Security Engineer

What we're looking for...

The position will assist with the development, implementation, and execution of an corporate risk management/assessment program including performing risk assessments and contract evaluations for vendors and customers. The position requires a strong understanding of information security controls, including frameworks such as NIST and ISO27001. Additionally, this position requires that the applicant have a strong understanding of the risk frameworks, operational risks, and the execution of risk management processes and governance.

What you'll be doing...

• Manage the overall capabilities and operating framework of the Risk Management Program (structure, people, and project delivery processes), articulating the service delivery process, and managing the measurement metrics.
• Coordinate and perform a full cycle of the third-party security risk management activities, including risk identification, assessment, mitigation, monitoring, and reporting
• Coordinate and conduct Vendor Risk assessments, review documentation provided (including independent assessments, certifications, pen-test, etc.) and issue reports
• Coordinate and conduct customer security reviews
• Collaborate with internal and external auditors to ensure that appropriate controls are installed, operating properly, and being monitored and reported
• Support inquiries into the cybersecurity program and its operations. Respond to client questionnaires and support client engagements.
• Understand and keep abreast of emerging technologies and how they can impact the business.
• Significant experience in collaborating across organizational boundaries and building partnerships across various functions
• Comply with delivery SLA's and provide periodic status updates including potential risks and delays to the project delivery to project manager. 
• Support various GRC efforts such as third party due diligence, security awareness and data loss prevention

Qualities you possess...

• Bachelor's Degree or equivalent required
• Applicable certifications are desired
• 5 years experience in IT audit/Security Assessment/Certification
• Understanding of third-party risk management techniques, security IT control evaluation, and security control management lifecycle
• Professional designations preferred: CISSP, CRISC, CISA, CTPRP, CDPSE, Security+, CISM
• Proven experience in Information Security and Risk Management and/or compliance
• Prior experience assessing SOC 2 reports is preferred
• Able to resolve highly complex and technical business problems.
• Familiarity with GRC tools and 3rd party risk assessment tools
• Strong understanding of information security principles, architecture, and methodologies (including control design and risk assessment)
• Solid understanding of IT audit and security control evaluation methodologies
• Solid understanding and experience with security risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting
• Understanding of COBIT, ISO27000, NIST CSF, SOC 2and/or HITRUST frameworks
• Knowledge of single sign-on integration with on premise and cloud toolset
• Knowledgeable of Network Design and Project Management methodologies
• Highly Organized and Self-Motivated, with Strong attention to detail
• Excellent written and verbal communication skills
• Highly Adaptable to changing priorities (high flexibility)

About ScienceLogic

 ScienceLogic is a leader in IT Operations Management, providing modern IT operations with actionable insights to resolve and predict problems faster in a digital, ephemeral world. Its solution sees everything across cloud and distributed architectures, contextualizes data through relationship mapping, and acts on this insight through integration and automation.

www.sciencelogic.com