Security Engineer
Reston, VA
Applications have closed
ScienceLogic
Empower your IT staff & propel your digital transformation with ScienceLogic's AIOps and IT infrastructure monitoring platform.What we're looking for...
The position will assist with the development, implementation, and execution of an corporate risk management/assessment program including performing risk assessments and contract evaluations for vendors and customers. The position requires a strong understanding of information security controls, including frameworks such as NIST and ISO27001. Additionally, this position requires that the applicant have a strong understanding of the risk frameworks, operational risks, and the execution of risk management processes and governance.
What you'll be doing...
- Manage the overall capabilities and operating framework of the Risk Management Program (structure, people, and project delivery processes), articulating the service delivery process, and managing the measurement metrics.
- Coordinate and perform a full cycle of the third-party security risk management activities, including risk identification, assessment, mitigation, monitoring, and reporting
- Coordinate and conduct Vendor Risk assessments, review documentation provided (including independent assessments, certifications, pen-test, etc.) and issue reports
- Coordinate and conduct customer security reviews
- Collaborate with internal and external auditors to ensure that appropriate controls are installed, operating properly, and being monitored and reported
- Support inquiries into the cybersecurity program and its operations. Respond to client questionnaires and support client engagements.
- Understand and keep abreast of emerging technologies and how they can impact the business.
- Significant experience in collaborating across organizational boundaries and building partnerships across various functions
- Comply with delivery SLA's and provide periodic status updates including potential risks and delays to the project delivery to project manager.
- Support various GRC efforts such as third party due diligence, security awareness and data loss prevention
Qualities you possess...
- Bachelor's Degree or equivalent required
- Applicable certifications are desired
- 5 years experience in IT audit/Security Assessment/Certification
- Understanding of third-party risk management techniques, security IT control evaluation, and security control management lifecycle
- Professional designations preferred: CISSP, CRISC, CISA, CTPRP, CDPSE, Security+, CISM
- Proven experience in Information Security and Risk Management and/or compliance
- Prior experience assessing SOC 2 reports is preferred
- Able to resolve highly complex and technical business problems.
- Familiarity with GRC tools and 3rd party risk assessment tools
- Strong understanding of information security principles, architecture, and methodologies (including control design and risk assessment)
- Solid understanding of IT audit and security control evaluation methodologies
- Solid understanding and experience with security risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting
- Understanding of COBIT, ISO27000, NIST CSF, SOC 2and/or HITRUST frameworks
- Knowledge of single sign-on integration with on premise and cloud toolset
- Knowledgeable of Network Design and Project Management methodologies
- Highly Organized and Self-Motivated, with Strong attention to detail
- Excellent written and verbal communication skills
- Highly Adaptable to changing priorities (high flexibility)
About ScienceLogic
ScienceLogic is a leader in IT Operations Management, providing modern IT operations with actionable insights to resolve and predict problems faster in a digital, ephemeral world. Its solution sees everything across cloud and distributed architectures, contextualizes data through relationship mapping, and acts on this insight through integration and automation.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Automation CISA CISM CISSP Cloud COBIT Compliance CRISC Governance HITRUST ISO 27000 ISO 27001 Monitoring NIST Risk assessment Risk management Security assessment SOC SOC 2
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs