Information Security Engineer

Connexion Systems & Engineering
Washington, DC
20 Feb 2025

Vacancy expired!

Information Security Engineer (PERM)

Location: Boston, Hartford, New York, Orange County, Providence, Washington, DC (Hybrid)

Salary: $140-145K

Reports To: Director of IT (Who sits in Boston)

JOB SUMMARY:As Information Security Engineer (ISE), reporting to the Director of Information Technology and working closely with the Chief Information Officer, this position will be responsible for the administration, implementation, and oversight of the Firm’s Information Security Management Systems (ISMS) to effectively safeguard all data stored on premises and in the cloud. They will be responsible for ongoing development and improvement of an extensive security strategy for the Firm. The security professional will suggest tools and techniques to achieve security goals and to record the process related to gathering and maturing Threat Intelligence. The Information Security Engineer will work in collaboration with the Network team to offer support for security tools and technologies such as firewall, proxy server, remote access, and others. The professional must document the configurations and network designs to help in the effective execution of the strategic security plan. They will research and investigate the potential impact of new threats and exploits to improve detection and response capabilities. This person will work closely with senior IT management on information security-centric initiatives related to compliance, risk management, and data privacy and protection strategies for the organization, in alignment with relevant laws, regulations, and industry standards. The ISE will participate in select solution-provider/vendor selection processes and contract security compliance reviews and work with business owners to provide information security and compliance oversight of onboarded vendors. Additionally, this role will coordinate security related responses to prospective client requests for proposals (RFPs), as well as audits for existing clients.

ESSENTIAL FUNCTIONS:
  • Participates in the development, risk assessment, communications, status reporting, vendor management, and oversees the execution of, enterprise-wide information security, compliance, risk, and privacy strategies.
  • Administers and monitors security platforms Firm-wide and liaises with Managed Security Services provider to coordinate response to security events and vulnerability assessments.
  • Serves as an expert advisor to senior management in the development, implementation, and maintenance of information systems to ensure that best practice control objectives are achieved in protecting information assets.
  • Works with the IT team and business process owners to ensure MSAs and SOWs (Statement of Work) comply with Brown Rudnick information security compliance requirements
  • Owns updating and revision of Information Security policies and SOPs; works with CIO and Data Protection Committee to ensure policies meet business requirements and align with US federal, state, EU (European Union), and additional global obligations.
  • Assesses existing IT policies, guidelines, procedures and standards to discover security related gaps and create or align firm documentation, as necessary.
  • Manages vendor engagements for IT Risk Assessments to identify, assess, and remediate threats internally and with 3rd party vendors.
  • Collaborates on the development or selection of regular Information Security and Compliance training to all employees and assists in delivery and auditing of compliance training.
  • With the CIO and Director of IT, participates in and helps direct the Firm’s incident response efforts when system compromise or information loss is suspected, in an effort to minimize any negative impact.
  • Participates in and provides project management for security and compliance certification and re-certification processes, including the scheduling of internal audits to ensure regulatory compliance and company readiness. Works with auditors and IT teams to coordinate collection of evidence required to support IT controls.
  • Drives security assessments for vendors and technology.
  • Supports the ongoing administration, design and use of network segmentation tools and underlying concepts.
  • Supports development of testing and evaluation plans, including cyber test activities.
  • Provides technical expertise to support vendor and project reviews.
  • Works with third party vendors to plan for and execute penetration testing.
  • Ensures that security controls are integrated into new systems and applications.
  • Assists with other projects and initiatives at the direction of the department and firm.

QUALIFICATIONS:
  • Bachelor’s degree in computer science, Information Security, Information Technology or related field.
  • Professional certifications (e.g., CIPP/USA and CISSP).
  • Minimum of four (4) years of work experience in the field of information security and compliance, or equivalent combination of education and work experience.
  • Strong IT Governance, Risk and Compliance experience with knowledge of local and international privacy laws.
  • Proven experience providing project management for security and compliance-related initiatives in a team-oriented workplace preferred.
  • Ability to manage relationships.
  • Experience working with a variety of automation tools, firewall systems, and other technologies used in cybersecurity.
  • Able to fix complications with SSL and SSH.
  • Sound professionalism with incident response.
  • Exceptional oral and written communication skills and the ability to articulate highly technical information for real world business impact at a senior management level.
  • Strong time management, prioritization, problem-solving, and organizational skills, and the ability to work effectively in a high-pressure environment.
  • Strong interpersonal skills and ability to work effectively with diverse levels of constituencies.
  • Flexibility and capacity to respond calmly, efficiently, and effectively in stressful situations.
  • Able to meet set deadlines and work effectively under pressure.
  • Ability to maintain confidentiality of matters and other firm business information.
  • Experience reviewing vendor contracts to ensure appropriate security measures are in place and appropriate compliance language included as it applies in jurisdictions where company is subject to regulatory compliance.
  • ID: #49314977
  • State: District of Columbia Washington 00000 Washington USA
  • City: Washington
  • Salary: $140,000 - $145,000
  • Job type: Permanent
  • Showed: 2023-02-20
  • Deadline: 2023-04-18
  • Category: Et cetera