Security Testing, Validation and Assurance - Itasca, United States - Mitchell Martin Inc

Description

Our Client, an American global insurance company, is seeking an Security Testing, Validation and Assurance

Location: Remote
Position Type: Contract

Job Summary:

The Security Testing, Validation and Assurance role will engage on worldwide programs, mergers and acquisitions that affects Client from an information security perspective. The core responsibility is testing individual controls or a set of controls to validate they are deployed appropriately and working effectively. Additionally, the role will be responsible for assuring that security requirements is met through the collection of evidence as required for security audits and certification assessments. Reports To: Head of Global Cyber Architecture and Engineering

Responsibilities:

• Client is a rapidly growing organization, and it is imperative that our information security posture is applied across our growing family of organizations and businesses. This role will lead and manage security testing and validation to achieve reasonable confidence that IS/IT systems perform against acceptable risk objectives in the way intended or claimed.
• Establishes strong relationships with peers and leaders across the Global Technology and Cybersecurity teams, with a goal of brokering positive outcomes for the organization; while, at the same time obtain assurance in the demonstrated ability of IS/IT systems to perform required security objectives, and that safeguards will function as intended.
• Examines deliverables and associated security design documentation in relation to security requirements and controls; assesses the processes implemented by people affecting the quality of security in the operation of the deliverable; assesses and examines the environmental factors that contribute to the security of the systems and operations of the deliverable.
• Provides subject matter expertise around a variety of security domains including data protection, identity and access management, cloud security, application security, network security, and resource and platform security. Provides guidance to delivery teams on the remediation of issues identified during security testing and validation.
• Possesses an understanding of the progression and use of data within organizations in order to assist with designing and implementing secure business systems, including databases, networks, and applications. Provides guidance to delivery teams on implementation of security controls.
• Works closely with Security Program Management to collect and archive evidence required for security audits and certification assessments. Ensures security validation documentation is up-to-date and keeps key stakeholders informed with required follow-ups.
• Communicates progress and results from security testing and validation to program leadership with a primary focus on increased assurance of security controls and reduced uncertainty associated with risk vulnerabilities that security controls are intended to address. Remains mindful of delivery risk and proposes risk mitigation strategies where appropriate in order to drive progress and escalate as necessary.

Required Qualifications:

• 5+ years of relevant experience within Cybersecurity domains, with a focus on security testing, validation and assurance. Security-related certification is a plus.
• 10+ years of relevant experience in Information Systems and Information Technology.
• Preferred candidate will have had experience with Microsoft Azure Security, Azure Key Vault, CyberArk, IBM QRadar, Palo Alto Network Security, Trellix Security Products, Zscaler, Veritas.
• Capable of interpreting security standards and requirements, and how implemented, and communicating such to audiences with varied levels of technical security understanding.
• Experience with security-related engagements involving quality assurance, audits, third party assessors, and industry-specific compliance frameworks such as FAIR, NIST, HITRUST CSF
• Expertise in advising developers and architects on security best practices for platform services, network and application deployments in both on-prem and cloud environments.
• Strong interpersonal, teamwork, and communication skills; ability to rely on experience and judgment to execute role and accomplish goals consistent with enterprise objectives.
• Able to stand firm on issues yet be flexible and creative when working with partners to find effective solutions; adept in seeing "past the project" and to understand long term goals.
• Able and willing to perform a variety of tasks to ensure the success of the team and deliverables.
• Role is remote, but candidate will be expected to work Central Time with Partners working GMT