- Maintain and enhance in existing security controls, risk assessment framework, ensuring documented and sustainable compliance that aligns with SEWA business objectives and applicable regulatory requirements
- Continuously monitor information security controls, exceptions, risks
- Schedules regular assessments and testing of effectiveness and efficiency of ISMS controls and existing system policies and creates GRC reports
- Performs and investigates internal and external information security risk and exceptions assessments
- Conduct IT System policies reviews, assess security incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks
- Documents and reports Information Security control failures and gaps. Provides remediation guidance and prepares incident reports to track remediation activities
- Remains current on IT Governance and Information security risks, technologies and compliance best practices
- Performs other related duties as assigned
Requirements
Minimum Qualifications
Min 5 Years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or information security compliance management
Knowledge, Skills, and Abilities Knowledge of:
- Information security governance requirements, compliance principles, practices, laws, rules and regulations
- SAP Information technology systems and processes, IT network infrastructure, data architecture, data processes, and protocols
- Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration
- Information systems auditing, monitoring, controlling, and assessment process
- Incident response management
- Risk assessment and management methodology
Skills in:
- Security project study, management, and planning
- Maintaining confidentiality
- Troubleshooting and operating a computer and various software packages
- Defining problems, collecting and analyzing information, establishing facts and drawing valid conclusions
Ability to:
- Effectively communicate technical issues to diverse audiences, both in writing and verbally
- Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process
- Learn quickly and apply knowledge to new situations and business requirements
- Handle sensitive and confidential matters, situations, and data
- Understand and follow broad and complex instructions
- Interact positively with the management, the staff, the public, and regulatory agencies in order to enhance effectiveness and to promote quality service
- Work independently and prioritize multiple tasks and adapt to needed changes
Benefits
- Paid Time Off
- Performance Bonus
- Training & Development
