Information Security Engineer
W3R Consulting - rochester, NY
Apply NowJob Description
W2 Candidates Only NO C2CTop 3 Required Skills7+ years of experience in information security, particularly in security reviews and GRC compliance using a tool like Eramba or other (Eramba is preferred)7+ years of experience developing and enforcing security policies and procedures7+ years of working experience with SOC 2 compliance frameworkJob DescriptionIdeal candidate will have a strong background in information security and a CISSP certification. This role focuses on security reviews, Security Policy Development and optimization. GRC compliance, and driving NIST compliance within our GRC platform Eramba. This role is critical to the organization ensuring sensitive data is private and secureKey Responsibilities:Security Measures: Design and implement security protocols to protect data, networks, and systems. Regularly test and update these protocols to ensure maximum foSec Policy Development: Develop, document, and enforce security policies and procedures. Regularly review and update policies to reflect new threats and compliance requirements. Ensure policies align to SOC2 Compliance and other industry standards.Vulnerability Assessments: Conduct regular assessments to identify and mitigate security weaknesses. Provide detailed reports and recommendations based on assessment findings. Particularly evaluating SaaS products and services the organization may interact withSecurity Architecture: Design and maintain the security architecture of the organization. Collaborate with other IT teams to integrate security measures seamlesslyGRC Platform Management: Work within our GRC platform (Eramba) to help drive NIST compliance. Ensure all compliance activities are tracked and reported accurately, and provide guidance on best practices.SOC 2 Compliance: help organizations maintain a robust security posture and ensure the protection of sensitive dataQualificationsCISSP certification required.Good communication and written communication skills to properly and effectively. communicate security risk to non-IT business partners.Proven experience in information security, particularly in security reviews and GRC compliance.Strong understanding of NIST frameworks and standards.Excellent analytical and problem-solving skills.Ability to develop and enforce security policies and procedures.
Created: 2024-10-18