Sr. Information Security Engineer

Job DescriptionJob Description

• Develop solutions using tools and technology to support GRC work, project, and initiatives.
• Act as system administrator for certain security or GRC tools such as phishing and training platform, Data Loss Prevention (DLP) solution, Third Party Risk Management (TPRM) platform, GRC tools, risk register, and repository for GRC artifacts.
• Integrate GRC related tools with other systems as needed.
• Engage with security vendors on design sessions, and help configure GRC solutions for use.
• Work with IT partners in Application Security, Security Engineering and Operations, Enterprise Applications, Desktop Support, Help Desk, Networking and Infrastructure Operations to get data and information needed to support GRC work.
• Work with GRC team and IT partners to extrapolate SIEM related data from source system logs such as security, application, system, and network logs to assess risks and help the GRC team determine compliance.
• Work with GRC team and IT partners to bridge technology between GRC goals and cybersecurity / technology solutions such as IAM, PAM, MFA, RBAC, SSO, DLP, IDS/IPD, XDR, MDM, SIEM, etc.
• Support GRC team data analysis and metrics by pulling data from source systems.
• Stay current with threat intelligence and make recommendation for GRC improvements.
• Participate in security incidents as needed.
• Support security assessment requests for customers, HITRUST, SOC 2, etc. by pulling appropriate data as needed.
• Work with IT partners to integrate GRC value-add into their secured software development life cycle, software engineering, infrastructure, network, and operation needs.
• Maximize the utilization of GRC and IT / Security tools and technology.
• Assist with the development of GRC policies and procedures.
• Stay current with changes in GRC, information security and cybersecurity regulations, industry frameworks, and best practices, and apply it to existing NextGen GRC solutions.
• Use security engineering skills to help streamline or automate NextGen methodology for maintaining accreditations or certifications (e.g., SOC 2, HITRUST, etc.).
• Use security engineering skills to help streamline or automate NextGen methodology for responding to customer security assessments or questionnaires.
• Perform other duties that support the overall objective of the position.

Education Required:

• Bachelor's Degree in Computer Science or related discipline or advanced degree.
• Or, any combination of education and experience which would provide the required qualifications for the position.

Experience Required:

• 4-6 years of relevant experience.
• Security engineering experience, including implementing information security or cybersecurity solutions.
• Experience in working with security technology, tools, or processes such as phishing campaigns, vulnerability scans, IRPs, playbooks, IAM, PAM, MFA, RBAC, SSO, DLP, IDS/IPD, XDR, MDM, SIEM, threat hunting, etc.
• Experience with one or more of the following frameworks: COSO, NIST CSF, RMF, ISO, COBIT.
• Experience working in an environment with one or more of the following: Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), Security Operation Center (SOC), Payment Card Industry (PCI), GRC
• Experience working with IT partners and adequate exposure to their areas such as SSDLC, software engineering, infrastructure, networking, service desk, desktop support, security operations, etc. This includes experience or sufficient exposure and familiarity with the tools they use.

License/Certification Required:

• Information security or cybersecurity related certifications such as CISA, CISSP, CISM, CRISC, CEH, GIAC (GCFA), or ability to acquire certification within 18 months.
• HITRUST Framework and CSF certification knowledge. Governance, Risk and Compliance tools.