[Hiring] Information Security Engineer III @Conduent State & Local Solutions, Inc

Role Description

The Information Security Engineer III serves as a member of the NIST CISO Audit & Assurance team and will assist in the performance of internal audits, ensuring they comply with applicable Conduent and ISO security standards, regulations, and policies.

• The internal auditor will be professional, independent, impartial, and fair in all interactions.
• The NIST security resource is accountable for procedures and processes that ensure the integrity, confidentiality, and availability of assigned Business units’ information, applications, and infrastructure.
• Perform routine risk assessments, security audits, and vulnerability scans to identify, evaluate, document, and remediate organization risk, control gaps, and vulnerabilities.
• Responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units.
• Perform log collection, correlation, reviews, archival, retention, and monitoring of automated alerts for items such as:
  • IPS/IDS alerts
  • Change detection (FIM) alerts
  • Application firewall alerts
  • Malware alerts
  • Rogue wireless network alerts
  • Security system health alerts
  • Exploit attempt alerts
• Participate and be an integral component of audit, compliance, and regulatory functions, including:
  • Audits of system security to ensure compliance with Corporate security framework
  • NIST 800-53, ISO 27001/2, PCI-DSS
  • Emerging country, state, and Federal privacy laws
• Primary POC in a vulnerability management program of the account that includes:
  • External and internal vulnerability scans of applications and systems
  • External and internal penetration tests of applications and systems
  • Documentation and remediation of identified vulnerabilities and exploits
  • Routinely monitoring various communication avenues for security vulnerabilities and security patches
  • Taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments
  • Making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities
• Coordinate with business units, operations, and technology teams for incident response, remediation, and improvement.
• Acts as the initial point of contact to facilitate the handling of security audits and client requests.
• Supports the creation of business continuity/disaster recovery plans, to include conducting disaster recovery tests, publishing test results, and making changes necessary to address deficiencies.
• Maintain documentation that supports the annual Security compliance attestation as it is relevant to the assigned Business units.

Qualifications

• CIPP, CRISC, CISA, CISSP, CISM, ISO or any security/IT audit certification is a plus.
• Minimum of Four (4 to 5) Years of experience in IT Security, or Security Auditing is required.
• Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc.
• Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures.
• Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls.
• Knowledge of security technologies, devices, and countermeasures, as well as the threats they are designed to counter.
• Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences.
• Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks).
• Experience in PowerPoint, Word, Excel; experience with Visio and MS Project.
• Communication skills (interpersonal, verbal, presentation written, email). Experience to write report segments and to participate in presentations.
• Familiarity with security, workflow, and collaboration tools such as Nessus Tenable, Splunk, SharePoint and ServiceNow (Snow) is a plus.
• Positive attitude, team player, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally.

Preferred Skills

• Creating and Maintaining NIST 800-53-rev5 based SSP and POAM.
• Familiarity with more than one framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks).

Benefits

• Health & Welfare Benefits: Comprehensive plans tailored to your needs, effective from day one.
• Retirement Savings: Robust programs to help you secure your financial future.
• Employee Discounts: Access to a wide range of discounts on merchandise, services, travel, and more.
• Career Growth Opportunities: Paths for advancement within a global organization.
• Paid Training: Learn while you earn with award-winning learning platforms.
• Paid Time Off: Competitive PTO packages to help you recharge.
• Great Work Environment: Join an award-winning culture that values diversity and inclusion.