• Schedule and execute recurring IT controls for all enterprise systems.
• Help to manage all remediations related to IT security controls execution.
• Help document and refine policies and procedures within our information security management system.
• Coordinate 3rd party security audits.
• Coordinate 3rd party pen testing services.
• Participate in the development of policies and procedures required for ISO-27001 certification and other security frameworks.
• Help with the roll out of new security tools and processes.
• Create and manage security awareness training campaigns.
• Create and manage phishing simulation campaigns.
• Create and manage information security pages on the company Intranet.
• Participate in risk assessments in accordance with ISO-27001 requirements and participate in the development of risk treatment plans by working with asset owners.
• Provide support for investigating security incidents, e.g., phishing attacks.
• Help to operate our security operations center (SOC).

Required Qualifications:

• Bachelor’s degree in information security, computer science, engineering, or related technical field with 1-3 years of relevant experience.
• Possess one or more information security certifications such as CISSP, CISA, GIAC, CompTIA Security+, CCSP, AWS certification.
• Experience monitoring IaaS, PaaS and SaaS environments for security events.
• Experience using scripting/automating tools such as PowerShell, Python, and operating Active Directory and enterprise authentication and authorization mechanisms.
• Excellent communication, presentation, and documentation skills.

Preferred Qualifications:

• Experience with AWS security architecture and Cloud Access Security Brokers (CASB) highly preferred.

NA