Speedeon is looking for a risk-informed analyst to join our team to design, implement, analyze and optimize the standards, policies, and procedures related to our information security. This individual is expected to bring a developed knowledge of Information Security and Cybersecurity standards and certifications, including how to adjust the controls and frameworks in support of Speedeon Business and Strategic Goals.
- Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures and standards in order to validate maintenance of secure configurations.
- Map Speedeon security, risk, and regulatory requirements across the information security framework to identify overlapping requirements and efficiencies.
- Track enterprise compliance across multiple security frameworks including SOC 2, NIST and ISO and maintain up-to-date records of requirements and corresponding mitigating controls.
- Manage relationships and engagements with Information Security partners
- Monitor third-party risk assessments and assist in performing internal risk assessments.
- Lead project for achieving SOC 2 certification
- Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
- Participate in the development of security and privacy awareness training
- Support the design and implementation of a cloud security services strategy for monitoring the IaaS, PaaS, and SaaS solutions across the Azure environment
- Mentor development team staff on security best practices
- Collaborate with and act as backup to CTO and Cloud Infrastructure Engineer
Desired Skills & Experience:
- Bachelor’s degree in computer science, with IT audit or compliance experience
- Working knowledge of common IT security-related regulations and/or standards such as Sarbanes-Oxley and ISO highly desired
- Minimum three (3) years’ experience conducting security control assessments or audits
- SOC-2 audit and/or certification experience highly desired
- At least one industry certification (e.g. CISA, CISM, CRISC, CISSP, ISAAP) highly desired
- Networking experience and an understanding of network protocols DNS, SMTP, SNMP, SSH, SFTP, and load balancing
- Experience with computer network penetration testing and techniques.
- Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts.
- Knowledge of Fortinet firewall, a plus
- Ability to identify and mitigate network vulnerabilities and explain how to avoid
- Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact.
- Ability to document in depth information regarding system security baselines, configurations, deviations, and justifications for security recommendations
- Exceedingly organized and process driven
- Excellent interpersonal, written, and verbal communication skills
- Excellent analytical and decision-making abilities
- Able to build strong partnership with business partners and the project teams
- Takes responsibility for delivering superior value and client service
- Works well with people who have diverse abilities, experiences, and perspectives
- Influences others without direct authority
- High-level of attention to detail and be a self-starter with ability to work independently, multi-task and adjust to shifting priorities
- Approaches opportunities and issues with an optimistic, action-oriented, and solution-based approach
- Good writing skills to maintain security documentation and manuals
- Able to manage multiple simultaneous projects
- Health Benefits:
- 100% Employer Paid Individual Health Coverage
- 50% Employer Coverage of Family Health Coverage
- 50% Employer Paid Dental Coverage
- Vision Insurance
- Company Funded Employee Assistance Program
- Company Funded Life Insurance Program
- Company Funded Short-Term Disability Insurance
- Company Funded Long-Term Disability Insurance
- Generous PTO and Sick Time Policies
- Flexible Work Scheduling
- Summer Hours
- 401k with Generous Company Match
- Company Paid Volunteer Hours
- Remote Work Options
- Health Savings Account Contribution
Submit your resume to: email@example.com