Senior Cybersecurity Specialist
Who we are?As the world's largest organization of board-certified pathologists and leading provider of laboratory accreditation and proficiency testing programs, the College of American Pathologists (CAP) serves patients, pathologists, and the public by fostering and advocating excellence in the practice of pathology and laboratory medicine worldwideIn 2020, the CAP was recognized as one of the Chicago Tribunes Top Workplaces for the fifth yearThe CAP was also recognized as a socially responsible employer by Center for Companies That Care for the sixth yearOur Culture CAP employees make a meaningful difference by partnering with colleagues customers and members on challenging and rewarding workCAP provides its employees with an energetic and collaborative work environment and encourage opportunities to further develop their skillsoffering reimbursement for educational programs and participation in events that enhance your skillsWe offer a generous compensation and benefits package, 401K, and more Brief Description The Senior Cybersecurity Specialist:
Demonstrates independent judgment and decision-making related to core job responsibilities.
Understands cloud compute technologies and can proficiently provide security insight and recommendations to safeguard cloud resources.
Manages Microsoft Active Directory services both on-premise and in the cloud.
Understands and implements Microsoft M365 E3/E5 security and compliance capabilities.
Researches, engineers and integrates new Cybersecurity solutions.
Provides strategic and tactical thought leadership across cybersecurity and applications security disciplines.
Provides thought leadership related to security technology implementations and associated configurations.
Manages security projects.
Facilitates, coordinates and executes security processes and procedures for applications, networks, and endpoints on a day-to-day basis.
Works with IS management, project teams, and architecture in the analysis of business security/risk management requirements.
Coordinates the implementation and maintenance of security technologies.
Develops and maintains security processes, procedures, and communications.
Ensures security integrity and compliance via auditing, monitoring, assessment, and mitigation of security issues and risks.
Provides thought leadership, guidance and expertise for application security identity and access management systems.
Contributes to the CAPs service culture by supporting departmental operating level objectives.
Provides technical guidance and oversight on network and perimeter security.
Works with security manager to define security policies and procedures.
Specific Duties Primary duties and
Responsibilities:
Provides leadership and technical guidance to application security team:
Works with IS managed services team to support existing identity and access management systems.
Helps define requirements for current and future identity and access management solutions.
Assesses and refines new project scope between project teams and application security team.
Governs application security standards and policies by working with cybersecurity, application security, architecture, and other IS business units.
Provides technical guidance and helps coordinate the resolution of application security issues.
Assists with management and coordination of the strategic cybersecurity program development:
Works with IS management and business in the evaluation and implementation of business security/risk management requirements.
Understands the fundamental business activities performed by the CAP and based on this understanding works with Architecture/SMEs to develop appropriate information security solutions, guidelines, and standards (applications, middleware, network, compute, and endpoint).
Collaborates with project teams as necessary regarding security topics and assessing risk.
Continually works with stakeholders, customers, and technical resources to maintain security technologies and configurations by coordinating the necessary activities to develop approach, scope of effort, and path to resolution.
Assists with compliance audits.
Ensures strong customer service attitude and ability to adapt to a changing environment.
Interfaces with IS staff and customers/users regarding security services and support.
Security Project Management:
Manages security projects, which often require considerable resources and high levels of functional integration over the project lifecycle.
Collaborates with dedicated project managers to ensure delivery on larger security projects.
Interfaces with a diverse audience, including technical project teams, end users, CAP management, vendors, and service providers.
Ensures adherence to quality standards and project deliverables.
Security Policies, Processes, Procedures, and Communication:
Assists with the development and maintenance of security policies, processes, and procedures.
Assists with the management of security operations center to perform security threat response handling procedures.
Provides and/or coordinates communication and training related to security processes, procedures, guidelines, and standards.
Continually works with stakeholders, customers, and technical resources to maintain security process and procedures.
Coordinates with other IS operations and service management processes (such as problem management and configuration management) as appropriate.
Security Activity Coordination:
Working with internal staff and managed security service providers, coordinates and oversees the provisioning and de-provisioning of digital identities and access rights, ensuring that account and system access activities (creations, modifications, and deletions) occur in a timely and appropriate manner.
Assists with risk assessments activities and helps develop risk mitigation plans.
Leads incident response triage, containment, and resolution.
Assists with conducting security vulnerability scanning and coordinates creation and implementation of vulnerability remediation plans.
