Job Description
As an Information Security Compliance Lead within the Compliance team, you should bring a high level of security compliance-centric focus blended with technical expertise that aligns what we do as a business to our client's mission. The InfoSec Compliance Lead is expected to be well organized, detail oriented, understand and demonstrate compliance documentation writing vocabulary, have current and relevant IT technology experience with a strong security focus, work comfortably under pressure, and deliver on tight deadlines.
You would be responsible for leading the day-to-day information security risk and compliance activities in support of various clients. This position is responsible for establishing a structured approach to aligning cyber/information security with business objectives, while effectively managing risk and meeting various compliance standards in support of legal and regulatory compliance needs and general IT and organizational information security practices.
This position requires an individual who can liaise with key functional teams such as IT, HR, Marketing, Finance, Sales, Legal, Contracts, Supply Chain, and others to identify and manage security standards and best practices that govern information security across any given client.
Responsibilities And Duties
Your responsibilities will be broad and will include, but are not limited to the following:
- Provide accurate analysis and environment scoping guidance to clients to ensure proposed solutions are aligned with compliance controls in the most efficient manner.
- Provide guidance to clients and complete security questionaries submitted by vendors, customers & partners.
- Perform host, network, cloud, application-based, and process-based security control assessments.
- Perform risk assessments/ gap analysis for clients based on their compliance obligations with organizational policies, applicable regulatory and legal requirements, and industry best practices.
- Implement NIST 800-171 and CMMC Levels 1-3 information security management frameworks and standards for internal and external clients.
- Develop and maintain SSP and POAM documentation for in-scope environments.
- Work with our technical teams to remediate controls that govern the protection of our client's information systems, networks, and data, determining technical solutions and recommendations for implementation.
- Own the development of applicable policies, processes, and procedures, working with applicable stakeholders and SMEs as appropriate.
- Deliver and manage security awareness & education programs.
- Monitor and measure compliance and performance, report results.
- Evaluate, mitigate, and manage information security-related risks, supporting the development and implementation of solutions to minimize those risks.
- Help prepare for internal and/or external audits and sustain purpose-driven engagement and effective interaction with auditors to provide relevant evidence and artifacts, remediate findings, and support audit processes for relevant compliance concerns.
- Other duties, as assigned by the jobholder's supervisor, may also be required.
Knowledge, Skills, And Abilities
- Exceptional documentation, communication, presentation, and relationship management skills.
- Highly organized, team player, responsive, positive, excellent collaborator, and critical thinker.
- Familiarity with security tooling such as, Microsoft 365 Admin, Azure Security Center, and Microsoft Cloud App Security (MCAS).
- Experience administering Security Information and Event Management (SIEM) tools (i.e., Sentinel)
- Strong working knowledge of Microsoft tools and cloud-based services, Azure, Office/Microsoft 365, Intune, Multi-Factor Authentication, Defender ATP, Teams, Exchange Online, Sentinel, Microsoft Virtual Desktop, Microsoft Power Platform (Power BI), etc.
- Strong working knowledge of Networking: LANs, WANs, VPNs, Routers, Firewalls, TCP/IP.
- Strong working knowledge of Windows servers and VMWare.
Qualifications
- U.S. (Federal client requirement)
- Bachelor's degree in in Information Technology/Security, Computer (Information) Science, Management Information Systems, or related discipline.
- CISSP or CISM certification strongly . Other industry standard security certifications such as: CCA, CCP, CIPP, CDPSE, CISA, CRISC, CGEIT, etc. desired.
- 10+ years' experience in an information/cyber security, risk, and compliance role to include advising executives, IT management, and other stakeholders on compliant strategies and solutions.
- 7+ years' technical experience using Microsoft-based solutions and products.
- Technical certification strongly such as MCSE, MCSA, Azure, etc.
- Working knowledge of NIST 800-171, NIST 800-53, and/or the Cybersecurity Maturity Model Certification (CMMC) frameworks and standards.
- Familiarity with other compliance frameworks such as FedRAMP, FISMA, SOC, PCI, ISO, HIPAA, HITRUST, etc. is .
You understand and acknowledge that R3 may add to, subtract from, or otherwise modify your duties and job title at any time in its sole discretion. As a member of the R3 team, we would ask for your commitment to deliver outstanding quality and results that exceed client expectations. In addition, we expect your personal accountability in all the products, actions, advice and results that you provide as a representative of R3. In return, we are committed to providing you with every opportunity to learn, grow and stretch to the highest level of your ability and potential.
Compensation details: 110000-150000 Yearly Salary
PIb44931f9869c-31181-35325619