Security Engineer focused on enhancing cloud security at Ramp, ensuring safe management of financial data. Collaborating with cross - functional teams to remediate security issues and deploy secure solutions.
About the role
- Information Security Specialist protecting critical information assets for People Corporation. Collaborating with stakeholders to manage cyber risks and ensure compliance with industry standards.
Responsibilities
- Provide expertise to business leaders and technology teams by conducting security risk assessments, identifying potential threats and vulnerabilities, and recommending appropriate compensatory measures to allow risk to be managed to acceptable levels
- Collaborate with information security members to develop and align information security policies and standards with evolving business needs and industry standards (e.g. ISO 27001, NIST CSF) and ensure the ongoing currency of same for all participating companies
- Recommend security compliance and remediation initiatives for technology, processes, and services (a.) to ensure ongoing effectiveness of the information security program, (b.) to protect the business from security threats and (c.) to ensure compliance with regulatory, key business partner and client requirements
- Maintain awareness of security/privacy industry to keep abreast of best practices, trends, technologies, and regulatory requirements in information security
- Ensuring due care and competitive positioning on security solutions
- Research best practices and define/recommend improvements to corporate security infrastructure in support of the security program
- Develop and implement security strategy, plans, and budgets, ensuring alignment with business objectives and risk appetite for specific locations/companies
- Complete business cases for security solutions with a keen focus on risk assessment practices
- Developing and maintaining an in-depth understanding of the business unit, technologies, customers, partners, alliances, systems, processes, data, and customers
- Function as main contact or adviser for local security as part of Information Security leadership role and the IT business partners, as well as finance, HR, legal, and other staff as needed
- Provides leadership, executive support, and strategic and tactical guidance for the cybersecurity program supporting enterprise security initiatives
- Active engagement with Partner firms to help a company toward objective achievements through representation of the security program and helping in the case of a security incident as a main contact for communication
- Participating in company/region/unit related meetings and conferences and industry forums associated as part of the cybersecurity program
- Act as main contact or adviser for company affiliates and partners in their pursuit of aligning to the cyber program and governance structures
- Understands the processes, identifies, and evaluates controls and risks, and suggests controls and risk management strategies so that the company is complying with Information Security Policies and Standards
- Maintain up-to-date knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units
- Identify, document, and address threats and vulnerabilities that may impact the business
Requirements
- At least 10+ years’ cybersecurity experience (or information technology infrastructure coupled with cybersecurity), with at least 5+ years in an operationally focused security practitioner role
- Familiar with the cybersecurity acquisition due diligence process to assess the target firm’s status regarding regulatory compliance, security policies, and third-party risk
- At least 3 years’ experience working with business leadership, and enterprise projects
- Familiar with hands-on experience in IT infrastructure and security technologies (e.g., Firewalls, IPS/IDS, WAF, VPN, SIEM, MXDR, EDR, CASB, SSO, MFA, DLP)
- Experience in Cloud Security Operations for environments such as Azure, M365, GCP or AWS
- Completion of post-secondary education in Information Technology, Business Administration, Computer Science or combination of equivalent discipline
- A current senior professional certification relevant to cybersecurity, or risk management, such as: CISSP, CISM, CRISC, CISA
- Other beneficial industry certifications or training include GSEC, CCSP, CySA+ or ITIL
- Knowledge of various security best practices, security principle, standards and frameworks (e.g. CIS, ISO27001, NIST, OWASP)
Benefits
- Learn by working alongside our experts
- Extended health care and dental benefits
- A retirement savings plan with company contributions
- A suite of Health & Wellness offerings
- Mental Health programs and support for you and your family
- Assistance for the completion of industry designations
- Competitive compensation
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Senior Information Security Analyst at Banco ABC Brasil securing digital assets and ensuring compliance with industry standards. Collaborating with teams to enhance cybersecurity measures and manage incidents.
Sales Enablement Manager at Upwind Security crafting compelling narratives for technical audiences. Collaborating across teams to enhance market readiness and impact through influential content.
Talent Acquisition Partner owning recruitment cycles and enhancing Upwind's culture through AI - driven strategies in a fast - growing startup. Proactively sourcing global Go - To - Market roles while partnering closely with hiring managers.
Principal Associate in Capital One’s Cyber Division managing Information Security for Financial Services. Supporting stakeholders with analysis, reporting, and execution of cyber initiatives within the FS ISO Command Center.
IT Security Expert developing and maintaining a scalable hybrid multicloud network architecture across multiple European locations. Managing security and connectivity solutions in Azure and AWS environments.
Senior Information Governance Security Consultant at Civica improving information governance and cyber security for public and private sector clients. Leading security engagements and consultancy for resilience, compliance, and risk management.
Manager of IS Architecture & Compliance supporting security and compliance initiatives at Connecticut Children's health system. Partnering with teams to implement controls and assess risks across IT and business functions.
Associate Manager in Accenture's Global Protection & Security Team for Central Europe. Advising on physical safety, crisis management, and threat analyses in a dynamic, international environment.
Cybersecurity Learning Specialist at Avaron developing digital learning solutions to promote secure behaviors across a global cybersecurity organization. Focusing on pedagogical methods for effective learning experiences.