Job Summary

The Lead Security Controls Assessor conducts comprehensive assessments of the organization’s security controls within the information technology system to determine the overall effectiveness of the controls. The candidate chosen will be a key member of our IT Compliance Team within Information Security. 

As the Lead Security Controls Assessor, you will work closely with the Information Security and IT departments to assess and validate the organizations security controls and compliance to applicable standards. This role will provide advisory support and recommendations on how to remediate potential gaps and issues to meet compliance objectives and security standards.

This position will report to the Sr. Manager of IT Compliance and will be performed from SHI's office location in Somerset, NJ or Austin, TX.

About Us

Since 1989, SHI International Corp. has helped organizations change the world through technology. We’ve grown every year since, and today we’re proud to be a $14 billion global provider of IT solutions and services.

Over 17,000 organizations worldwide rely on SHI’s concierge approach to help them solve what’s next. But the heartbeat of SHI is our employees – all 6,000 of them. If you join our team, you’ll enjoy:

• Our commitment to diversity, as the largest minority- and woman-owned enterprise in the U.S.
• Continuous professional growth and leadership opportunities.
• Health, wellness, and financial benefits to offer peace of mind to you and your family.
• World-class facilities and the technology you need to thrive – in our offices or yours. 

Responsibilities

• Manage security controls assessments including kickoff, submission of deliverables, final report, and executive briefing;
• Conduct controls assessments of existing security measures and identify areas for improvement
• Lead assessment interviews, testing, and coordinate evidence requests;
• Conduct audits to ensure that security controls are implemented correctly and operating effectively;
• Establish policies and procedures based on industry standards and compliance objectives;
• Perform security risk assessments of new technologies and third party vendors to determine potential impact on security;
• Monitor and evaluate a system's compliance with security, resilience, and dependability requirements;
• Perform security reviews and identify security gaps in architecture resulting in recommendations for inclusion in the risk management strategy;
• Perform security risk analysis whenever an application or system undergoes a major change;
• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks;
• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations;
• Produce quality deliverables in a timely fashion;
• Prepare metrics and reports for management on the status of IT Compliance objectives;
• Produce documentation and diagrams as needed;
• Represent the Information Security Team by participating directly with projects and provide guidance, requirements and documentation for security related purposes when requested;
• Evaluate, document and maintain standards, processes and procedures relative to security and privacy;
• Provide insightful recommendations to improve security posture.

Qualifications

• 5 years experience in Ccybersecurity
• Minimum 3 years' experience in a Security Controls Assessor position
• Bachelor’s degree in information technology or equivalent experience
• Security certification such as CISA, CISM, and CISSP.
• Experience with security and privacy standards (PCI, ISO27001, SOC2, NIST, GDPR, CCPA, etc.)

Required Skills

• Able to meet deadlines and manage multiple projects
• Able to build and foster strong working relationships
• Able to present information on technical subjects in an understandable manner in both oral and written form
• Able to take ownership of a project through the life cycle
• Able to work independently, self-motivated
• Proficient computer skills required, experience using Microsoft applications (Word, Excel, PowerPoint, Visio and Outlook)
• Experience with ServiceNow or other GRC application a plus
• Excellent communication and organizational skills

Certifications Required

• Security certification such as CISA, CISM, and CISSP.

Additional Information

• The estimated annual pay range for this position is $90,000- $110,000. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending.
• Equal Employment Opportunity – M/F/Disability/Protected Veteran Status