The Chief Security Engineer CSE/CISO – This is the primary technical resource leading, driving, implementing, and supporting the objectives of Arisant’s GRC goals and responsibilities. This person is responsible for security at Arisant.
This role will oversee Arisant’s internal and external security responsibilities, including developing, implementing, and enforcing security policies and technical controls to protect critical data.
This role implements and leads the various security tasks to be executed either by the CSE themselves (hands-on), the Managed Services team, consultants and analysts. This work includes using various security and automation tools, and organizes supporting documentation including architecture diagrams, data flow diagrams, vendor documentation, processes, and procedures, etc.
This role will be key in growing the technical maturity of the GRC program and will be reporting directly to the CTO.
Areas of immediate focus for security are: Architecture & Engineering, Incident Response, Identity & Access Management and Device Management.
Required
- College diploma or University degree in Computer Science, Information Technology, or related discipline and/or four (4) years of equivalent work experience. Four (4) years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management.
- Five (5) years of experience working hands-on in technical environments implementing technical security controls in Linux and Windows systems running and supporting Enterprise workloads.
Desired
- Experience working hands-on as an Oracle Database Administrator DBA or Microsoft SQL Server DBA.
- Experience working hands-on as an Application Server administrator with Oracle Weblogic or Microsoft IIS.
- Experience working hands-on as a Linux or Windows Administrator.
- Experience working with Microsoft Defender for End-Point and Microsoft Intune.
- Experience working with Mobile Device Management systems, tools and technologies.
- CISSP Certification.
Job Responsibilities
- Implement, operationalize, and improve technical solutions to support effective and auditable compliance to applicable industry standard and regulations (SOX, PCI, MICS, NIST, HIPAA, etc.)
- Review and continuously improve written compliance audit and due diligence procedures for execution by various technical and non-technical staff, including managed services personnel, consultants, staff, and consultants.
- Support and maintain all security systems including tools used for audit automation, asset management, application inventory, change management, and vulnerability management.
- Identify, evaluate, recommend, and implement technical improvements to mitigate control failures and gaps for projects, customers and stake holders.
- Own and maintain the technical details within Arisant’s technical control framework, including accurate scoping of systems and networks, technical interpretations of controls, descriptions of artifacts, etc.
- Conduct periodic reviews of audit processes to optimize audit procedures and technical artifacts.
- Operate as the technical subject matter expert to respond to inquiries from third-party assessors and auditors.
- Collaborate with peers and management in various teams to ensure enterprise technical compliance requirements are effectively operationalized.
- Support corporate compliance for the patch management process through reporting and technical interpretation of system vulnerabilities. Track operational remediation efforts against defined Service Level Agreements (SLAs).
- Lead efforts to validate production changes to improve quality and accountability of system changes.
- Remain current on best practices and technological advancements and act as a technical resource for security assessment and regulatory compliance.
- Oversee and conduct training for IT GRC for Arisant.
- Evaluate risks and develops security standards, procedures, and controls to manage risks. Improve security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Understand and enforce all applicable regulatory requirements and artifacts for control requirements, including but not limited to SOX, PCI-DSS, NIST, and jurisdictional specific Minimum Internal Control Standards (MICS).
Qualifications
- Effectively translate industry regulations, standards, and internal controls to all audience types, including non-technical stakeholders and highly technical IT engineers and architects.
- Excellent ability to collaborate with other teams with alternative or conflicting areas of focus.
- Working knowledge of Information technology systems at the application, data, operating system, virtualization, storage, and networking layers.
- Knowledge of applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
- Researching and locating information related to internal and external organizations using online and other sources.
- Troubleshooting and operating a computer and various software packages.
- Defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions.
- Using judgment and ingenuity in maintaining objectives and technical standards.
- Ability to apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process.
- Comprehend technical language and to confer, analyze and write in an objective, lucid manner.
- Work independently and prioritize multiple tasks and adapt to needed changes.
- Ability to pull data from database tables, database views, application sources, and other data stores for the purpose of compliance reporting.
- Poise and ability to act calmly and competently in high-pressure, high-stress situations.
- Familiarity with state, local, federal, and gaming laws & regulations, as well as risk assessment and management methodology.
- Must be a critical thinker with strong problem-solving skills.
- Remain calm under high pressure/difficult situations.
- Maintaining confidentiality.
- Strong consideration given for compliance related certification or trainings, specifically with one or more of the following certifications or training: CISSP and CISA.
No relocation expenses, travel expenses, or visa sponsorship are offered. NO THIRD-PARTY RECRUITERS.
Arisant is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans’ status, age, or any other characteristic protected by law. Salary
The salary range for this position is $110,000 - $150,000 annually. Actual compensation will be determined by several components, including but not limited to, relevant experience, qualifications, and other job-related factors permitted by law.