**Hybrid work - Incumbent must work three days each week in the Omaha, NE office** We are seeking anInformation Security Engineerwho will be responsible for daily operational aspects of security systems, including implementation and management of enterprise security monitoring systems, defense in depth, email/content filtering, data loss prevention, patch management, external and internal vulnerability assessments, and monitoring of daily security events from multiple systems/appliances for the reporting of security incidents. Identify, develop, and implement security strategies in accordance with business and technology requirements. Coordinate with the Chief Security Officer to develop, deploy, and maintain consistent and current security practices on all platforms.
Essential Duties & Responsibilities
- Evaluate, develop, implement, configure, tune, and maintain situational appropriate solutions and procedures based on current controls and residual risk to protect the Associations' critical assets.
- Lead / participate in security related projects and initiatives - ensure standardized security requirements are incorporated into architectural plans and delivery.
- Provides technical security support to all teams / teammates within the Associations and may serve as a resource on multiple cross functional teams.
- Build relationships and collaborate with business / technology teams to identify, evaluate, and recommend mitigation strategies in alignment with the Associations' risk appetite.
- Continuously monitoring security events / alerts to detect potential security incidents and initiate appropriate mitigating actions.
- Investigate security events / actionable intelligence, analyze root cause, and recommend / implement appropriate remediation actions to prevent reoccurrence.
- Develop and maintain security policies, standards, and procedures to ensure the confidentiality, integrity, and availability of the Associations' data, platforms, and infrastructure.
- Maintain accurate and current documentation of security controls, policies, procedures, and incident response plans.
- Work with auditors to ensure compliance with regulatory requirements and industry standards / frameworks.
- Partner with cyber-risk assessors to identify vulnerabilities / security weaknesses and implement appropriate / balanced remediation solutions.
- Provide security education to the Associations to promote a secure culture of awareness and empowerment.
- Maintain currency with emerging security threats, trends, and technologies to ensure the Associations are prepared to address emerging and evolving risks.
|