IT Compliance and Security awareness:
This opportunity will allow you to further expand and apply your skills to solve critical business and data protection related challenges as part of a team driving strategic governance programs, data security, and system hardening activities. This includes:
IT Compliance :
•Assessing organizational compliance with regulatory and legal requirements, but strategically helping teams think through the best way to manage risk in accordance with security best practices.
•Assisting teams with system and application hardening initiatives by identifying, researching, and evaluating security controls and compliance requirements and presenting them to relevant stakeholders.
•Serving as a liaison and foster strategic working relationships with legal, technical architects, engineering teams, and the business to inform them of IT controls or
requirements as well as ensure security standards are being met.
•Assisting with regulatory related projects such as gap assessments, annual audits, remediation tracking, and secure configuration management.
•Providing security and compliance consultation on new projects pertaining to HIPAA, NYC Privacy regulations, PCI DSS, cloud security, data privacy, SOX, etc.
•Assisting in third party risk management assessments to evaluate the security of vendors and hosted solutions based on approved information security standards.
•Providing in-depth analysis of security risks to the leadership team to make decisions that protect FDNY.
•Conducting security assessments to identify and mitigate potential security weaknesses and ensure that all relevant security features applicable to a system are implemented and functional.
•The Analyst will maintain the global security awareness training program that consists of managing security awareness training for new hires and existing associates using a third-party security awareness solution creating and launching monthly phishing simulations through the third-party solution creating and launching role-based training for key roles (e.g., executives, privileged users) while tracking and reporting training completion status.
•Develop relevant and targeted security awareness topics and work with corporate communications to determine alternative methods to distribute and socialize these relevant awareness topics throughout the year.
•Develop metrics to measure the success of the security awareness program.,
•Provide input to development and maintenance of information security policies, standards, and procedures.
•Conduct ongoing research on industry common practices for security awareness training and apply these practices to enhance the awareness program.
This position will support the Manager in executing project activities, including project management, stakeholder engagement, and reporting.
•Bachelors Degree in Management Information Systems, Computer Science, Information Security; or other analytical disciplines or equivalent experience
•At least four years of combined experience in Information Security, Compliance, Technology Audit, as well as security awareness topics.
•Experience with security control frameworks such as ISO 27001, COBIT, NIST, PCI DSS, HITRUST, SOX, HIPAA, etc.
•Working knowledge of audit methodologies, security assessment tools and monitoring methodologies.
•Experience with creating and launching phishing simulations
•Experience with using third party security awareness solutions to manage awareness training and executing phishing campaigns.
•Strong written and verbal communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences
•Excellent analytical and problem-solving skills to perform find resolutions and assist with making contributions for process improvements, and
•Ability to work independently and in team settings, and multi-task effectively
•Following certifications are desirable: CISA, CISM, CRISC, CCSP, and/or CISSP
•Operating system security and hardening experience
•Experience evaluating the security infrastructure for a large enterprise
•General understanding of networking and firewall concepts
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.