SourcePro Search, LLC
Senior Security Compliance Specialist
SourcePro Search, LLC, New York, New York, us, 10261
The ideal candidate will support the Firm in ensuring we continuously set a high bar for security compliance across our domestic and international office locations. This role reports to the Information Security Directors in leading our global information security operations. Lead the team in completing client security assessments, updating policies, performing evidence gathering and ensuring technology artifacts are current. You will be responsible for assessing information risk and facilitating remediation of identified issues. Success in this position is exhibited by collaborating with our information security team, information technology engineers and partners to detect, investigate and resolve suspected security events and to drive new IT security initiatives to improve our security posture.
What You'll Do:
Conduct, review and respond to client security questionnaires, audits, client assessments. Evaluate our information security policies in contrast with client security frameworks. Ensure our cyber risk and audit findings are communicated, managed and remediated. Perform risk analysis with IT leadership and department owners to identify potential gaps. Perform regular reviews of our company security policies and procedures, updating them to meet new security guidelines, client requirements and company strategy. Interact with external auditors to maintain our ISO 27001 certification and compliancy in all our offices world-wide Maintain our Third Party Risk Management program Experiencing with working in cloud environment (i.e., Microsoft Azure/M365) to help identify and remediate informational risks. In addition, responsibilities related to maintaining firm and client information are to be adhered to by all employees. This includes complying with the firm's information security policies, protecting firm assets from unauthorized access, disclosure, modification, destruction or interference, and reporting security events or potential events or other security risks to management.
What You'll Bring:
Strong knowledge of security frameworks to include NIST and ISO 27001 Third Party Risk Management experience Experience in security of cloud services (i.e., Microsoft Azure/M365), infrastructure, end-point, networks and identity. Recommend and implement solutions which can strengthen our internal and cloud security posture. Experience with client assessments and conducting business impact and risk based analysis Progressive experience in IT maintaining security solutions for M365 Ability to multitask and/or pivot quickly based on business priorities Self-starter and ability to work independently with excellent written and verbal communications skills Must be passionate about security and strive to ensure the Firm is protected against evolving cyber threats Knowledge of risk assessment methodologies and technologies Willingness to travel Education/Certifications:
A college degree (BA/BS) or equivalent work experience. Certification(s) in Security/Audit/Compliance is a plus. Progressive experience in an IT security Role.
What You'll Do:
Conduct, review and respond to client security questionnaires, audits, client assessments. Evaluate our information security policies in contrast with client security frameworks. Ensure our cyber risk and audit findings are communicated, managed and remediated. Perform risk analysis with IT leadership and department owners to identify potential gaps. Perform regular reviews of our company security policies and procedures, updating them to meet new security guidelines, client requirements and company strategy. Interact with external auditors to maintain our ISO 27001 certification and compliancy in all our offices world-wide Maintain our Third Party Risk Management program Experiencing with working in cloud environment (i.e., Microsoft Azure/M365) to help identify and remediate informational risks. In addition, responsibilities related to maintaining firm and client information are to be adhered to by all employees. This includes complying with the firm's information security policies, protecting firm assets from unauthorized access, disclosure, modification, destruction or interference, and reporting security events or potential events or other security risks to management.
What You'll Bring:
Strong knowledge of security frameworks to include NIST and ISO 27001 Third Party Risk Management experience Experience in security of cloud services (i.e., Microsoft Azure/M365), infrastructure, end-point, networks and identity. Recommend and implement solutions which can strengthen our internal and cloud security posture. Experience with client assessments and conducting business impact and risk based analysis Progressive experience in IT maintaining security solutions for M365 Ability to multitask and/or pivot quickly based on business priorities Self-starter and ability to work independently with excellent written and verbal communications skills Must be passionate about security and strive to ensure the Firm is protected against evolving cyber threats Knowledge of risk assessment methodologies and technologies Willingness to travel Education/Certifications:
A college degree (BA/BS) or equivalent work experience. Certification(s) in Security/Audit/Compliance is a plus. Progressive experience in an IT security Role.