Information Security Engineer

Risk Strategies is a top national specialty insurance brokerage and risk management firm assisting organizations and individuals to simplify the process of protecting assets, offering benefits and minimizing liability. With over 100 offices and 3,300 employees across the US & Canada, we thrive on our passion to be ranked a Best Places to Work since 2018 by our most important asset, our employees. For 2020, Risk Strategies was named 6th Fastest Growing Firm, 12th Largest Personal Lines Broker, 11th largest privately-held P&C Broker and the 16th largest US Broker by Insurance Journal.

The selected candidate will be participating in the implementation the systems infrastructure for a ISO 27XXX cyber security governance offering and in the execution of cyber security support services across a variety of insurance delivery business units involving Information Technologies (IT) and 3rd party account management systems that may include privacy data including PII, PCI and HIPPA.

This individual should be a motivated self-starter and have a strong foundation and understanding in state-of-the-art cyber security architectures, hardware, and software implementations for large organization's using either enterprise based and/or cloud based environments. The ideal candidate should be a strong team player with excellent communication skills, both written and oral, be willing to learn and execute on any client requests, and have the ability to interact with all levels of customer staff from the executive level down to highly technical analysts in structured and unstructured situations

Primary Responsibilities and Duties:

• Lead and/or participate in the development of new and innovative cybersecurity related professional services solutions for a large commercial enterprise.
• Lead and/or participate in remote business units to identify cyber security gaps in enterprise IT network and systems designs or implementations and recommend mitigation strategies plans to address the identified gaps. Business units maybe part of corporate structure or independent.
• Lead and/or participate in the planning, design, and implementation of cyber security controls in IT organizations in accordance with applicable standards and guidelines.
• Develop policies & procedures recommendations as required for the implementation of IT cyber and systems cyber security and compliance controls.
• Develop content-rich final reports and associated deliverables with results of subject matter expert analyses and improvement recommendations
• Present the results of findings, analyses, and recommendations to corporate stakeholders to include senior or executive leadership
• Direct and oversee 3rd party managed Security Operations Centers. Coordinate security event triage and guide efforts across multiple business units.
• Maintain a broad knowledge of current and emerging state-of-the-art IT cyber systems technologies, architectures, and products.
• Maintain a working knowledge of applicable cyber security standards and guidelines. Position requires (20% - 50%) travel within the United States, with the potential for international travel

Requirements

• Bachelor's degree from an accredited college in a related discipline or equivalent experience/combined education, with 2-3 years of professional IT experience
• Experience with cyber security processes, tools, and technologies and extensive knowledge of best practices regarding their implementation in insurance IT environments
• Knowledge of industry best cyber security practices and standards to include but not limited to the following; ISO 2700x, IEC/ISA 62443, NIST Core Security Framework
• Knowledge and understanding of cyber security attack surfaces and vectors, method types and their usage in targeted attacks such as phishing, malware implantation, perimeter vulnerabilities, application vulnerabilities, lateral movement, etc.
• Experience with Cloud based IT implementations and the related cyber best practices
• Experience with Microsoft based infrastructure and the related cyber best practices
• Cyber security certifications recommended