W2 Candidates Only NO C2C
Top 3 Required Skills
- 7+ years of experience in information security, particularly in security reviews and GRC compliance using a tool like Eramba or other (Eramba is preferred)
- 7+ years of experience developing and enforcing security policies and procedures
- 7+ years of working experience with SOC 2 compliance framework
Job Description
Ideal candidate will have a strong background in information security and a CISSP certification. This role focuses on security reviews, Security Policy Development and optimization. GRC compliance, and driving NIST compliance within our GRC platform Eramba. This role is critical to the organization ensuring sensitive data is private and secure
Key Responsibilities:
- Security Measures: Design and implement security protocols to protect data, networks, and systems. Regularly test and update these protocols to ensure maximum effectiveness.
- InfoSec Policy Development: Develop, document, and enforce security policies and procedures. Regularly review and update policies to reflect new threats and compliance requirements. Ensure policies align to SOC2 Compliance and other industry standards.
- Vulnerability Assessments: Conduct regular assessments to identify and mitigate security weaknesses. Provide detailed reports and recommendations based on assessment findings. Particularly evaluating SaaS products and services the organization may interact with
- Security Architecture: Design and maintain the security architecture of the organization. Collaborate with other IT teams to integrate security measures seamlessly
- GRC Platform Management: Work within our GRC platform (Eramba) to help drive NIST compliance. Ensure all compliance activities are tracked and reported accurately, and provide guidance on best practices.
- SOC 2 Compliance: help organizations maintain a robust security posture and ensure the protection of sensitive data
Qualifications
- CISSP certification required.
- Good communication and written communication skills to properly and effectively. communicate security risk to non-IT business partners.
- Proven experience in information security, particularly in security reviews and GRC compliance.
- Strong understanding of NIST frameworks and standards.
- Excellent analytical and problem-solving skills.
- Ability to develop and enforce security policies and procedures.