Information Security Specialist

The Information Security Specialist supports enterprise-wide cyber risk management and governance activities, requiring a strong foundation in information technology, internal controls, security frameworks, and cybersecurity risk management practices.

Key duties include:

• Collaborating across global teams to assess risks, recommend and implement robust security controls.
• Developing and maintaining information security policies and standards.
• Supporting regulatory compliance, remediating control gaps, and enhancing security processes through standardization and continuous improvement.

Responsibilities:

• Maintain assurance and governance activities related to organization-specific security compliance methodologies and demonstrate governance to management and key stakeholders including regulators, auditors, and boards.
• Develop and maintain security policies, procedures, and guidelines according to industry best practices and regulatory requirements.
• Conduct regular security controls testing to evaluate the effectiveness of existing security systems and procedures and recommend improvements.
• Conduct comprehensive risk assessments to identify potential risks in the organization’s IT infrastructure and oversee the lifecycle of any security risks, ensuring remediation is agreed, effective, and timely.
• Prepare regular reports on the organization’s cyber risk posture for presentation to senior management.
• Foster strong partnerships and collaborate regularly with other departments, communicating security issues, obtaining additional information as needed, and providing status of remediation to security management.
• Assist with regulatory exams by obtaining documentation, drafting responses, and helping develop security action plans.
• Stay current with the latest cybersecurity regulatory standards, trends, threats, and technologies, and provide recommendations for improvement.

Qualifications:

• Bachelor’s degree in Cybersecurity, Computer Science, or a related field.
• 2+ years of experience in information security risk management or a similar role.
• Knowledge and expertise with security/risk governance concepts and documentation such as NIST800-53, NIST Cybersecurity Framework (CSF), ISO or equivalent.
• Experience using and administering GRC tooling.
• Proficiency with Windows and Linux, including Active Directory and EntraID.
• Strong analytical, organizational, communication, and presentation skills.
• Flexibility in work location and the ability to actively research new tasks.
• Proficiency in Microsoft Teams, Excel, PowerPoint, Word, and AI tools (Copilot, ChatGPT, and others).
• Experience with GenAI coding assistance and leveraging AI to improve processes.
• Relevant certifications such as CISSP, CRISC, CISM, or others.

We’re proud to be an equal opportunity employer and do not discriminate against any employee or applicant for employment based on any legally protected characteristic, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, or veteran status. We are committed to fostering a workplace where all individuals are valued and respected.