MRIGLOBAL
Senior Information Security Specialist - IT Operations
MRIGLOBAL, Kansas City, Missouri, United States, 64101
Senior Information Security SpecialistBasic Function/Nature and ScopeThis position supports MRIGlobal's information security program in coordination with corporate policies and strategic direction. This senior-level position assists with all phases of the cybersecurity program that involves access to computers and electronic data, enabling the Institute to maintain compliance with regulatory and client-specific requirements. This individual also serves as a member of the MRIGlobal Cyber Incident Response Team (CIRT).The Senior Information Security Specialist is focused on preventing IT-based crime, hacking, intentional or inadvertent modification, disclosure, or destruction of an organization's information systems and IT assets and intellectual property.This position reports to the Director of Cybersecurity and provides subject matter expertise, policy guidance, and technical input in designing and implementing MRIGlobal's information security program. The individual works both independently and collaboratively on assigned complex security-related programs and provides leadership and mentoring to members of the Information Security Team. All work is performed in support of MRIGlobal's strategic plan and cybersecurity's strategic direction.Essential FunctionsSecurity Strategy and Planning:
Develop, implement, and maintain comprehensive information security policies, procedures, and guidelines. Conduct regular risk assessments and vulnerability analyses to identify potential security threats. Develop and recommend security enhancements to management. Oversees day-to-day regulatory compliance of the Institute's information systems including management and oversight of complex security-related projects. Writes and maintains System Security Plans (SSPs) and Plans of Action & Milestones (POA&Ms) to ensure compliance with regulatory guidelines (both Government and commercial requirements).Incident Response and Planning:
Lead incident response efforts, including identification, containment, eradication, and recovery of security incidents. Conduct post-incident analysis to identify root causes and recommend improvements to prevent future incidents. Maintain and update incident response plans and playbooks. Safeguard networks against unauthorized modification, destruction, or disclosure. Research, evaluate, design, test, recommend, communicate, and implement new security software or devices. Review threats and vulnerabilities to assess risks to determine effective measures to minimize risks through software delivery and management.Cyber Incident Response Team:
Serves as a member of the MRIGlobal Cyber Incident Response Team (CIRT). Supports the selection, implementation, and maintenance of cybersecurity tools to provide MRIGlobal's Cyber Incident Response Team with information necessary to determine root cause and remediation tactics for a cyber incident.Security Monitoring & Analysis:
Monitor security systems and networks for signs of potential threats or breaches. Analyze security alerts and data to identify and respond to security incidents. Implement and manage security information and event management (SIEM) systems. Maintain MRIGlobal's security policies including support for the security posture of all cloud-hosted systems. Partner and coordinate with the IT department to provide security direction and networking/network security support as needed. Support MRIGlobal's classified programs through the maintenance and accreditation of operational classified information systems for Federal Government clients in accordance with NISPOM standards and in coordination with the Security Department.Access Control and Identity Management:
Implement and manage identity and access management (IAM) systems to ensure secure access to information systems. Conduct regular reviews and audits of user access rights and privileges. Ensure compliance with the principle of least privilege and segregation of duties.Compliance and Regulatory Requirements:
Ensure compliance with relevant security standards and regulations (e.g., RMF, NIST 800-53r5, NIST 800-171, 32 CFR Part 117 NISPOM Rule). Conduct regular audits and assessments to ensure adherence to security policies and regulatory requirements and provide recommendations for designing and implementing security controls. Prepare and present reports on compliance status and security metrics to management. Support MRIGlobal's Technical Divisions by planning, designing, and implementing secure systems to meet contractual and regulatory requirements, and provide information security consulting services to staff to ensure compliance with regulatory and client-specific requirements.Security Awareness and Training:
Develop and deliver security awareness training programs for employees. Promote a culture of security awareness and best practices across the organization. Stay up to date with the latest security trends, threats, and technologies.Project Management:
Lead and manage security projects, including the implementation of new security tools and technologies. Collaborate with IT and other departments to ensure security is integrated into all projects and initiatives. Provide guidance and mentorship to junior security staff and other IT personnel.Minimum QualificationsBachelor's degree in Computer Science, Information Systems, Engineering, Business, or other related discipline with a minimum of 7 years relevant experience; orHigh school diploma or equivalent with a minimum of 10 years relevant experience.Preferred QualificationsProfessional certifications such as CISSP or Security+ are preferred. Experience and certifications may be substituted for a degree.
