Infosec Engineer, Governance

This position acts as a liaison between business application owners and the greater information security team, fostering trust and engagement. They ensure that Zoox’s information security policies, standards, and processes are followed, and where necessary work through exceptions and compensating controls to enable the business securely. The successful candidate for this role will have experience in one or more of the following areas: information security governance, analyzing and maintaining policy and standards, risk management, compliance, security architecture, and internal security consultation.

Responsibilities

• Act as a security consultant on company initiatives to ensure security design is included throughout the company initiatives.
• Perform security assessments utilizing industry-standard security control frameworks.
• Coordinate and collaborate with cross-functional teams, IT teams as required to help identify and protect sensitive data.
• Perform a key role in establishing and strengthening an information security governance implementation to:
• Improve the quality and protection of sensitive data
• Respond to regulatory protection requirements 
• Become the liaison between multiple groups and stakeholders involved in the cybersecurity security program
• Ability to develop constructing working relationships and manage challenging situations 

Qualifications

• Bachelor’s Degree in computer science or job-related discipline or equivalent experience
• 5+ years of security consulting, architecture, or GRC experience
• 5+ years of security assessment/analysis
• 5 years of experience in a medium to large-sized IT Organization
• Understanding of in industry best practices (ISO, NIST, CIS, etc.) and regulatory requirements
• Understanding of threat prevention, identification, and mitigation technologies
• Understanding and working experience of the cybersecurity kill-chain
• Experience with programming skills (python or similar)