Compliance Officer & Sr. Security Engineer
ICE Consulting
Milpitas, california
Job Details
Not Specified
Full Job Description
- Assist clients with meeting regulatory compliance and certification needs
- The Senior IT Compliance Analyst will be a contributing member of the Information Technology (“IT”) Compliance Department.
- Performs audit controls testing, advisory, and consultancy work, documentation and report writing.
- Supervises audit, advisory and consultancy engagements.
- Ensures previously reported management corrective actions are fulfilled.
- Drive adoption, monitor governance, and measure overall process maturity against relevant regulations including HIPAA, CMMC, HITRUST PII, PCI, etc. and any additional governance, risk, and policy-related requirements.
- Oversee IT policy lifecycle including the development and implementation of new policies, updates to existing policies, and monitor policy governance.
- Lead Security metrics program to define and measure team performance and facilitate changes that drive continuous improvement.
- Engage with client leadership team and other key stakeholders to routinely update the company’s regulatory compliance to ensure proper alignment with business strategic goals and effective risk mitigation.
- Advise clients and business partners on proper integration and execution of security, governance, and risk management requirements in operational processes.
- Work closely with security, IT engineers, and other key stakeholders to define and support the security vision, strategy and product roadmap ensuring alignment with IT and business priorities.
- Partner with the sales team and channel partners to understand our customer’s security needs, strategize on how to resolve problems, and support the sales and consumption lifecycles.
- Develop security thought leadership by publishing weekly blogs, quarterly white papers, and yearly eBooks, and annual conference speaking engagements. Developing a security assessment with ability to create roadmaps, business cases and transformation recommendations.
- Build end-to-end security solutions.
- Strong client facing skills and a good listener. Ability to push a point/right solution to different stakeholders (both technical and non-technical)
- Develop end-to-end security technologies and architecture, ideally from more than one industry.
- AWS/AZURE design and implementation experience
- Developed companies’ SIEM architecture among other security solutions.
- Excellent verbal and written communications skills; excellent presentation and facilitation skills
- Possess the ability to clearly articulate the pros and cons of technology choices and solution design decisions and to construct and present rational options to clients and prospective clients on the options they have.
- Comfortable facilitating group discussions and leading client strategy and design activities; able to translate client needs and opportunities into architecture specifications that can be referred to by the analyst, development, and migration teams.
- Have a focus on getting the job done and done properly.
- Be willing to learn, grow and stretch into new roles and different industries/domains.
- Responsible for designing the security target architecture and experience in writing detailed design documentation.
Requirements
Minimum Qualifications
- 5 to 8 years of related IT audit/Governance/controls experience required.
- Experience with CMMC, HITRUST, SOC2, PCI, NIST, etc. required.
- CISA, CISSP or related certification preferred.
- Excellent communication skills to work and influence client leadership and other key stakeholders
- Ability to influence teams that establish direction, create an atmosphere of trust, leverage diverse views, encourage dialogue, and encourage improvement and innovation
- Identifying and resolving issues quickly and effectively with ability to make timely decisions
- Preparing and presenting concise, accurate and complex written and verbal documents
- General knowledge of and ability to enhance adoption and maturity of ITIL, NIST, ISO, RACI or other governance and control frameworks.
- Working knowledge of information security program concepts, practices, and standards as well as practical experience in the design, documentation, and implementation of operational processes
- An energetic, forward-thinking and creative individual with high ethical standards and a positive professional image.
- Ability to be flexible and able to function comfortably in a fast paced, constantly changing and ambiguous environment.
- Comfortable telling people "no" and offering other options
Qualifications:
- 8+ years of industry, customer-facing, and hands-on implementation experience with a core focus on security, encryption, and identity and access management concepts and technologies
- 5+ years of security support, In-depth working knowledge of cloud platforms (at least one of the following: AWS, Azure, GCP), and its corresponding security and networking architecture and technologies
- Ability to build out demos and test use cases on various security products.
- Ability to create security and networking related reference architectures and articulate them to a customer audience.
- Proven track record of successful project delivery results
- AWS/Azure security and / or networking specialty related certification achievement is a plus.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, presentation and whiteboarding skills to a large audience, and the ability to successfully communicate security and risk-related concepts to technical and nontechnical audiences.
- Ability to work independently and repeatedly accomplish all work within Project plan.
- Commercially astute with exceptional written and verbal communication skills
- Experience working within both project-centric and project matrix resourcing models.
- Ability to travel in accordance with requirements of assignment/client.
- Experience in SIEM, Software Defined Networking, Network segmentation, Cybersecurity, and NIST
- Has lead Security assessments.
- Presentation and communication skills for senior management and C-class executive levels
- Experience developing the transformation strategy.
- Experience designing the security target architecture and experience in writing detailed design documentation.
- Maintain open communication amongst stakeholders.
- Identify potential project risks and incorporate risk mitigation strategy and contingency plan.
- Familiar with ITIL processes
- Bachelor’s degree in information security, Computer Science, Information Management Systems, or related field required. Master’s preferred.
- 5+ years’ experience with tools like OKTA, FortiNet, Azuze Sentinel, PAN, HPE Aruba, etc.