Provides security guidance for non-security projects.
Ensures and maintains security integrity throughout migrations, releases, and environment refreshes.
Analyzes, evaluates, and makes recommendations to strengthen the security environment.
Assists with security testing and assurance.
Security Issue Resolution:
Works with managed security service providers to analyze and coordinate the resolution of security and access problems related to applications, middleware, compute, network, storage, and end points.
Conducts analysis and troubleshoots information security related incidents and coordinates mitigation as required.
Monitoring:
Works with managed security service providers to oversee and coordinate security operations center monitoring.
Evaluates and recommends tools used to monitor security events.
Utilizes correlation tools and other analysis tools (SIEM) to identify vulnerabilities or environmental changes that produce risksKnowledge/Skills Required/Preferred Personal:
Strong interpersonal and communication skills, both written and verbalEffectively works within matrixed team structuresLeads by exampleExcellent communication and collaboration skills at all technical and management levels Professional:
Strong project, planning, and support skillsStrong presentation and negotiating skillsStrong analysis and design skillsProven troubleshooting and issue diagnosis skillsProven ability to lead without authority Technical:
Thorough understanding of cybersecurity technologies including the following:
Firewalls and web application firewallsSIEM toolsVulnerability management toolsPrivileged access managementEndpoint protection technologiesMicrosoft Active DirectoryM365 E3/E5 security and complianceGovernance and risk management tools?Strong understanding of security principles relating to applications, middleware, data center technologies, networks, and endpoints.
Cloud compute technology security expertiseDeep understanding of web technologies is essentialIaaS, PaaS and SaaS servicesFamiliarity with security frameworks, such as NIST (National Institute of Standards and Technology).
Education/Experience Education:
Bachelors degree in computer science/business or proven equivalent work experience is required
Experience:
Minimum 10 years experience in information services.
Minimum - 6 years experience in information security, infrastructure, or related field.
Proven record of thought leadership and ability to manage technical and non-technical security initiativesRelated certifications:
Technical certifications in any above-mentioned skill areas are a plus, which include but are not limited to CISSP, CISM, CISA, Cloud +.
Additional CriteriaSchedule flexibility to allow for availability required during the CAPs non-business hours for activities such as resolution of critical issues or outages, managing off-hours maintenance, meetings with offshore teams, or other critical business needs.
Travel required when necessary; expected to be less than 10%PandoLogic.
Category:
Technology, Keywords:
Information Systems Security Professional Recommended Skills Adaptability Application Security Architecture Auditing Certified Information Security Manager Certified Information Systems Security Professional Estimated Salary: $20 to $28 per hour based on qualifications.
Demonstrates independent judgment and decision-making related to core job responsibilities.
Understands cloud compute technologies and can proficiently provide security insight and recommendations to safeguard cloud resources.
Manages Microsoft Active Directory services both on-premise and in the cloud.
Understands and implements Microsoft M365 E3/E5 security and compliance capabilities.
Researches, engineers and integrates new Cybersecurity solutions.
Provides strategic and tactical thought leadership across cybersecurity and applications security disciplines.
Provides thought leadership related to security technology implementations and associated configurations.
Manages security projects.
Facilitates, coordinates and executes security processes and procedures for applications, networks, and endpoints on a day-to-day basis.
Works with IS management, project teams, and architecture in the analysis of business security/risk management requirements.
Coordinates the implementation and maintenance of security technologies.
Develops and maintains security processes, procedures, and communications.
Ensures security integrity and compliance via auditing, monitoring, assessment, and mitigation of security issues and risks.
Provides thought leadership, guidance and expertise for application security identity and access management systems.
Contributes to the CAPs service culture by supporting departmental operating level objectives.
Provides technical guidance and oversight on network and perimeter security.
Works with security manager to define security policies and procedures.
Specific Duties Primary duties and
Responsibilities:
Provides leadership and technical guidance to application security team:
Works with IS managed services team to support existing identity and access management systems.
Helps define requirements for current and future identity and access management solutions.
Assesses and refines new project scope between project teams and application security team.
Governs application security standards and policies by working with cybersecurity, application security, architecture, and other IS business units.
Provides technical guidance and helps coordinate the resolution of application security issues.
Assists with management and coordination of the strategic cybersecurity program development:
Works with IS management and business in the evaluation and implementation of business security/risk management requirements.
