Info Security Gov & Risk Specialist at Axelon Services Corporation
Charlotte, NC
About the Job
Job Title: Info Security Gov & Risk Specialist (Hybrid)
Location: Frisco, Charlotte, Denver, or Iselin
Job Overview:
Location: Frisco, Charlotte, Denver, or Iselin
Job Overview:
- Defines, enhances, and implements information security configuration controls, while ensuring consistent and effective information security administration procedures and processes.
Key Responsibilities and Duties:
- Review industry configuration safeguards and monitor compliance for infrastructure assets: databases, workstations, network, middleware, servers, cloud services, and mobile
- Partners with multiple business stakeholders to drive work and monitor through completion
- Analyze internal information security controls and convert control criteria and their severity into functional compliance scanning results
- Create and support program governance documentation such as standard operating procedures, control assessments and training materials
- Monitor industry security updates, technologies and best practices to improve security management
- Generate metrics and reports in assigned functional business area to inform decisions on tactical issues that impact the business
- Perform QA/QC activities to drive configuration management program maturity
- Support remediation efforts through gap identification and action plan creation to operationalize scan results
- Participates in various tool testing and validation efforts for on-prem and cloud scanning
Required Qualifications:
- Bachelor s degree in IT or Cybersecurity
- Experience with developing, customizing, reviewing and updating a wide range of enterprise security configuration baselines, with input from subject matter experts
- Experience interpreting and applying CIS Benchmarks, DISA STIGs, SRGs, and has an awareness of the National Vulnerability Database (NVD) and Common Vulnerability Enumeration (CVE)
- 1 year of direct experience working with teams in an agile and horizontal environment
- Experience with remediation activities within Cybersecurity
- Ability to translate the low-level security baseline requirements into security baselines
- Ability to work independently to anticipate needs, support a changing landscape and willingness to act with minimal supervision
Preferred Qualifications:
- Knowledge and understanding of technology operations/processes, as well as experience with evaluating technology-related risks and controls
- Experience in working with the NIST 800 Special Publication series and providing guidance for risk management and security control implementation, including 800-53 and others.
- Experience with one or more of the following technologies: Networking (including CISCO or Palo Alto); Operating Systems (including Windows Server, RedHat, or Linux); Cloud Services (including GCP, AWS, and Azure)
- Ability to apply a technical skill set to research and document industry knowledge and best practices with established or newly released applicable security controls
- Written and verbal communication skills: articulate and effective communicator and presenter, able to describe complex problems in both technical and business terms
- Demonstrated experience learning new technologies
- Experience with an Agile methodology
- Knowledge of ServiceNow and Archer