Lead Security Engineer - Risk [T500-10032]
Location
Bangalore | India
Job description
Responsibilities:
- Perform end-to-end risk assessments across a broad range of Cyber, IT, and operational functions.
- Document controls, including the control description, process steps and testing criteria.
- Train and educate IT partners on IT risk, controls, and control effectiveness testing.
- Periodically test control effectiveness, working with IT partners to close gaps in control effectiveness
- Conduct vendor risk management activities including but not limited to third party risk assessments, gap analysis, contract review, vendor breach and termination activities, and partner with internal stakeholders to monitor vendors.
- Perform data analytics and create meaningful reports to effectively communicate outcomes from vendor management activities and relate security, compliance, and/or governance-related concepts and controls across a variety of audiences including non-technical audiences
- Identify and communicate findings of non-compliance with Delta's Information Security Standards and track to remediation or to an acceptable level of risk
- Perform any other job-related instructions, as requested, with reasonable accommodation.
What you need to succeed (minimum qualifications):
- 7 or more years of experience with information technology security programs, IT audits, controls and/or third-party risk management
- Solid knowledge of risk and security frameworks like i.e., NIST/ISO/COSO and practical application in a working environment.
- Ability to identify and assess IT security controls against Delta policies and standards and Federal/State Regulatory requirements and identify and communicate gaps
- Exceptional written and verbal communication skills
- Advanced computer skills including Microsoft Office suite and other business-related software programs
- Ability to effectively manage time and productivity with competing priorities in a rapidly changing, fast-paced, interactive, results-based team environment
- Proven analytical / problem solving skills and ability to work with cross-functional teams
- High School diploma, GED or High School Equivalency.
- Embraces diverse people, thinking and styles.
- Consistently makes safety and security, of self and others, the priority.
What will give you a competitive edge (preferred qualifications):
- Bachelor's Degree or 7 plus years of relevant experience in Computer Science, Mathematics, Engineering, Information Systems, Management Information Systems or Information Security
- Key industry certifications such as CISA, CISM, CISSP, CRISC, etc.
- Experience with AWS or Azure.
- Familiarity with third party information security attestations/certifications such as SOC I/II reports, ISO, PCI-DSS, SOX.
- Comprehensive knowledge of third-party risk concepts, methodologies, governance structures and experience in managing risk and performing vendor risk assessments
- Experience validating across Information Security domains such as governance & compliance, incident response, identity & access management, penetration testing, or e-discovery & forensics
- Experience validating across IT domains such as application development, infrastructure, technical support and operations, cloud technologies and/or continuity of business
Job tags
Salary