#J-18808-Ljbffr
Develop, implement, and maintain comprehensive information security policies, procedures, and guidelines. Conduct regular risk assessments and vulnerability analyses to identify potential security threats. Develop and recommend security enhancements to management. Oversees day-to-day regulatory compliance of the Institute's information systems including management and oversight of complex security-related projects. Writes and maintains System Security Plans (SSPs) and Plans of Action & Milestones (POA&Ms) to ensure compliance with regulatory guidelines (both Government and commercial requirements).Incident Response and Planning:
Lead incident response efforts, including identification, containment, eradication, and recovery of security incidents. Conduct post-incident analysis to identify root causes and recommend improvements to prevent future incidents. Maintain and update incident response plans and playbooks. Safeguard networks against unauthorized modification, destruction, or disclosure. Research, evaluate, design, test, recommend, communicate, and implement new security software or devices. Review threats and vulnerabilities to assess risks to determine effective measures to minimize risks through software delivery and management.Cyber Incident Response Team:
Serves as a member of the MRIGlobal Cyber Incident Response Team (CIRT). Supports the selection, implementation, and maintenance of cybersecurity tools to provide MRIGlobal's Cyber Incident Response Team with information necessary to determine root cause and remediation tactics for a cyber incident.Security Monitoring & Analysis:
Monitor security systems and networks for signs of potential threats or breaches. Analyze security alerts and data to identify and respond to security incidents. Implement and manage security information and event management (SIEM) systems. Maintain MRIGlobal's security policies including support for the security posture of all cloud-hosted systems. Partner and coordinate with the IT department to provide security direction and networking/network security support as needed. Support MRIGlobal's classified programs through the maintenance and accreditation of operational classified information systems for Federal Government clients in accordance with NISPOM standards and in coordination with the Security Department.Access Control and Identity Management:
Implement and manage identity and access management (IAM) systems to ensure secure access to information systems. Conduct regular reviews and audits of user access rights and privileges. Ensure compliance with the principle of least privilege and segregation of duties.Compliance and Regulatory Requirements:
Ensure compliance with relevant security standards and regulations (e.g., RMF, NIST 800-53r5, NIST 800-171, 32 CFR Part 117 NISPOM Rule). Conduct regular audits and assessments to ensure adherence to security policies and regulatory requirements and provide recommendations for designing and implementing security controls. Prepare and present reports on compliance status and security metrics to management. Support MRIGlobal's Technical Divisions by planning, designing, and implementing secure systems to meet contractual and regulatory requirements, and provide information security consulting services to staff to ensure compliance with regulatory and client-specific requirements.Security Awareness and Training:
Develop and deliver security awareness training programs for employees. Promote a culture of security awareness and best practices across the organization. Stay up to date with the latest security trends, threats, and technologies.Project Management:
Lead and manage security projects, including the implementation of new security tools and technologies. Collaborate with IT and other departments to ensure security is integrated into all projects and initiatives. Provide guidance and mentorship to junior security staff and other IT personnel.Minimum QualificationsBachelor's degree in Computer Science, Information Systems, Engineering, Business, or other related discipline with a minimum of 7 years relevant experience; orHigh school diploma or equivalent with a minimum of 10 years relevant experience.Preferred QualificationsProfessional certifications such as CISSP or Security+ are preferred. Experience and certifications may be substituted for a degree.
#J-18808-Ljbffr