Senior Security Engineer
Technology – IT Compliance
This key position will play a critical role in safeguarding our organization’s technology infrastructure. You will be responsible for assessing risk and recommending appropriate security measures and evaluating the effectiveness of their implementation in protecting the confidentiality, integrity, and availability of the information systems and the data entrusted to our safekeeping.
You will be a key participant in all information technology audit engagements under the supervision of the IT Compliance Director. Our Sr. Security Engineer will assist in the design, and drive the preparation and execution of key areas of each audit engagement, while assisting more junior members of the team where appropriate. You will serve as a primary contact with client management, explaining the audit process and scope, keeping management apprised of audit progress and issues, and effectively delivering audit results to all levels of management. You will stay abreast of company business strategies, IT industry technology advances and the risk profile of assigned business areas to ensure relevancy of all audit approaches.
As the primary security assessor, you will review new and existing applications, interact with application owners, identify security risks, and establish the appropriate mitigating actions to manage risk to an acceptable level. Review Infrastructure components, their configurations and technical controls, working with system owners, identify security risks, establishing the appropriate mitigation steps as necessary with timelines.
Primary Duties and Responsibilities
- Participate in planning and audit scope development as well as project execution as a critical team member on complex technology related assessments
- Play an active role in the design and execution of infrastructure initiatives to ensure an evolving adherence to industry best practices for information security
- Lead the execution of the assessment of specific technical areas of a project, supervising other team members and providing coaching where requested
- Provide reports on the effectiveness of the business unit's internal control structure along with recommendations that improve the effectiveness, efficiency and economic value of a control or process
- Assess audit findings / gaps including control weaknesses with an appropriate degree of professional skepticism, seeking to fully understand risks to Clear Capital. Assist technology partners with the development of remediation plans to mitigate weaknesses, providing thought leadership on the appropriateness of the plan
- Evaluate the adequacy and timeliness of management's response and the corrective action taken on relevant weaknesses noted within audit reports
- Promote new ideas and new ways of executing projects and internal infrastructure enhancements
- Demonstrate commitment to client’s and the CTO’s strategic vision, be a self-starter, and promote project ownership and responsibility for actions. Architect, design, and assess information system security controls and countermeasures
- Analyzes and recommends security controls for the entire lifecycle of information systems, and monitor controls for compliance
- Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance
- Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends
- Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement
- Administers authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets
- Analyzes trends and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments
- Analyzes and develops information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems
- Develops and administers, or provides advice, evaluation, and oversight for, information security training and awareness programs
Required Job Related Skills and Experience
- Bachelor’s Degree, ideally in technology related field, or equivalent work experience
- CISSP, GSEC, or equivalent information security certification
- Demonstrable knowledge of information security control frameworks, i.e. NIST RMF, ISO
- Experience with information system security certification requirements, such as: FISMA, FedRAMP, PCI-DSS, ISO 27001
- Proven experience in developing system security plans
- Demonstrable knowledge of information security best practices
- High attention to detail and excellent analytical skills
- Excellent oral and written communication skills; ability to interact with internal and external stakeholders at all levels of the organization
- Customer centric (internal and external), motivated, focused personality
- Self Accountable and self motivated
- Sound independent judgement
- Ability to set priorities and adapt to changes in a quick, professional manner
- Ability to use discretion when handling confidential information
- Ability to “manage-up”, often working closely with the executive team to complete projects and/or host customers
Clear Capital is the premier provider of real estate valuation, analytics, and technology solutions. Powered by its more than 45 years worth of information on nearly every U.S. metro, neighborhood, and property, Clear Capital’s solutions are trusted by community credit unions and billion-dollar financial institutions alike. Clear Capital is headquartered in Reno-Tahoe with a team of more than 500 nationwide, dedicated to going wherever it leads, and doing whatever it takes.
To all recruitment agencies: Clear Capital does not accept agency resumes. Please do not forward resumes to our jobs alias, Clear Capital employees or any other company location. Clear Capital is not responsible for any fees related to unsolicited resumes.
Salary commensurate with experience
Clear Capital is an equal opportunity employer