Principal Security Engineer

Yesterday

Apply Now

Receive Emails with Similar Jobs

CDW

WebsiteLinkedInAll Job Openings

Security • Cybersecurity • Health Tech • Retail Tech • Small Business Tech

10,000+

💰 Post-IPO Equity on 2015-07

Description

• Work with the business to ensure global security controls are in place at the business unit level. • Develop technical controls, a process in which control owners are informed on what evidence to provide, the frequency to provide it and validate the process is working as designed. • Provide consulting to optimize critical controls, ensuring that the overall attack surface area can be reduced. • Understand the unified control framework (rationalizing multiple control sets into one) and have experience in developing technical controls by business units with stakeholders. • Identify, assess, and document security compliance controls, ensuring alignment with regulatory and organizational standards. • Provide guidance to management and business units on control requirements, evidence gathering, and control optimization. • Establish processes to document and provide evidence in a centralized repository of evidence. • Provide consultative support on audits. • Conduct control effectiveness assessments on organizational applications, infrastructure, and technologies. • Perform control testing to assess the design and operational effectiveness of security controls, with an emphasis on compliance with applicable frameworks (e.g., NIST, ISO 27001). • Apply a risk-based approach to control testing and compliance assessments, prioritizing based on potential impact and likelihood. • Assess risks, design controls, and monitor performance to mitigate potential issues and help achieve operational excellence. • Understand how to document and manage risks within business units and roll up thematic risks. • Ensure issues management is prioritized within the business and appropriately actioned. • Work collaboratively with the Security Risk Management team and the Business. • Work on and prioritize multiple, concurrent projects while meeting deadlines in a fast-paced environment.

Requirements

• 10 + years of experience in security, understanding controls and implementation of controls • 5 + years of deep control, audit / assurance experience. • Strong background and expertise NIST CSF, ISO27001, SOC2, PCI 4.0 / 3.2 • Familiarity with CMMI maturity model for controls rating • Familiarity with privacy and privacy related controls (NIST Privacy) as well as data protection (NIST 800-53) • Strong analytical and problem-solving skills to identify and resolve complex issues related to Microsoft 365 deployments and configurations. • Strong problem solving and collaboration skills with demonstrated ability to explain complex technical concepts to a variety of audiences for the understanding of all involved. • Strong communication and interpersonal skills, with the ability to clearly explain complex IT controls and compliance issues to non-technical audiences. • Dedication to continuous improvement, security process engineering, and operational excellence. • Certifications such as CISA (Certified Information Systems Auditor) or CRISC (Certified Risk and Information Systems Control), are nice to have.