Technology Risk Lead
First Quality
full-time
Posted on:
Location Type: Remote
Location: North Carolina • South Carolina • United States
Visit company websiteExplore more
Job Level
About the role
- Responsible for the development and delivery of First Quality’s Information Security Program which includes information security risk management across First Quality Enterprises
- Ensure that all physical and digital information assets and technologies, as well as employee, client and First Quality data are adequately protected
- Define and mature the second line of defense and provide management with updates on the overall security posture of the organization
- Lead the following Information Security Programs: Enterprise Technology Risk Management, Data Governance, Security Awareness & Training, and Compliance and supporting daily functions
- Conduct IS technical risk assessment of First Quality systems and platforms against industry standards and frameworks such as the Center for Internet Security (CIS)
- Identify system misconfigurations, weaknesses, gaps, and associated risks across numerous platforms
- Work with the security team and engage with cross-functional departments to advise on best security practices for new and existing business led projects
- Track security metrics, analyze trends, and deliver practical solutions that align with both security and business objectives
Requirements
- B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent)
- Security certifications such as CompTIA Security +, CISSP, CISA, CCNA or equivalent or working towards certification is preferred
- 6+ years’ experience working directly in an Information Security or Information Technology department with experience in developing testing security frameworks for compliance
- Hands-on experience assessing security configurations in Windows/Mac/Linux environments, Azure and other cloud environments, SQL and Oracle databases
- Experience with Netskope, Azure Purview, OneTrust or similar GRC tools is a plus
- Experience with Operational Technology (OT) environments and securing manufacturing devices a plus
- Strong knowledge & understanding of endpoint, server, network design and topologies
- Strong understanding of a "hacker’s" mentality
- Excellent written and oral communications skills; ability to lead discussions, present complex ideas to audiences of all sizes, and interact with all levels of the organization
- Ability to self-manage, work independently with little direction and/or supervision but also work collaboratively in a team environment
- Working knowledge of the following frameworks and regulations: ISO 27001/2, NIST 800-53, NIST CSF, CIS Benchmarks, ISF Standard of Good Practice, HIPAA Privacy Rule and Security Rule, MITTRE ATT&CK framework
- Ability to prioritize and multitask and a work approach that supports flexibility and adaptability is paramount
- Detail oriented and ability to think outside of the box to propose solutions to risks
- Ability to communicate security risks to non-technical business stakeholders
Benefits
- Competitive base salary and bonus opportunities
- Paid time off (three-week minimum)
- Medical, dental and vision starting day one
- 401(k) with employer match
- Paid parental leave
- Child and family care assistance (dependent care FSA with employer match up to $2500)
- Bundle of joy benefit (years’ worth of free diapers to all team members with a new baby)
- Tuition assistance
- Wellness program with savings of up to $4,000 per year on insurance premiums
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
information security risk managementsecurity frameworkssecurity configurationsWindowsMacLinuxAzureSQLOracleendpoint security
Soft Skills
excellent written communicationexcellent oral communicationleadershipself-managementcollaborationflexibilityadaptabilitydetail orientedproblem solvingpresentation skills
Certifications
CompTIA Security +CISSPCISACCNA