Information Security Engineer
Yondr Group · Dallas, TX · 2 wk ago
Information TechnologyFull-time
Main Responsibilities
- Drive the evolution of the company’s Information Security standards to maintain best practice and alignment with corporate policies and regulatory requirements
- Be hands on in managing and maturing our security technology and processes
- Investigate and respond to information and cybersecurity incidents
- Provide consultation and/or education as needed and drive the adoption of security as a value add/best practice
- Work in partnership with stakeholders, to ensure all projects, changes, IT standards and procedures are compliant with Information Security Standards and Policies
- Manage (third party) penetration testing and facilitate any subsequent remediation activities
- Act as a subject matter expert on matters of Information security relating to Yondr
- Conduct 3rd party risk assessments to ensure suppliers are aligned with our security standards and fall within our risk tolerances
- Manage phishing platform, training and related reporting
- Provide guidance and subject matter expertise on processes, controls, and objectives around audit and information security activities, best practices, and process improvements
- Conduct vulnerability assessments, risk analyses, and remediation tracking to drive the attack surface management program
- Conduct Identity and Access Management entitlement reviews of key platforms and applications
- Engage in audits, compliance assessments, and regulatory security requirements
- Maintain documentation related to security processes, incidents, and compliance requirements
Qualifications and experience
- Experience with regulatory and compliance standards; ISO27001, SOC2, PCI DSS
- 5+ years experience working as an information security professional within a medium to large sized global organisation
- Proven experience implementing, maintaining and leading an effective information security control assurance programme
- Strong stakeholder management and communication skills, including technical members of staff and senior non-technical business leaders
- Applied working knowledge of networking principles and the OSI model to evaluate control effectiveness and support investigation of network-based security incidents
- Background in working with international organizations that provide 24x7x365 operations
- Must understand OT, Network and Zero-trust architecture
- Understanding of email security tools, vulnerability management, penetration testing and remediation
- Strong analytical, troubleshooting, and problem-solving skills
- Information Security, alongside significant knowledge and experience of Cyber security
- Working knowledge of Microsoft Sentinel, Qualys, Microsoft Defender, Knowbe4 are essential
- Exposure to Microsoft Purview, MDR services, UBA and IT/OT network environment are desirable
- Excellent verbal and written communication skills
- Ability to manage multiple priorities and work independently or within a team environment
- Relevant certifications preferred, such as:
- CISSP
- Security+
- CISA
- CEH
- GSEC
- Microsoft Certifications