Our client is a large financial services company involved in global initiatives and is currently undertaking a large transformation from a decentralized organization to a strong centralized organization model that is common in large banks and financial institutions.
They are currently looking for a seasoned IT Security Technical Lead with significant Security Baselines implementation initiative experience.
Location: Detroit, Michigan...client will provide assistance with immigration and some relocation and successful candidates may also choose to live in Windsor, Canada and commute to Detorit.
Compensation: $100-110K US + bonus - client may start successful candidates on a contract to hire arrangement.
The Security Baselines (SB) Implementation Technical Lead is the primary Information Security technical leader providing guidance and technical support services to the organization's Security Baselines Implementation project. This person has a key technical responsibility in ensuring the success of this project to:
Deploy detailed security standards (aka. System hardening or baselines) to the enterprise servers and networking systems.
Assist in the selection and implementation of a new Governance, Risk and Compliance (GRC) tool which tracks, manages and reports on GRC compliance posture.
Provide technical consulting and assistance in the remediation of compliance and security gaps found in the enterprise systems.
As the SB Technical Lead, the primary role’s scope will include thought leadership and expertise in the Governance, Risk and Compliance (GRC) security space, providing this expertise toward the successful implementation of the project technical solution(s). This includes not only GRC industry knowledge, but knowledge of industry GRC tools and their technical capabilities. This person will be technically astute in security standards and server/system hardening providing direct assistance to IT and system owner groups in the technical remediation of discovered compliance and security gaps.
The SB Technical Leader’s role will include accountability for designing a complex GRC solution which is tightly integrated with a vulnerability & compliance scanning and SIEM tool-sets. The leader will direct and support the associated pilots/prototype efforts, providing guidance and engineering leadership toward project implementation and integration into the corporate environment.
Additional plusses would include corporate knowledge of existing GRC and vulnerability tools.
The role will interface with Information Security, Security Architecture, Infrastructure groups, and business stakeholder teams to understand their high level security and functional requirements, and guide the solution provider toward a successful business solution and implementation.
As the technical leader, this person will be able to perform the following key responsibilities:
** Extensive experience providing IT Security Baselines Implementation and Governance, Risk & Compliance Solutions to or for Banking, Financial Services or other high transaction environments.
** Significant Technical Management with operational responsibility experience.
Map the functional and technical needs of the organization to a real-world set of tools and processes, to meet the business needs.
Deploy a set of security standards to the enterprise systems, applications, Databases and network equipment.
Guide the overall design and implementation of a functional GRC tool, factoring in legacy tools and processes and assisting in developing the future state solution that meet corporate requirements
Working with the selected tool vendors to design, configure, test, integrate, and deploy a GRC solution.
Leading technical decisions related to GRC tool functionality and selection
Understand the integration of GRC tools with vulnerability and compliance tools
Assist the solution vendor in the development and validation of architectural and detailed solution designs, and supporting this before the architecture review council and other governance reviews.
Assist the solution vendor in all aspects of their solution development ensuring that the developed solution integrates with other tightly coupled projects (ie. Security scanning tools).
Assist in modeling the steady-state organizational structure that will support the tool(s) post-implementation.
Effectively communicate the GRC solution design ideas, issues, best practices, etc. with the SB project and operations teams to ensure they understand and support the design, development, and delivery of SB solutions in critical production and general support systems.
Lead the technical GRC gap analysis and remediation of thousands of Infrastructure devices, including servers, applications, Databases and network equipment.
The person will demonstrate expertise in GRC tool functionality including workflow, reporting, remediation, etc… The person will provide and accept peer knowledge transfer with other engineers and client security resources, and act as a security engineer by building and institutionalizing engineering principles, practices, and methods in all task activities.