Information Protection Engineer
Apply on
GoAhead Solutions a great opportunity in Rochester, NY for an Information Protection Engineer. This would be Twelve month contract to start out with possible extension.
Job Description:
Ideal candidate will have a strong background in information security and a CISSP certification. This role focuses on security reviews, Security Policy Development and optimization. GRC compliance, and driving NIST compliance within our GRC platform Eramba. This role is critical to the organization ensuring sensitive data is private and secure.
Key Responsibilities:
-Security Measures: Design and implement security protocols to protect data, networks, and systems. Regularly test and update these protocols to ensure maximum effectiveness.
-InfoSec Policy Development: Develop, document, and enforce security policies and procedures. Regularly review and update policies to reflect new threats and compliance requirements. Ensure policies align to SOC2 Compliance and other industry standards.
-Vulnerability Assessments: Conduct regular assessments to identify and mitigate security weaknesses. Provide detailed reports and recommendations based on assessment findings. Particularly evaluating SaaS products and services the organization may interact with.
-Security Architecture: Design and maintain the security architecture of the organization. Collaborate with other IT teams to integrate security measures seamlessly.
-GRC Platform Management: Work within our GRC platform (Eramba) to help drive NIST compliance. Ensure all compliance activities are tracked and reported accurately, and provide guidance on best practices.
-SOC 2 Compliance: help organizations maintain a robust security posture and ensure the protection of sensitive data.
Qualifications:
-CISSP certification required.
-Good communication and written communication skills to properly and effectively communicate security risk to non-IT business partners
-Proven experience in information security, particularly in security reviews and GRC compliance.
-Strong understanding of NIST frameworks and standards.
-Excellent analytical and problem-solving skills.
-Ability to develop and enforce security policies and procedures.
Must have Experience:
-7+ years of experience in information security, particularly in security reviews and GRC compliance using a tool like Eramba or other.
-7+ years of experience developing and enforcing security policies and procedures.
-7+ years of working experience with SOC 2 compliance framework.