Epicareer Might not Working Properly
Learn More

Security Engineer - GRC

Salary undisclosed

Apply on


Original
Simplified
Job#: 2052062

Job Description:

Title: Security Engineer- GRC

Location: 100% remote

Schedule: M-F day hours- 40 hour weeks

Pay: $60-65/hr

Type: Long-term contract

JOB DESCRIPTION

We are seeking a dynamic Lead Consultant with strong consultative skills to serve as a GRC Advisor This role will serve on project teams with clients to assess, design, and implement secure technologies and services.

RESPONSIBLITIES
  • Conduct compliance and security assessments, architect and implement controls, provide remediation support, and draft governance documentation
  • Strong understanding and past performance of assessment and implementation of PCI DSS
  • Use of other common security and privacy standards such as NIST, HIPAA, ISO/IEC, GDPR, CCPA, etc.
  • Advise senior leadership and key stakeholders on strategic security matters to align security programs with business objectives
  • Assess and understand our client's current security posture and future architecture, providing a viable solution path to bridge the gap using industry and vendor best practices
  • Lead security technology evaluation and selection processes
  • Advise on proper configuration and maintenance of security tools and systems
  • Develop functional and design specifications for client work products
  • Advise legal/compliance teams and assist with security investigations and litigation
  • Create and deliver reports, metrics, and dashboards on program effectiveness for executives
  • Develop security architectures and roadmaps to strengthen our customer's defenses
  • Stay attuned to customer business needs and objectives to align security priorities and requirements
  • Design and evaluate security tools to assist our clients, including and not limited to asset management, identity and access management, cloud logging/monitoring, threat and vulnerability management, platform hardening, resiliency and redundancy, data security, and security infrastructure.
  • Review cloud technologies and products for security implications and risks for our clients
  • Maintaining awareness of trends and changes in the Cybersecurity industry and threat landscape


JOB REQUIREMENTS

  • 6+ years of hands-on experiencing performing security assessments and remediation support
  • Hands-on experience with threat modeling, risk assessments, and security audits and ability to identify vulnerabilities and mitigate risks
  • Bachelor's degree in Information Security, Information Systems Management, Computer Science, Engineering, or related field
  • Experience with security and privacy frameworks like CIS Controls, ISO/IEC 2700x, MITRE ATT&CK, NIST Cybersecurity Framework, GDPR, FedRAMP etc.
  • Technical or professional certifications and certificates (e.g., ISC2, ISACA, PCIP, PCI QSA, etc.)
  • Experience working with different cloud security products and cloud types
  • Experience creating a security roadmap with estimates for complexity and cost; including people, process, & technology inputs
  • Experience managing a backlog of activities and delivery teams consisting of technical and non-technical professionals
  • Excellent written and verbal communications skills and an ability to maintain a high degree of professionalism in all client communications
  • Ability to influence others, build relationships, and manage conflicts
  • Highly motivated, consultative, problem-solving mindset
  • Leadership experience and executive level communication and facilitation skills across technical and non-technical stakeholders
  • Experience with brief management, as needed, on the status of action items and/or results of these activities
  • In-depth knowledge of information security principles, technologies and best practices
  • Technical expertise with security tools and technologies like firewalls, VPNs, IDS/IPS, SIEM, DLP, encryption, access controls, vulnerability management, etc.
  • Experience with security monitoring, incident response and knowledge of cyber threats and attack vectors
  • Working knowledge of cloud security best practices for AWS, Azure, and/or Google Cloud Platform
  • Working knowledge of data security such as encryption, key management, tokenization, etc.
  • Working knowledge of security monitoring tools - Security Information & Event Management (SIEM), user behavior analytics, network traffic analysis, etc.
  • Working knowledge of application security concepts - secure SDLC, static/dynamic analysis, web app scanning, fuzzing, pen testing, etc.
  • Working knowledge of identity security such as access and privilege management solutions - LDAP, AD, SSO, MFA, IAM (e.g., SailPoint, Saviynt), PAM (e.g. CyberArk), etc.
  • Working knowledge of security awareness training, phishing simulations, social engineering and physical security principles
  • Experience with managing the overall success of information security programs
  • Ability to liaise with legal/compliance teams regarding security regulations and legal obligations.
  • Experience in developing information security policies, standards and procedures
  • Excellent communication skills, including demonstrated proficiency in clearly communicating technical concepts to non-technical audiences in business terminology


EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or .

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job