Adva IT Services, Inc..
Location
Memphis, TN | United States
Job description
Responsibilities:
Security Framework Development and Execution:
Develop and implement a comprehensive security framework to address and manage cybersecurity risks.
Develop and execute comprehensive security audit plans to assess the effectiveness of information security controls.
Monitor security safeguards to ensure effectiveness and appropriate risk mitigation.
Conduct regular audits of IT systems, networks, and applications to identify vulnerabilities and areas for improvement.
Understanding operational needs of systems and varied stages of the SDLC through participating in SW acquisition meetings and concept of operations.
Design and develop security requirements that drive down risk while maintaining operational capability.
Working between architecture-level and implementation-level engineering meetings to maintain a system-wide view of security functions and apply risk mitigation strategies at the appropriate level.
Select and tailor controls from the NIST SP 800-53 control catalog in view of system needs and constraints.
Review system and network artifacts and conduct assessments against selected control baselines, assessing residual risk and providing recommendations to the Authorizing Official.
Evaluate software and hardware prior to entry to networks.
Regulatory Compliance:
Ensure the company's adherence to relevant cybersecurity regulations, industry standards, and best practices.
Stay current on evolving cybersecurity threats and compliance requirements, adjusting security and compliance.
Risk Assessment and Mitigation:
Perform information security risk assessments to identify potential security threats and vulnerabilities.
Collaborate with IT teams to develop and implement mitigation strategies to address identified risks.
Collaborate on cyber privacy requirements with organizational stakeholders
Incident Response and Forensics:
Assist in the development and execution of incident response plans in the event of a security incident.
Manage corrective measures in a cybersecurity incident and coordinate digital forensics investigations to identify the root causes of security incidents and recommend preventive measures.
Security Awareness Training:
Develop and deliver security awareness training programs for employees, enhancing the organization's overall cybersecurity posture.
Collaborate with internal stakeholders to promote a culture of cybersecurity awareness and compliance.
Security Policy Development and Documentation:
Contribute to developing and documenting information security policies, procedures, and guidelines.
Oversee implementation strategy and ensure that security policies align with industry standards and are effectively communicated across the organization.
Collaboration and Reporting:
Collaborate with IT teams, external auditors, and regulatory authorities during audits and assessments.
Prepare and present comprehensive audit reports to management, detailing findings, recommendations, and remediation plans.
Continuous Improvement:
Proactively identify opportunities for enhancing the company's overall cybersecurity posture.
Work with IT teams to implement improvements based on audit findings and industry best practices.
Promote awareness of security risks among leadership and ensure alignment of the cybersecurity program with the organization's goals and strategy.
Qualifications:
Bachelor's degree in Computer Science, Information Technology, or a related field preferred or extensive experience in lieu of degree.
Proven experience in cybersecurity, with a focus on security framework implementation and assessments.
Strong knowledge of cybersecurity frameworks, standards, and regulations.
Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), CISA or equivalent
Excellent communication and interpersonal skills.
Knowledge of manufacturing automation and operational technology.
Report this jobJob tags
Salary
