Information Security Officer at Aculocity

JOB SUMMARY

The Information Security Officer is an individual contributor focused on the administrative, governance and operational support aspects of the GVW Group information security program. The Information Security Officer will continually assess and improve program maturity through the application of an organizational security framework and promoting program initiatives. The Information Security Officer will support the evaluation, development, and implementation of security policies, procedures, guidelines, and auditing, covering a broad range of program components to include risk management, vulnerability management, penetration testing, training and awareness, Identity and Access Management (IAM), and compliance support. The Information Security Officer is expected to be familiar with applicable security regulations, standards, industry best practices, and collaborate with other teams to facilitate necessary changes.

JOB RESPONSIBILITIES

• Align with and support the execution of the information security program vision/strategy and promote security projects and initiatives
• Assist in the advancement of the information security program through a continuous audit, control gap analysis, risk assessments, policy/procedure development, and security incident response support
• Understand current and emerging security threat landscape and contribute to security architecture design enhancements
• Assist in facilitating information security awareness and training efforts to promote a culture of security throughout the organization.
• Work in close collaboration with other IT teams and business stakeholders to assess existing controls and supporting processes
• Maintain a working knowledge of organizational information security policies, standards, and procedures based on industry best practices and compliance requirements
• Assist in the information security incident response process as applicable
• Assist in supporting internal and external audits and compliance efforts
• Support security architecture efforts and provide consulting support for various security solutions and IT projects

JOB REQUIREMENTS

• Bachelor's degree in computer science or related discipline
• Security industry certification (e.g., CISA, CISM, CISSP, Palo Alto, Microsoft) preferred
• 5+ years of experience in multiple IT disciplines
• IT cyber risk reduction, governance, compliance, and frameworks (ISO, NIST, PCI, CIS)
• Direct information security experience preferred with some technical exposure

ESSENTIAL JOB FUNCTIONS

• Experience in server, network, database, cloud, and application security hardening
• Experience with an emphasis on the design of security solutions and/or project management
• Risk assessment and mitigation strategies
• Incorporate security best practices and frameworks in the SDLC
• Work with all areas of the business for any needs in PCI, NIST, ISO compliancy
• Disaster recovery and business continuity guidance, testing, and documentation
• Some technical abilities on firewalls, SIEM, SOAR, and security analysis products
• Familiar with Microsoft 365 Compliance manager, AWS and Azure Cloud security modelling
• Outstanding organizational, interpersonal, and communication (written and verbal) skills
• Strong analytical and problem-solving skills

PREFERRED SKILLS

• A foundational understanding of IT infrastructure and life-cycle support
• Ability to think strategically about business, product, technical, and compliance challenges
• Attention to detail, organized and able to work and research independently

Competencies:

• Analytical thinking: Tackle a problem by using a logical, systematic, sequential approach.
• Diagnostic Information Gathering: Identify the information needed to clarify a situation, seek that information from appropriate sources, and use skillful questioning to draw out the information, when others are reluctant to disclose it.
• Building Collaborative Relationships: Develop, maintain, and strengthen partnerships with others inside or outside the organization who can provide information, assistance, and support.
• Organization and Planning: Plan, organize, schedule, and budget in an efficient, productive manner. Focus on key priorities and get these done.
• Technical Expertise: Demonstrate depth of knowledge and skill in a technical area.
• Thoroughness: Ensure that one’s own and others’ work and information are complete and accurate; carefully preparing for meetings and presentations; follow up with others to ensure that agreements and commitments have been fulfilled.
• Written Communication: Express oneself clearly in business writing