Job Description

Maintain and enhance in existing security controls, risk assessment framework, ensuring documented and sustainable compliance that aligns with SEWA business objectives and applicable regulatory requirements. Continuously monitor information security controls, exceptions, risks. Schedules regular assessments and testing of effectiveness and efficiency of ISMS controls and existing system policies and creates GRC reports. Performs and investigates internal and external information security risk and exceptions assessments. Conduct IT System policies reviews, assess security incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks. Documents and reports Information Security control failures and gaps. Provides remediation guidance and prepares incident reports to track remediation activities. Remains current on IT Governance and Information security risks, technologies and compliance best practices. Performs other related duties as assigned.

Requirements

Minimum Qualifications

Min 5 Years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or information security compliance management

Knowledge, Skills, and Abilities Knowledge of:

Information security governance requirements, compliance principles, practices, laws, rules and regulations. SAP Information technology systems and processes, IT network infrastructure, data architecture, data processes, and protocols. Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration. Information systems auditing, monitoring, controlling, and assessment process. Incident response management. Risk assessment and management methodology.

Skills in:

Security project study, management, and planning. Maintaining confidentiality. Troubleshooting and operating a computer and various software packages. Defining problems, collecting and analyzing information, establishing facts and drawing valid conclusions

Ability to:

Effectively communicate technical issues to diverse audiences, both in writing and verbally. Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process. Learn quickly and apply knowledge to new situations and business requirements. Handle sensitive and confidential matters, situations, and data. Understand and follow broad and complex instructions. Interact positively with the management, the staff, the public, and regulatory agencies in order to enhance effectiveness and to promote quality service. Work independently and prioritize multiple tasks and adapt to needed changes.

Benefits

Paid Time Off Performance Bonus * Training & Development