ISO Security Specialist

Job Type

Full Time

General Description

Applies skills as an experienced professional to ensure the security of all information pertinent to the company. Recommends methods and techniques to achieve optimal results and helps establish a culture of security across the organization. Supports the achievement of compliance and regulatory goals that are based on the high level of security built into our products. Creates processes to support high quality security-operations, with real-time monitoring of security and compliance in cloud and on-prem environments with a global user community. The incumbent will need to be highly knowledgeable of the concepts of security, compliance, and risk assessment as well as have the technical ability to converse with other team members about their plans and security concerns.

Essential Duties and Responsibilities

• Leads the implementation of technical and operational security controls that are considered safeguards and /or countermeasures to prevent unauthorized access, modification and disclosure of data, software and infrastructure.
• Assess SecOps factors and facilitates remediation of identified vulnerabilities for security across the enterprise.
• Assesses SecOps factors and facilitates remediation of identified vulnerabilities with the companies' network, systems and applications.
• Operational understanding of Next Generation Firewall solutions and perimeter/edge-based controls such as WAF, DoS & BOT protection.
• Collaborate with service providers/clients/vendors, and other technical engineers for seamless and secure functionality of the networks.
• Engage with architectures to ensure that Firewall architectural designs are in line with the needs of the current and future network and security needs.
• Reviews security logs to monitor unauthorized system access attempts, both internal and external.
• Perform periodic rule and policy set reviews to mitigate stale and unnecessary entries.

Essential Duties and Responsibilities (cont.)

• Develop reports including assessment-based findings, outcomes and propositions for further system security enhancement.
• Knowledge of cloud solutions for Network Security & Firewall engagements.
• Aligns security deliverables with legal, regulatory and contractual requirements that conform with security framework and standards such as NIST SP 800-53 rev 4, ISO/IEC 27000 series, OWASP Top 10, among others.
• Establishes processes and procedure for continuous monitoring to allow operational visibility in enterprise environments.
• Reports on findings and recommendations for corrective action.
• Performs SecOps related assessments as assigned utilizing security tools and methodologies.
• Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of security related scenarios.
• Facilitates and monitors performance of remediation tasks, changes related to mitigation factors & reports on findings.
• Maintains oversight of IT and vendors regarding the security maintenance of their systems and applications.

Essential Duties and Responsibilities (cont.)

• Provides periodic status reports, including outstanding issues.
• Assist in all Cybersecurity audits, risk assessments and regulatory compliance.
• Serve as SME within security projects and perform security operational defined processes.
• Promote awareness of applicable regulatory standards, upstream risks and industry best practices across the company.
• Address questions from internal and external audits and examinations.
• Create concise and comprehensive reports related to security violations, including recommendations for addressing any identified control weaknesses.
• Periodically discuss any SecOps related event and/or innovative ideas that shall mature the companies’ security measures.
• Participate in pre-defined capacitation trainings defined by the unit.

Education

Experience

A minimum of two (2) years of experience in ensuring the security of all information pertinent to a company.

Certifications/Licenses

The following certifications are highly desirable, but not required:

• CompTIA SEC+
• ISC2 SSCP

Knowledge, Skills, and Abilities (KSAs)

• Analytical Skills: Stays focused on main issues, prevents irrelevant issues or distractions from interfering with timely completion of assignments. Collects, researches, and complements data; Synthesizes complex or diverse information. 
• Problem Solving: Identifies and resolves problems in a timely manner; Develops alternative solutions
• Communication Skills: Speaks clearly and persuasively in positive or negative situations; Demonstrates group presentation skills. Writes clearly and informatively; Edits work for spelling and grammar; Presents numerical data effectively.
• Asset Protection: Knowledge of relevant equipment, policies, procedures, and strategies to promote effective local, state, or national security operations for the protection of people, data, property, and institutions.
• Programming Language/Tools: Knowledge of company programming procedures and languages; Processes computer data and generate reports; Implements and troubleshoots programming changes; Knowledge of computer flow charts, programming logic, and codes; Writes technical instructions; Learns new systems and applications.
• Technology: Knowledge of maintenance, reparation and troubleshooting of desktop hardware and software package.

Region Locations

Puerto Rico, US, or Colombia

Work Schedule

Hybrid or Remote

Values

Additional Requirements

The information provided here is only a general guide as to the nature of the position and does not constitute an exact description of the goals, tasks, duties, and responsibilities of the position. The specific details of each position are described in the employee's performance evaluation.