Technical/Functional Skills

Review and recommend improvements to the Information Security operating model, enterprise policies, standards, and processes to providing reporting and recommendations to the CxO to reduce the risk to the enterprise. Understanding of how information security affects an organization and ability to link it to business processes. Experience in implementing security policies, standards, and controls.

Experience Required

• 2-3 years of regulatory requirements and frameworks such as ISO 27001, ISO 27002, PCI, CIS, SOX, HIPPA, ISO, NIST, COBIT, GDPR or NIST Cyber Security Framework (CSF).
• Basic knowledge and understanding of risk assessment and control methods
• Basic knowledge and understanding of information security policies, standards and processes.
• Basic knowledge and understanding of how information security affects an organization and ability to link it to business processes.
• Strong Understanding of vulnerability management.
• Minimum of 3 years of experience in security or IT/OT.
• SANS 401
• 2 years of experience in a GRC discipline. One year of work in a Governance, Risk, Compliance (GRC) function in a highly regulated environment.
• Proven success implementing security policies, standards, and/or controls.
• Experience in one or more of the following areas preferred: network administration, systems administration, SDLC/secure soft, encryption, asset management, identity and access management, Audit, Governance Risk & Compliance, IT Operations, Security Risk Management.

Roles & Responsibilities

• Develop, maintain, evaluate and implement policies and procedures in line with both business requirements and national and international legislative changes, (i.e. 27001/27002, COBIT 5, NIST CSF, GDPR).
• Lead control assessment activities addressing technical and functional security and regulatory requirements. Engage appropriate business units and personnel to plan and execute the Technical Control Governance program. Document gaps and system vulnerabilities; drive risk identification and intake.
• Analyze, implement, review and update of security policies, standards, and controls. Collaborate with leadership to develop and implement security policies and standards, considering impact to the enterprise. Collaborate with subject matter experts to address new requirements and emerging business needs in a secure manner.
• Participate in the development and implementation of security awareness program training, materials, and events. Develop and deliver content to educate the business about the Technical Control Framework and other organizational programs.
• Lead implementation (Control Design and Implementation) of ADM Control Framework, including tracking and reporting progress, security control gaps (compared to ADM framework which consists of NIST-CSF and ISO 27001 / ISO 27002), and metrics.
• Collaborate with key business units and capability stakeholders, including, but not limited to, Privacy, IT, Internal Audit, InfoSec, Corporate Security, and HR to develop and improve Information Governance to the enterprise.

Generic Managerial Skills

· Ability to translate strategy into actionable plans impact organizational change.

· Ability to work across the organization, building relationships and influencing peers and management through establishing trust and credibility.

· Ability to drive discussions and influence decision making; strong presentation and reporting skills. Proficient in technical writing and leveraging various creative mechanisms to communicate to diverse audiences.

· Ability to communicate with and create documentation for technical and non-technical audiences.

Job Type: Full-time

Pay: $100,000.00 - $110,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Health insurance
• Life insurance
• Vision insurance

Experience level:

• 5 years

Schedule:

• 8 hour shift
• Day shift
• Monday to Friday

Experience:

• Data management: 1 year (Preferred)

Ability to Commute:

• Erlanger, KY 41017 (Required)

Ability to Relocate:

• Erlanger, KY 41017: Relocate before starting work (Required)

Work Location: In person