You will be working closely with systems and network engineering, enterprise applications, and software development in designing solutions, performing security reviews, developing strategy, and driving security projects to reduce the risk to Amherst's corporate infrastructure. This is a technical role with the expectation that you are fluent in security tools, system security, secure application design principles, cloud security, compliance, and incident response. You'll be encouraged to keep your skills up to date by attending at least one major training course annually (SANS, etc.), one major security conference (Blackhat, DefCon, etc.), and other events.
- Plan, develop, organize, write, and edit cybersecurity policy statements, technical standards, training manuals, and control/operational procedures;
- Evaluate and analyze due diligence documentation, audit results, regulatory findings, and other information to assess the effectiveness of controls and protocols to meet regulatory requirements and assess the ability to manage and mitigate the inherent risk associated with the use of the services or products;
- Respond to incoming requests from external and internal parties for information concerning Amherst’s information security practices;
- Assist in the review of vendor IT security programs and controls;
- Monitor compliance with the organization's information security policies and procedures among employees, contractors and third parties while triaging events of interest;
- Work with Enterprise IT and Developers to reduce security risks of internally developed or managed services;
- Provides cyber security awareness and other training to end users and system owners as needed; and
- Help plan the future of the security program by assisting in the adoption and alignment with industry best practice security standards (CIS, NIST, etc.).
- Understanding of legal, regulatory, and industry standards and best practices related to the security, confidentiality, privacy, and integrity of client/customer confidential data - primarily within the financial industry
- Demonstrated strong problem-solving and decision-making skills
- Excited about emerging technology and developing industry trends
- Comfortable in fast-paced and dynamic environments
- Up-to-date on security trends
Education and Experience:
- BS/BA degree in a technical field such as Computer Science (or equivalent years of experience);
- Minimum 4 Years’ experience working in an enterprise environment;
- Strong knowledge of NIST (800-53, CSF) and other information security frameworks;
- Familiarity with AWS Security controls and deployment;
- Knowledge and experience with Identity and Access Management technologies;
- Experience with Cloud-based platforms (Amazon Web Services, Microsoft Azure, Google Cloud Platform) and technologies;
- Preferred ISACA certifications including CISM (Certified Information Security Manager) and CRISC (Certified in Risk and Information Systems Control); SSCP (Systems Security Certified Professionals), CompTIA Security+, and/or Certified Business Continuity Professional; and
- Familiarity with Splunk is a plus.