Vacancy expired!
nCino offers exciting career opportunities for individuals who want to join the worldwide leader in cloud banking.
Under the general direction of the CISO, the Principal Information Security Engineer is responsible for leading, administration and improvement of the information security program for the company. The purpose of this program includes: to assure that information created, acquired, or maintained by the company, and its authorized users, is used in accordance with its intend and purpose; to protect company information and its infrastructure from external or internal threats; and to assure that the company complies with statutory and regulatory requirements regarding information access, security, and privacy. The applicant will directly be responsible for improvement to programs and should be able to work as an individual contributor as well as a team member.- Balance compliance and information security needs with the organization's strategic business plan, identify risk factors, and determine solutions to both
- Develop, oversee, and conduct security risk and business impact assessments
- Develop and execute against internal audit plans related to information security and compliance
- Oversee and assist with external audits related to information security and compliance
- Develop, oversee, and conduct network, cloud, and application assessments
- Develop appropriate risk treatment and mitigation plans to address security risks identified during security review or audit
- Create, document, and assist to implement controls related to information security and compliance to further improve the program
- Develops, initiates, maintains, and revises policies and procedures for the general operation of the information security and compliance program and its related activities to prevent illegal, unethical, or improper conduct.
- Manage and execute day-to-day operation of the program.
- Ensure that company policies support compliance with external requirements
- Build security awareness training courses and assist in presentation of related training
- Lead engineer for assigned security programs, incident response processes and/or security operations
- Keep abreast of latest information security and privacy legislation, regulations, advisories, alerts, and vulnerabilities pertaining to the company and its mission
- Oversee, improve, and assist the third-party risk management program
- Act as information security and compliance Subject Matter Expert (SME) and assist sales teams with requirements around vendor due diligence, information security and compliance
- Administer GRC tools and create GRC reports and dashboards
- Bachelor's Degree required; Advanced Degree preferred
- 7-10 years in an audit, risk management, compliance, or information security role
- Experience in developing and administering audit, information security or compliance programs desirable
- A Principal Information Security Specialist requires a unique skill set to ensure a company's operations fully comply with regulations and procedures. It is critical that a Principal Information Security Specialist possesses high ethical standards and honesty as he/she is responsible for ensuring a company adheres to required regulations
- Principal Information Security Specialist are continually reviewing the work of others; therefore, it is essential they have polished people skills and work well with colleagues
- Principal Information Security Specialist need to be reliable, showing commitment and unity in relation to a company's regulations and procedures; it is crucial they demonstrate this to colleagues, leading by example
- Principal Information Security Specialist must have strong attention to detail; they need the ability to notice actions that may result in a liability
- Candidates are preferred that hold or be actively pursuing related professional certifications such as CISSP, CISM, CISA or CompTIA Security+
- Experience in cloud technologies, and/or actively pursuing cloud certifications
- Expert knowledge of IT security technologies, techniques and best practices that cover all levels of IT architecture, including those that affect business processes, data applications and network and systems infrastructure and their effects on a diverse computing environment.
- Experience leading System Administration, Network Security, Problem Solving, Information Security Policies, Informing Others, Process Improvement, Network Troubleshooting, Firewall Administration, Network Protocols, Routers, Hubs, and Switches.
- Knowledge of business continuity planning, auditing, and risk management.
- Extensive experience in TCP/IP networking, intrusion detection systems, firewalls, virtual private networks, access controls, encryption techniques, IT security solution deployment strategies and management and vulnerability assessments.
- Knowledge of Cloud technologies and cloud security concepts
- Ability to work with a broad range of constituencies.
- ID: #43552392
- State: North Carolina Wilmington 28401 Wilmington USA
- City: Wilmington
- Salary: USD TBD TBD
- Job type: Permanent
- Showed: 2022-06-23
- Deadline: 2022-08-21
- Category: Et cetera