Information Security Advisor

Role: Information Security Contract Advisor

Location: Dresher, PA (Onsite)

Duration: Long Term

Role Summary:

The Information Security Analyst will be a member of the Information Security team, leading cyber security-related contract, vendor, and compliance-focused efforts. This role will balance business priorities, information security risks, business initiatives, and compliance-related best security practices when pursuing appropriate contractual strategies ensuring the confidentiality, integrity, and availability of information assets. The Security Analyst will develop and maintain relationships with multiple areas of the business to include legal, risk management, compliance, facilities, and all areas of IT.

Responsibilities:

• Responsible for protecting, securing, and proper handling of all confidential data to ensure against unauthorized access, improper transmission, and/or unapproved disclosure of information that could result in harm to our clients.
• Participate in the business RFP process to help attract, win, and retain business, acting as the SME for Information Security-related inquiries.
• Triage new supplier contracts to validate risk level, completeness of security addendum language, and correlation with vendor risk management profile details.
• Process requests for new and existing vendors, handling the information security tasks associated with the vendor review and certification process.
• Review vendor’s attestation documents to confirm required security controls are in place and tested properly. Confirm compliance in alignment with vendor risk management program.
• Review individual answers from vendors and determine if company policy and contractual requirements are being met.
• Identify exception requests and escalate to assigned BISO as needed.
• Lead the Information Security portion(s) of the SOC2 and ISO recertification processes: monitor, test, and report on design and effectiveness of internal controls.
• Organize materials used for assessment to be reused for future assessments to improve efficiency and expedience.
• Performing gap assessments against existing or prevailing information security controls to decide whether a control is satisfactory. Communicate results across teams and work to improve or develop controls.
• Map controls to roles and policy within the Governance Risk and Compliance (GRC system
• Coordinate and process policy updates from BISOs and present to risk management policy review committee.
• Responsible for gathering and processing Information Security scorecard metrics.
• Participate in industry-related organizations such as ISACA, FS-ISAC, IANS, etc. to gain knowledge and experience.
• Lead increasingly complex efforts to enhance processes & procedures within the Information Security function.
• Our I-Client service philosophy and our Core Values of People Matter, Quality First and Integrity Always® should be visible in your actions on a day-to-day basis showing your support of our organizational culture.
• Assist with other tasks and projects as assigned.

Skills / Knowledge required:

• Bachelor’s degree or Associate degree plus equivalent work experience required.
• Security Certifications like Security , Network or Associate of ISC2.
• Knowledge of information security policies, controls, and processes.
• Familiarity with the audit processes for information systems and security.
• Knowledge infrastructure (networks, servers), databases and internet technologies.
• Understanding of application platforms including web, mobile, and cloud.
• Knowledge or experience working with Governance Risk & Compliance (GRC) systems such as LogicManager, eGRC, RSA Archer etc.
• Experience in security industry knowledge that evolves with current and emerging threats, as well as an ongoing understanding of key business and technological processes.
• Strong written and oral communication skills. The ability to communicate effectively (clear, concise, and professionally) with all levels.
• Highly organized and able to process and manage inventories of controls and findings.
• Excellent analytical and problem resolution skills.
• Self-starter and able to work independently.
• Persistence and strength to champion initiatives.
• Proficiency in MS Office software applications, specifically Word, Excel, and Power Point.
• Experience managing projects, creating plans, tracking tasks, and escalating issues.

Sagar Kumar

Sibitalent Corp.

E-Mail: sagar.kumar@sibitalent.com

Website:www.sibitalent.com

Office – 101, E, Park Blvd.-Suite 600, Plano, TX 75074