Information Security Specialist

Harrison Street is a leading investment management firm exclusively focused on alternative real assets. Headquartered in Chicago and London with offices throughout North America, Europe and Asia, the Firm has more than 280-employees and nearly $56 billion in assets under management. Clients of the Firm include a global institutional investor base domiciled in North America, Europe, Asia-Pacific, Middle East and Latin America.

Under direction of the Director, Head of Information Security, Global CISO, the candidate will support and assist on Harrison Street’s (HS’s) multi-faceted cybersecurity program. The candidate works with internal and external business partners, technology staff, and third-party vendors to drive the cybersecurity strategy, manage tactical cybersecurity initiatives, and complete day to day cybersecurity related tasks. Further, the candidate will assist in external communications and maintain reporting requirements with the security program to maintain a best-in-class program in a regulated environment. Attention to detail, ownership, accountability, and critical thinking skills are required.

• 50% HS 3rd Party / External Cybersecurity Program Management
• Manage 3rd party vendor cybersecurity assessments, risk tracking, and other activities.
• Leads cybersecurity conversations with vendors to provide ongoing monitoring and control enforcement of required controls.
•     Lead execution of cybersecurity audits on HS Operating Partners and other 3rd party partners and managers.
•     With input from the CISO, as needed, oversees and improves the cybersecurity maturity models, risk ratings, and internal/external facing audit output templates.
• Works to understand the evolving cybersecurity risk at the asset, JV, and manager levels and continually enhances the program to mitigate.
• Builds a working relationship with third party partners to provide advisory input, cybersecurity posture and potential enhancements.
•     Works with internal stakeholders to prioritize audits and conducts follow up debrief calls with operating partners.
•     Provides input into third party audit requests and generates evidence as needed.
•  
• 25% Documentation, Configuration, Technical Writing, and Communication
•     Provide input to and assist with the updates of policies, procedures, and other program related documentation.
•     Assist with the configuration & oversight of cybersecurity tools & platforms.
•     With support from the CISO as needed, produce executive level documentation, audit reports, analysis, technical writings, and communication.
•     Effectively communicate with executives, business level stakeholders, employees, operating partners, and vendors.
• Communicate details around complex topics
• Set and manage realistic and appropriate expectations
• 
  
• 20% HS Cybersecurity Program Management Support
•     Assist in maintaining a program aligned to the NIST cybersecurity framework, SEC and other regulatory guidance, and industry best practices.
•     Assist with the evaluation, mitigation, and reporting of information security risks within Harrison Street.
•     Provide input into firmwide risk meetings; participates in quarterly security strategy and risk management meetings, as appropriate.
•     Assist with the improvement of Harrison Street’s existing cybersecurity toolset by planning and executing on toolset enhancements, as appropriate.
•     Assists with monitoring threats, responding to incidents, and taking preventative measures.
•     Assists with audits, e.g., SOX, data privacy and regulatory compliance, and other initiatives. Leverages IT tools to support audit artifact requests.

• 5% Miscellaneous
•     Attend meetings and serve on committees, as requested.
•     Maintain and increase knowledge and skills through attendance at meetings, conferences, training seminars and in-service training sessions.

•     3 years of experience in a regulated mid-market technology environment.
•     Bachelor's Degree in a technical discipline such as Information Security, Computer Science, Information Services, or related field.
•     Experience with Program and Project Management.
•     Security certifications such as CISSP, CISA, or CISM preferred.
•     Knowledge of PCI-DSS, HIPAA, HITRUST, and SSAE 18 SOC 1 & 2 preferred.
•     Experience with various hardware, software, and communications products preferred.
•     Knowledge of data communications and network security fundamentals preferred.
•     Knowledge of database fundamentals preferred.
•     Knowledge of platform and system integrations preferred.
•     Knowledge of Enterprise Architecture design preferred.
•     Knowledge of M&A diligence and integrations preferred.

•     Must be able to evaluate critical problems and determine solutions.
•     Must have excellent written and verbal communication skills.
•     Must be able to interpret and apply relevant laws, regulations and policies.
•     Must be able to read and understand technical manuals.
•     Must be able to work for extended time at keyboard/terminal.
•     Must be able to maintain professional and effective working relations with supervisors, co-workers.
•     Must be able to work flexible hours, including weekends and evenings.
•     Must be able to learn new skills and technologies.

•     Ability to travel up to 10%