Align Technology

Information Security Engineer

Return to Postings
Posted On:
Closing On:
10-Mon-2021
11-Mon-2021

Job Description:

About this opportunity

This role will report directly to Sr. Manager, Technology Governance & Compliance, and will be responsible for supporting global enterprise-wide initiatives within the Information Security team under the Technology Governance, Risk and Compliance department.  These initiatives include building and maintaining Document Governance and Security Awareness programs.

 

In this role, you will…

Technology Governance Program Management: 

  • Support efforts with formalizing the technology governance programs to ensure compliance with SOX, SOC2, PCI, HIPAA, FDA, GDPR, Cybersecurity, data privacy laws, and other legal and regulatory requirements as necessary. 
  • Exemplifies project management skills through project tracking, status updates and reporting metrics. 

Technology Governance Subject Matter Expert: 

  • Demonstrate a high degree of proficiency in security governance. Serves as the technology governance subject matter expert for SOX, PCI, HIPAA, and GDPR. 
  • Provide security governance and compliance consulting, maintain an in-depth knowledge about governance requirements, implement automation efforts that streamline governance procedures and perform information security training.
  • Demonstrate knowledge and understanding of relevant legal and regulatory requirements. 

Document Governance:

  • Govern enterprise-wide document control for technology policies, procedures and guidelines, in alignment with the ISO13485 standard.
  • Conduct an enterprise-wide policy, procedure and guideline review to plan migration, control mapping and standardization.
  • Provide templates and guidance for document updates. Map documentation to technology controls, including implementing new technology policy management software.

Security Awareness:

  • Lead the Security Awareness Training Program, including annual enterprise-wide training on the Acceptable Use and Information Classification & Handling policies, phishing campaigns, Quarterly Newsletters, Intranet site management, and tracking training enrollment/completion. Become proficient in software to support the phishing program.
  • Lead the Business Security Champion program, and the Phishing Governance Council ensuring information security knowledge is embedded in the business.

Technology Risk & Control: 

  • Support implementing a framework which defines technology processes, risks and controls in alignment with regulations or industry frameworks such as ISO, and NIST control requirements with clear mappings to policies, procedures and guidelines. 
  • Participate in the implementation of a solution to assist with the management of technology governance and compliance programs.  

In this role, you’ll need …

  • Bachelor’s degree or relevant equivalent work experience
  • 5+ years’ experience in Information Security, Policy Management, Security Awareness, Security Compliance Audit and/or Risk Management
  • Demonstrated knowledge in applying frameworks such as ISO, NIST, and/or SOC control requirements
  • Professional certification such as CISSP, CISA, CRISC, CIPP, CPA, CompTIA Security, ISACA CSX Cybersecurity Fundamentals Certificate, GIAC Information Security Fundamentals (GISF) and/or (ISC)2 Systems Security Certified Practitioner (SSCP)
  • Demonstrated knowledge in applying frameworks such as ISO, NIST, and/or SOC control requirements
  • Experience across multiple global geographies is preferred
  • Experience in driving adoption and/or awareness of new programs is preferred
  • Strong interpersonal communication skills with an ability to build relationships and work across multi-functional organizations. 
  • Natural ability to speak, present and write effectively at all organizational levels.  
  • The ability to perform under pressure situations, while developing sound implementation approaches which solve the business problem or environment which they support. 
  • Dependability: Meets commitments, works independently, accepts accountability, handles change, sets personal standards, stays focused under pressure. Detailed oriented, accurate, organized and productive.
  • Initiative: Tackles problems and takes independent action, seeks out new responsibilities, acts on opportunities, generates new ideas, practices self-development.
  • Ability to travel 10% - with some international travel required. 

Preferred Skills:

Powered by JobGrok