Cyber Security Assurance Engineer

Orion Group
12 Aug 2019
12 Sep 2019
James Slaymaker
Oil and Gas
Contract Type
Full Time

The Security Risk and Compliance Analyst provides technical direction for the risk management and compliance functions within the Information Security team. This person will conduct activities ranging from policy, auditing, and risk analysis to overall risk mitigation. This individual will also build, develop, and maintain relationships with our internal stakeholders and external vendors to help mature and enhance our enterprise-wide compliance with security.

You will support security risk assessments, implementations and operations of security technologies and software tools especially in area of data loss prevention and/or identity and access management. The successful candidate will also help to develop operational processes for identity or data loss lifecycle management and document assessment results.

Responsible for all activities within the security compliance and risk management lifecycle. These activities include: risk analysis, auditing, mitigation, governance & policy.

Develop, update, and monitor compliance with information security policies designed to ensure the confidentiality, integrity, and availability of systems and data.

Manage periodic independent security audits, i.e. ISO27001, ISO 9001, SSAE18

Manage internal and client information security audits

Technical risk and compliance assessment support

Support design and implementation of data loss and / or identity management systems

Support of operational activities e.g. operational review and analysis of access requests and/or data leakages to ensure compliance,

Oversee periodic penetration tests and triage remediation for vulnerabilities identified

Leads efforts in developing/improving process, procedures, and documentation for all aspects of security

Work closely with key process owners to implement the agreed remediation actions

Identify and recommend gaps and improvements to business processes

Lead workshops with Process and Control Owners

Perform control testing and agree results with control owners

Work closely with key process owners to implement the agreed remediation actions

Oversee Security Service projects to ensure products are developed in compliance with security standards and practices

Experience: 5+ years of IT administration and Security engineering experience

Relevant security knowledge and experience in two or more of the following areas: Audit, compliance, risk management & GRC tools

Firm understanding of networking basics, including TCP/IP, FW, Domains, Active Directory Management

Windows System administration

Working knowledge of at least one scripting language (Python and Shell preferred)

Good understanding of security concepts, such as system hardening and vulnerability management and remediation

Experience maintaining critical and high visibility services for stakeholders

Policy configuration and implementation for networking and endpoint security controls

Demonstrated experience helping an organization successfully complete independent compliance audits under SOX, etc.

Well-versed in recognized security industry standards and leading practices, i.e. ISO, PCI, NIST, CIS, FedRamp,

Advanced knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases

Bachelor's degree in Computer Science or Information Technology

CISSP or security-related certification is preferred

Our role in supporting diversity and inclusion
As an international workforce business, we are committed to sourcing personnel that reflects the diversity and values of our client base but also that of Orion Group. We welcome the wide range of experiences and viewpoints that potential workers bring to our business and our clients, including those based on nationality, gender, culture, educational and professional backgrounds, race, ethnicity, sexual orientation, gender identity and expression, disability, and age differences, job classification and religion. In our inclusive workplace, regardless of your employment status as staff or contract, everyone is assured the right of equitable, fair and respectful treatment.

Similar jobs

Similar jobs