Understands the fundamental business activities performed by the CAP and based on this understanding works with Architecture/SMEs to develop appropriate information security solutions, guidelines, and standards (applications, middleware, network, compute, and endpoint).
Collaborates with project teams as necessary regarding security topics and assessing risk.
Continually works with stakeholders, customers, and technical resources to maintain security technologies and configurations by coordinating the necessary activities to develop approach, scope of effort, and path to resolution.
Assists with compliance audits.
Ensures strong customer service attitude and ability to adapt to a changing environment.
Interfaces with IS staff and customers/users regarding security services and support.
Security Project Management:
Manages security projects, which often require considerable resources and high levels of functional integration over the project lifecycle.
Collaborates with dedicated project managers to ensure delivery on larger security projects.
Interfaces with a diverse audience, including technical project teams, end users, CAP management, vendors, and service providers.
Ensures adherence to quality standards and project deliverables.
Security Policies, Processes, Procedures, and Communication:
Assists with the development and maintenance of security policies, processes, and procedures.
Assists with the management of security operations center to perform security threat response handling procedures.
Provides and/or coordinates communication and training related to security processes, procedures, guidelines, and standards.
Continually works with stakeholders, customers, and technical resources to maintain security process and procedures.
Coordinates with other IS operations and service management processes (such as problem management and configuration management) as appropriate.
Security Activity Coordination:
Working with internal staff and managed security service providers, coordinates and oversees the provisioning and de-provisioning of digital identities and access rights, ensuring that account and system access activities (creations, modifications, and deletions) occur in a timely and appropriate manner.
Assists with risk assessments activities and helps develop risk mitigation plans.
Leads incident response triage, containment, and resolution.
Assists with conducting security vulnerability scanning and coordinates creation and implementation of vulnerability remediation plans.
Provides security guidance for non-security projects.
Ensures and maintains security integrity throughout migrations, releases, and environment refreshes.
Analyzes, evaluates, and makes recommendations to strengthen the security environment.
Assists with security testing and assurance.
Security Issue Resolution:
Works with managed security service providers to analyze and coordinate the resolution of security and access problems related to applications, middleware, compute, network, storage, and end points.
Conducts analysis and troubleshoots information security related incidents and coordinates mitigation as required.
Monitoring:
Works with managed security service providers to oversee and coordinate security operations center monitoring.
Evaluates and recommends tools used to monitor security events.
Utilizes correlation tools and other analysis tools (SIEM) to identify vulnerabilities or environmental changes that produce risksKnowledge/Skills Required/Preferred Personal:
Strong interpersonal and communication skills, both written and verbalEffectively works within matrixed team structuresLeads by exampleExcellent communication and collaboration skills at all technical and management levels Professional:
Strong project, planning, and support skillsStrong presentation and negotiating skillsStrong analysis and design skillsProven troubleshooting and issue diagnosis skillsProven ability to lead without authority Technical:
Thorough understanding of cybersecurity technologies including the following:
Firewalls and web application firewallsSIEM toolsVulnerability management toolsPrivileged access managementEndpoint protection technologiesMicrosoft Active DirectoryM365 E3/E5 security and complianceGovernance and risk management tools?Strong understanding of security principles relating to applications, middleware, data center technologies, networks, and endpoints.
Cloud compute technology security expertiseDeep understanding of web technologies is essentialIaaS, PaaS and SaaS servicesFamiliarity with security frameworks, such as NIST (National Institute of Standards and Technology).
Education/Experience Education:
Bachelors degree in computer science/business or proven equivalent work experience is required
Experience:
Minimum 10 years experience in information services.
Minimum - 6 years experience in information security, infrastructure, or related field.
Proven record of thought leadership and ability to manage technical and non-technical security initiativesRelated certifications:
Technical certifications in any above-mentioned skill areas are a plus, which include but are not limited to CISSP, CISM, CISA, Cloud +.
Additional CriteriaSchedule flexibility to allow for availability required during the CAPs non-business hours for activities such as resolution of critical issues or outages, managing off-hours maintenance, meetings with offshore teams, or other critical business needs.
Travel required when necessary; expected to be less than 10%PandoLogic.
Category:
Technology, Keywords:
Information Systems Security Professional Recommended Skills Adaptability Application Security Architecture Auditing Certified Information Security Manager Certified Information Systems Security Professional Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
