Networking for Future - Tysons Corner, VA
posted 2 days ago
About the position
NFF is seeking a skilled Information Security professional to manage and prioritize risks in a risk register based on likelihood and impact. The role involves identifying control sets to align cybersecurity controls with regulatory and contractual requirements such as CSF, PCI, and FFIEC. The candidate will collaborate with teams to design, implement, monitor, and remediate necessary security measures, conduct information security risk assessments, and validate required controls. Responsibilities also include documenting evaluation results, creating data sources for detecting gaps, deploying and managing security solutions, and providing regular reports of cybersecurity posture to senior management. The position requires developing enterprise policies and standards and assisting in training and awareness activities.
Responsibilities
- Manage and prioritize risks in a risk register based on likelihood and impact.
- Identify control sets to align cybersecurity controls with regulatory and contractual requirements such as CSF, PCI, and FFIEC.
- Collaborate with teams to design, implement, monitor, and remediate necessary security measures.
- Implement tests and reporting to establish control effectiveness.
- Conduct information security risk assessments to evaluate information systems, vendors, programs and procedures.
- Define system boundaries and threat models.
- Identify attack paths.
- Validate required controls.
- Identify gaps in vulnerability assessments and testing.
- Document evaluation results and recommendations.
- Create data sources and analytical processes to detect gaps.
- Deploy and manage security solutions.
- Provide regular reports of cybersecurity posture to senior management.
- Develop enterprise policies and standards.
- Assist training and awareness activities.
Requirements
- Bachelor's degree in computer science, information security, or a related field.
- Minimum of eight (8) years of experience in Information Security or a combination of education and experience which meets the requisite skill level.
- Demonstrated technical knowledge of one or more key information system platforms with the associated configurations used to secure them: Windows, Linux, AWS, Salesforce.
- Technical experience in several security domains: identify and access, systems, networking, cloud, security tools, monitoring, incident response, forensics, applications and interfaces.
- Experience in one or more areas: risk assessment, DLP, GRC, IT audit, IT controls design and testing, and/or third-party risk review.
- Ability to scope data classification and control requirements based on regulatory requirements.
- Ability to manipulate data using SQL and/or Excel functions.
- Ability to present summary data in graphs and charts.
- Experience with cloud security controls.
- Excellent customer service skills.
- Strong research, analytical, and problem-solving skills.
- Excellent oral and written communication skills, including technical writing.
- Ability to function independently and as a team member.
Nice-to-haves
- Technical certs for Windows, Linux, Microsoft 365, AWS, Salesforce and/or SANS preferred.
- Professional security certs such as CISSP, CRISC, CISM, CIPP, or CTPRP are preferred.
- Experience with vulnerability management systems (Nessus, Qualys, Rapid7, etc.).
- Experience working in a GRC application (e.g. RSA Archer, ServiceNow, etc.).
- Experience with large enterprise IT environments.
Benefits
- Medical, Dental and Vision, Health Savings Account, Flexible Spending Account.
- STD, LTD, Supplemental life insurance and ADD&D.
- Comprehensive 401k plan.
- Paid Time Off.
