ZipRecruiter

Log In

Senior IT Security Specialist - GRC

Senior IT Security Specialist - GRC

1872 Consulting

Chicago, IL • On-site, Remote

Other

Posted 18 days ago

Job description

Senior IT Security Specialist – GRC
RESPONSIBILITIES
  • Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed.
  • Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation.
  • Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements.
  • Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. 
  • Serve as a subject matter expert for Information Security consulting to technical / non-technical management and staff.
  • Manage and support the 3rd Party Security Vendor Risk Management program and lifecycle.
  • Manage the exception request process and consult as needed.
  • Lead the Security Awareness program.  This includes roadmap development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs.  
  • Management and support of the GRC technology platforms.
  • Conduct evaluations of an IT program or its individual components to determine compliance with published standards.
 
SKILL SET DESIRED
  • 5+ years of experience working in IT Security, Governance, Risk and/or Compliance
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
  • Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG… is required
  • Technical writing experience is required.  Experience with instructional content, educational writing, and technical writing strongly preferred.
  • Three or more years of experience managing timelines and being self-directed preferred.
  • Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred.
  • Client focus, including tact and diplomacy is required.
  • Interview, gather, and understand content from subject-matter experts
  • Maintain accurate records and manage client security and risk requests
  • Ability to perform as primary Security Subject Matter Expert (SME).
  • Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
  • Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the company's security program and controls.
  • Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents.
  • Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users.
  • Communicates succinctly and effectively
  • Strong organization and problem-solving skills required
  • Strong project and time management skills required
  • Strong reading comprehension skills required
  • Strong analytical ability with excellent written and verbal communication skills required
  • Strong PC skills with Microsoft (i.e. Word, Excel, PowerPoint) required
  • Ability to work independently and as a group member is required
  • SharePoint administration is preferred for team intranet site management
  • Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options.  
  • Strong knowledge of risk management principles and practices.
  • Strong knowledge of security administration and role-based security controls.
  • Strong knowledge and use of GRC platforms.
  • Knowledge of host and network-based anti-malware technologies.
  • Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote.
  • Knowledge of client and server firewalling technologies and capabilities.
  • Knowledge of security event management (SIEM), event correlation and analysis technologies.
  • Knowledge of data encryption technologies.
  • Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
  • Knowledge of web filtering and email SPAM prevention techniques.
  • Knowledge of vulnerability assessment and forensic investigations tools.
  • Knowledge of mobile device security and Mobile Device Management solutions.
  • Knowledge of Privileged Access Management technologies.
1872 Consulting logo

About 1872 Consulting

Sourced by ZipRecruiter

1872 Consulting, based in Chicago, IL, USA, operates within the IT consulting industry. Armed with a diverse team of experts, the company offers specialized IT consulting services, focusing on modernizing business technologies and driving innovative business strategies. Established in 1872, the company has a rich history marked by its commitment to bridging the gap between businesses and technology. Its mission is to empower organizations to surpass their business goals by providing state-of-the-art IT solutions and service. The company prides itself on its core values of integrity, excellence, and innovation, instilling these principles in every project they undertake.

Industry

It services

Company size

11 - 50 Employees

Headquarters location

Chicago, IL, US

Year founded

2014

View All 1872 Consulting Jobs

Apply

Most Popular Jobs Similar to Information Security Specialist

Other Helpful Pages Related To Senior IT Security Specialist - GRC

Frequently asked questions

Q: What skills or qualities help someone succeed as a Information Security Specialist?

A: To succeed as an Information Security Specialist, key technical skills include proficiency in security frameworks and protocols (e.g., NIST, HIPAA), programming languages (e.g., Python, C++), and security tools (e.g., firewalls, intrusion detection systems). Additionally, strong analytical and problem-solving skills, as well as effective communication and collaboration skills, are essential for working with cross-functional teams and stakeholders to identify and mitigate security risks. These technical and soft skills enable Information Security Specialists to effectively protect an organization's assets and data, supporting career growth and effectiveness in the role.

Q: What is the career path for a Information Security Specialist?

A: A typical career path for an Information Security Specialist involves progression from entry-level roles such as Security Analyst or Junior Penetration Tester, to mid-level positions like Security Consultant or Incident Response Specialist, and ultimately to senior roles like Chief Information Security Officer (CISO) or Security Architect. Key opportunities for skill development and professional growth include certifications like CompTIA Security+ or CISSP, as well as hands-on experience with security tools and technologies, and staying up-to-date with industry trends and best practices. Long-term career prospects may lead to leadership positions in security, or opportunities to transition into related fields like cybersecurity consulting, risk management, or digital forensics.

All JobsInformation Security Specialist Jobs
1872 Consulting job posting for a Senior IT Security Specialist - GRC in Chicago, IL with a salary of $58,800 to $109,300 Annually with a map of Chicago location.