collaborate with key personnel in various departments including, but not limited to, Procurement, technology departments, Legal, Crisis Management, Compliance and Ethics, Human Resources, Internal Audit, etc
- Manage and assist in developing and onboarding IS risk assessment tools, templates, and associated processes to provide transparent reporting on activities and portfolio management.
- Participate in established project management office (PMO) protocols to integrate IS risk assessment requirements (initiation, planning, analysis, design, build, test, deploy, closeout, etc.)
- Performance of other duties and responsibilities as assigned
Qualifications, Knowledge, and Skills:
- Bachelor's in IT / IS, Computer Science, or related discipline is preferred. Non-technical degrees with Computer Science fundamentals will be considered combined with technology experience
- At least one Information Security certification such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), etc. required
- 5 years of IT / IS Risk experience
- Demonstrated experience in performing audit / compliance assessments.
- Experience with internal project consulting to provide compliance and security requirements and guidance
- Significant experience in SOX, PCI-DSS, Global Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and other regulatory compliance requirements and controls
- Superior written and verbal communication skills required
- Display sound judgement with a high level of integrity, ethics, and ability to calmly, diplomatically, and effectively handle stressful situations.
- Ability to formulate and communicate exceptions / findings and technical solutions
- Proven ability to collaborate with technical and business peers.
- Demonstrate a degree of creativity with strong, analytical problem-solving skills
- Self-starter able to perform assessments with minimal guidance.
- Strong with methodologies, tools, best practices and processes related to IS risk assessments
- Ability to work in a fast-paced environment with multiple active projects at one time
- Exceptional work ethic and organization skills with a detail oriented approach
- Excellent verbal, presentation, and written communication skills for both technical and non-technical audiences
- High familiarity with ISO27001/2, NIST, FISMA, PCI-DSS, and other industry standards and frameworks
- Fast-paced, fluid, open, and innovative work environment.
- Requires flexibility and exceptional interpersonal relationship skills.
- Requires up to 20% local travel to meet with internal and/or external RCG business partners.
- Requires up to 10% international travel to RCG internal offices and/or RCG ships.
Apply today: https://www.linkedin.com/jobs/view/2494258844/?refId=0H1O4LNvRJy7kTG5kvi1NA%3D%3DJob Posting-------------------------------------------------------------POSTED 05/12/2021
The Florida Department of Transportation’s Office of Inspector General is looking for a talented professional to join our team in Tallahassee. This position will be reporting to the Performance and Information Technology Audit unit.
As the Sr IT Auditor, your responsibilities will include:
- Coordinates and conducts audits (primarily information technology related), special projects, and reviews of department operations, programs and controls, in compliance with professional and office standards, to promote accountability, integrity and process improvement in the department. Conducts reviews regarding the management of information technology as well as the technical and functional adequacy of information systems specifications, operations, controls and security in compliance with professional and office standards. Develops assignment scopes, methodologies, and audit programs. Prepares, researches and designs evaluations of programs, systems, controls, policies, procedures and other functions using audit and analytical techniques. Analyzes supporting evidence, draws logical conclusions and develops appropriate findings and recommendations. When assigned as team leader by the supervisor, organizes and facilitates the work of other team members to ensure the successful completion of the assignment. Also, mentor and help train new audit staff.
- Prepares thorough, complete and accurate documentation of work performed. Prepares oral and written briefings. Prepares draft and final reports.
- Coordinates and conducts defensible data acquisition and analysis using appropriate evidence and computer forensic techniques. Analyzes supporting evidence, draws logical conclusions and develops appropriate findings and recommendations.
- Maintains knowledge and proficiency in information system technology and techniques.
- Performs procedure reviews.
(The link below outlines additional duties and responsibilities)
Position: Sr IT Auditor (Computer Audit Analyst- SES)
Anticipated Annual Hiring Salary: $60,770.06
Closing Date: 05/19/2021
Location: Tallahassee, FL
Select the link below to see the complete job posting and to apply:
Position 55000743 Sr IT Auditor – Performance and Information Technology Section
To learn more about the FDOT OIG:
Job Posting-------------------------------------------------------------POSTED 05/12/2021
Varonis, a global leader in data security software is looking to hire a Sales Engineer in South Florida. Applicants should visit https://info.varonis.com/careers?p=job/omYdffww to apply.
The Sales Engineer is responsible for assisting a Sales Representative and Partners with the technical sales activities in net-new and pre-existing opportunities.
The Varonis Sales Engineer will be aligned with a local Sales Representative. The goal will be to deliver the technical value of the Varonis product to the end-user. As a team, the goal will be to build a strong business justification to the end-user, while ensuring that the given annual quota is met/exceeded.
- Understand customer requirements and integrate Varonis solutions into the customers’ environment.
- Deliver sales presentations, present technical information about Varonis’ products and services, and conduct product demonstrations.
- Manage all phases of product evaluations including installations, presenting at seminars, responding to RFP’s and RFI’s and the technical development of Varonis Partners.
- Ability to work independently and team collaboratively in a fast-paced environment.
- Ability to articulate the importance of Data Governance and evangelize Varonis as the leader in the Data Governance market to end-users of all levels.
- Percent of travel varies by territory.
- Bachelor’s Degree or equivalent from a four-year College or Technical School AND 3-5 years of experience in a customer facing role OR equivalent combination or education and experience.
- Strong written, oral, and presentation skills.
- Ability to discuss highly technical concepts to all audiences, ranging from non-technical to executive level technical decision makers.
- Extensive knowledge of Active Directory and related Directory services.
- Extensive knowledge of Windows and Unix File systems.
- Exposure to security hardware and software.
- Exposure to Microsoft O365/Exchange and cloud platforms preferably in a systems administration role.
- MCSE, MCP Microsoft Certifications are preferred.
To perform this job successfully, an individual should demonstrate the following competencies:
- Analytical: Collects and researches data; designs workflows and procedures; identifies data relationships and dependencies; synthesizes complex or diverse information; uses intuition and experience to complement data.
- Technical Skills: Assesses own strengths and weaknesses; strives to continuously build knowledge and skills; shares expertise with others.
- Sense of Urgency: Displays a matter of utmost urgency; understands the importance of making critical business decision in a timely manner with strong attention to detail; realization that efficiency and prioritization is critical to success.
- Customer Service: Manages difficult or emotional customer situations; meets commitments; responds promptly to customer needs; solicits customer feedback to improve service.
- Problem Solving: Identifies and resolves problems in a timely manner; gathers and analyzes information skillfully; develops alternative solutions.
- Written Communications: Edits work for spelling and grammar; presents numerical data effectively; varies writing style to meet needs; writes clearly and informatively.
- Oral Communication: Demonstrates group presentation skills; listens and gets clarification; responds well to questions; speaks clearly and persuasively.
- Adaptability: Adapts to changes in the work environment; manages competing demands; changes approach or method to best fit the situation; able to deal with frequent change, delays, or unexpected events.
- Planning/Organizing: Prioritizes and plans work activities; uses time efficiently; plans for additional resources; sets goals and objectives; develops realistic action plans.