This position will help safeguard the organization's information through the performance of risk assessments, influence on policy and standards and contribution to security awareness. In this role your skills, experience and knowledge of information security will help the organization ensure vendors, applications and organizational changes occur within the boundaries of the organization's risk tolerance.
This role participates in projects and risk assessments as a security consultant or advisor on risk, helps in raising awareness across the organization's employees and identifies changes to our governance program to ensure alignment between operations and policy. Staying current with industry specific security trends and changes in regulations and providing detail to project teams regarding security requirements. Creates and presents risk assessment deliverables for applications, vendors, controls and threats.
location: Saint Paul, Minnesota
job type: Permanent
salary: $90,000 - 110,000 per year
work hours: 9 to 5
- Participates in projects and assessments on risk.
- Analyzes and defines security policies and standards.
- Monitors, alerts and responds to security events.
- Performs computer forensic and investigative activities; and penetration and vulnerability testing.
- Defines and administers identity and access roles and workflows.
- Influencing and strengthening information security in the organization.
- Identifying changes to the Information Security Program based on changes to the threat landscape and in solutions and controls to safeguard against risk.
- Possesses a holistic view of an Information Security Program and the role of key components to ensure protection of information.
- Exposure to industry standard Risk Assessment approaches such as NIST 800-30.
- Ability to drive assessments through interviews and relationships to understand and quantify appropriate risks.
- Participates in projects and assessments on risk determination for vendors, systems, applications and controls.
- Ability to identify, quantify and communicate risk to customers with a wide variety of backgrounds (technical and business).
- Effective communication skills enabling communication of complex information to various audiences both verbally and in writing.
- Ability to establish trust with partners through demonstration of knowledge and commitment to security.
- Strong knowledge and understanding of the role of technical, administrative and physical controls in securing information.
- Confidence to recommend changes and improvements to the security program.
- Ability to manage multiple projects and engagements simultaneously.
qualifications: Required Qualifications:
- Typically requires:
- Bachelor's degree and at least 8 years of experience in information technology and 1 year lead experience OR,
- Master's degree and at least 6 years of experience in information technology and 1 year lead experience OR,
- At least 10 years of experience in information technology and 1 year lead experience.
- Knowledge of pertinent regulations to understand drivers for controls and adherence to program. Specific regulations and security standard knowledge for GLBA, PCI, HIPAA, FFIEC.
- Industry relevant certifications such as CISSP, CCSP, CRISC, CISA, CGEIT, Security +.
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.