Principal Duties and Responsibilities

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Conducts criticality determinations using Business Impact Analysis and risk assessment methodologies specific to Microsoft's security stack.
• Completes comprehensive system security documentation, with a focus on Microsoft's security stack and cloud-based solutions, such as Azure Cloud Security.
• Executes internal audits of crucial IT functions/processes, cloud solutions, including Azure Cloud Security, and technology vendors to assess the effectiveness of controls and identify control gaps.
• Leverages frameworks like NIST 800-53, NIST 800-171, ISO 27001, and Microsoft’s security best practices.
• Performs information security-oriented risk assessments of key business activities to determine alignment with regulatory and contractual requirements (e.g., EU/UK GDPR).
• Conducts in-depth information security risk assessments, with emphasis on network security, domain administration, and Microsoft's security tools.
• Assesses third-party cybersecurity risks, focusing on evaluating vendor contracts and independent auditor reports (e.g., SSAE 18 SOC2).
• Incorporates technical expertise to improve testing methodologies, develop continuous monitoring tools, and utilize Microsoft Sentinel for security analytics and threat detection.
• Populate and maintain the Cybersecurity Risk Register and associated Plan of Actions and Milestones.
• Provides cybersecurity risk advisory to internal IT teams by focusing on the intersection of information system design and information security / cybersecurity control requirements.
• Assist in the development of tools and other mechanisms to identify, track, and report on information security and cybersecurity risks.
• Educate and build awareness of cybersecurity risk considerations across the global organization, including developing and contributing to security awareness and training content to support the mitigation of cyber risks.
• Assists the Chief Information Security Officer (CISO) in developing risk reporting dashboards.
• Contribute to the advancement of the global cybersecurity program by collaborating directly with the CISO on strategic enterprise-wide initiatives.

Qualifications

To perform this job successfully, an individual must be able to perform each essential duty and responsibility satisfactorily. The qualifications listed below are representative of the required knowledge, skills, and/or abilities needed to perform the principal duties.

• Bachelor’s Degree in Cybersecurity, Computer Science, Management Information Systems, or a related field. Master’s degree in a related field is highly desirable.
• 8-12 years of progressive experience in Information Security / Information Assurance with a focus on network security, domain administration, and Microsoft's security stack. Strong preference for candidates with direct experience in IT / Cyber Governance, Risk and Compliance (GRC), IT Auditing, and / or performing Cybersecurity Maturity Assessments.
• Prior Big 4 / Top 10 Accounting Firm in an IT Risk Assurance / Advisory role is highly desired.
• At least one of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and Certified in Risk and Information Systems Control (CRISC).
• Familiarity with Microsoft's security stack, including domain management, Defender, Sentinel, and Azure Cloud security, is mandatory.
• Strong familiarity with security frameworks and compliance requirements including NIST 800-53, NIST 800-171, CMMC, GDPR, and ISO 27001.
• Comfortable with leading audit walkthrough discussions involving business and technical stakeholders.
• Hands-on experience in managing risks related to network security, domain administration, access control, and change management.
• Ability to take initiative, demonstrate dependability, and ability to work with little to no supervision.
• Strong ability to maintain an independent perspective and providing fact-based conclusions.
• Experience working for a U.S. Government Contractor and / or global organizations in a Cybersecurity GRC oriented role is strongly desired.
• Experience with developing and delivering cybersecurity risk management training.
• Experience performing audits of information technology and cloud-based solutions.
• Strong verbal and written communication skills, with an ability to effectively present material to audiences of varying technical experiences.
• Strong ability to think strategically in the context of cybersecurity risk mitigation and digitalization objectives.