Required Skills / Qualifications:
- Bachelor's degree in management information system or computer science or engineering.
- Minimum 8 years of hands-on technical information security/privacy experience.
- Minimum 5 years" experience in information technology systems and security assessments or security by design testing.
Preferred Skills / Qualifications:
- One existing certification from each of the following categories, which must be currently maintained and valid.
- General Audit Certification: Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified Fraud Examiner (CFE)
- IT Audit Certification: Information Technology Infrastructure Library (ITIL), Certified Information Systems Auditor (CISA), Certified in Risk and Information System Control (CRISC), Certified in Risk Management Assurance (CRMA), Certified in Governance of Enterprise IT (CGEIT), Cisco Certified Network Associate/Professional (CCNA, CCNP)
- IT Security/Privacy Certification: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Quality Security Assessor (QSA), Payment Card Industry Professional (PCIP), Certified Ethical Hacker (CEH), Microsoft Certified Professional/Security Engineer (MCP, MCSE)
- Expert level knowledge of security principles and technologies with
- Big 4 or regulatory compliance consulting experience applying broad risk and threat assessment methodology experience across information technology, security, privacy and business
- Demonstrated leadership skills in identifying and analyzing regulatory, security and privacy vulnerabilities in the following:
- Finance regulatory compliance testing such as NAIC/MAR, SOX, EHNCA, ICFR.
- Information technology compliance testing such as ISO27001/2013, COSO, AICPA/SOC(I,II,III)
- Information security compliance testing such as CMS ARS, CIS, CSA
- Information privacy compliance testing such as HIPAA (45 CFR), GDPR, CCPA, NYCRR.
- GRC frameworks such as NIST (800-36), ISO (27k series), COBIT, ITIL, GAAS
- Compliance crosswalk methodologies and models such as SCF, CCF, UCF, RMF, HITRUST
- Proven leadership with multiple cross-functional teams in a deadline-driven environment
- Excellent written reporting and presentation skills
- Clean credit history as reported by credit report
- Upon offer of employment, the individual will be subject to a background check and a drug screen.
- Ability to travel approximately 25% of the time
- The working environment is generally favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by noise, dust.
Aleron companies (Acara Solutions, Aleron Shared Resources, Broadleaf Results, Lume Strategies, TalentRise, Viaduct, and Aleron's strategic partner, SDI) are Equal Employment Opportunity and Affirmative Action Employers. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity, sexual orientation, national origin, genetic information, sex, age, disability, veteran status, or any other legally protected basis. The Aleron companies welcome and encourage applications from diverse candidates, including people with disabilities. Accommodations are available upon request for applicants taking part in all aspects of the selection process.
Applicants for this position must be legally authorized to work in the United States. This position does not meet the employment requirements for individuals with F-1 OPT STEM work authorization status.