• Snapboard
  • Activity
  • Reports
  • Campaign
Welcome ,

Chat with the recruiter

...Minimize

Hey I'm Online! Leave me a message.
Let me know if you have any questions.

Senior Security Engineer (Cybersecurity Risk Management)

In United States

Save this job

Senior Security Engineer (Cybersecurity Risk Management)   

Click on the below icons to share this job to Linkedin, Twitter!

JOB TITLE:

Senior Security Engineer (Cybersecurity Risk Management)

JOB TYPE:

JOB SKILLS:

JOB LOCATION:

Washington United States

JOB DESCRIPTION:

  • Position is in the Cybersecurity Risk Management Department
  • Position requires 5-8 years experience.
  • Knowledge of several of the following frameworks/regulations: NIST Special Publication 800-53 Rev. 4 /5 Security and Privacy Controls for Information Systems and Organizations, the HIPAA Security and Privacy Final Rule (45 CFR Part 164), NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, NIST CSF, NIST RMF, FedRAMP, HITRUST, CIS benchmarks, CIS Top 20, Cloud Controls Matrix (CCM), COBIT, CMMC, ISO 27001.
  • Knowledge of developing SSPs based on NIST 800-171, 800-53, and FedRAMP.
  • Experience in conducting security and privacy risk assessments, completing risk exception and acceptance requests using SIG, SOC2 Type 2, and other security attestation documents.
  • Skilled at working with a variety of stakeholders (internal and external to the organization) to understand and assess cybersecurity strengths, weaknesses, and gaps in adherence to controls with the ability to develop solutions and documentation to address identified security coverage gaps.
  • Cyber security business and systems subject matter expertise - especially in Application security, Data Security, Data Governance, and Network Security domains.
  • Experienced with responding to internal and external audit requests, working with, and communicating to auditors and assessors, understanding the extent of appropriate evidence needed to satisfy audit and assessment requests.
  • Experience with working with enterprise or cybersecurity specific risk registers.
  • Experience with GRC (Governance, Risk, and Compliance) systems or IRM (Information Risk Management) systems.
  • Excellent written skills to be used in the development, review, and refinement of cybersecurity standards, SOPs, and policy with communication skills (verbal and written) to communicate to all levels of the organization.
  • Proven experience supporting data security risk teams with demonstrated business process, workflow, task analysis, and metrics/results measurement. Exposure to user-acceptance testing and requirements analysis knowledge.
  • Proven ability to elicit, document, analyze and verify requirements.
  • Advanced written and verbal communication skills.
  • Excellent organizational, analytic, and problem-solving skills with the ability to set priorities and handle multiple projects concurrently with attention to detail.
  • Position requires a bachelors degree in Cyber Security, Information Technology, Computer Science, Business or relevant work experience in application security analysis, security risk, systems analysis experience with direct Business Analyst experience.
  • Excellent interpersonal skills including the ability to build consensus and agreement and bring resolution to contentious issues and entrenched interests.
  • Knowledge of AGILE and/or Waterfall SDLC methodologies.
  • Excellent knowledge of MS Office tool set - MS Word, MS Excel, MS Project and MS Visio.

Preferred:

  • Security Certification (CISSP, CRISC, CISA or SANS GIAC certifications in relevant areas).
  • Understanding of data analysis and modelling.
  • Knowledge of cloud security controls (AWS / Azure)
  • Experience with SAI Globals Compliance360 Enterprise Risk Management and Risk Intelligence Manager modules.
  • Audit experience.
  • Experience evaluating security controls in a mainframe environment.

 

Position Details

POSTED:

Dec 02, 2022

EMPLOYMENT:

INDUSTRY:

SNAPRECRUIT ID:

S16583616818028100

LOCATION:

United States

CITY:

Washington

Job Origin:

OORWIN_ORGANIC_FEED

A job sourcing event
In Dallas Fort Worth
Aug 19, 2017 9am-6pm
All job seekers welcome!

Senior Security Engineer (Cybersecurity Risk Management)    Apply

Click on the below icons to share this job to Linkedin, Twitter!

<ul> <li>Position is in the Cybersecurity Risk Management Department</li> <li>Position requires 5-8 years experience.</li> <li>Knowledge of several of the following frameworks/regulations: NIST Special Publication 800-53 Rev. 4 /5 Security and Privacy Controls for Information Systems and Organizations, the HIPAA Security and Privacy Final Rule (45 CFR Part 164), NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, NIST CSF, NIST RMF, FedRAMP, HITRUST, CIS benchmarks, CIS Top 20, Cloud Controls Matrix (CCM), COBIT, CMMC, ISO 27001.</li> <li>Knowledge of developing SSPs based on NIST 800-171, 800-53, and FedRAMP.</li> <li>Experience in conducting security and privacy risk assessments, completing risk exception and acceptance requests using SIG, SOC2 Type 2, and other security attestation documents.</li> <li>Skilled at working with a variety of stakeholders (internal and external to the organization) to understand and assess cybersecurity strengths, weaknesses, and gaps in adherence to controls with the ability to develop solutions and documentation to address identified security coverage gaps.</li> <li>Cyber security business and systems subject matter expertise - especially in Application security, Data Security, Data Governance, and Network Security domains.</li> <li>Experienced with responding to internal and external audit requests, working with, and communicating to auditors and assessors, understanding the extent of appropriate evidence needed to satisfy audit and assessment requests.</li> <li>Experience with working with enterprise or cybersecurity specific risk registers.</li> <li>Experience with GRC (Governance, Risk, and Compliance) systems or IRM (Information Risk Management) systems.</li> <li>Excellent written skills to be used in the development, review, and refinement of cybersecurity standards, SOPs, and policy with communication skills (verbal and written) to communicate to all levels of the organization.</li> <li>Proven experience supporting data security risk teams with demonstrated business process, workflow, task analysis, and metrics/results measurement. Exposure to user-acceptance testing and requirements analysis knowledge.</li> <li>Proven ability to elicit, document, analyze and verify requirements.</li> <li>Advanced written and verbal communication skills.</li> <li>Excellent organizational, analytic, and problem-solving skills with the ability to set priorities and handle multiple projects concurrently with attention to detail.</li> <li>Position requires a bachelors degree in Cyber Security, Information Technology, Computer Science, Business or relevant work experience in application security analysis, security risk, systems analysis experience with direct Business Analyst experience.</li> <li>Excellent interpersonal skills including the ability to build consensus and agreement and bring resolution to contentious issues and entrenched interests.</li> <li>Knowledge of AGILE and/or Waterfall SDLC methodologies.</li> <li>Excellent knowledge of MS Office tool set - MS Word, MS Excel, MS Project and MS Visio.</li> </ul> <p>Preferred:</p> <ul> <li>Security Certification (CISSP, CRISC, CISA or SANS GIAC certifications in relevant areas).</li> <li>Understanding of data analysis and modelling.</li> <li>Knowledge of cloud security controls (AWS / Azure)</li> <li>Experience with SAI Globals Compliance360 Enterprise Risk Management and Risk Intelligence Manager modules.</li> <li>Audit experience.</li> <li>Experience evaluating security controls in a mainframe environment.</li> </ul> <p> </p>


Please wait..!!