As a member of the Enterprise Information Risk and Security Office (EIRS), this role has responsibilities supporting the execution and maintenance of core cyber security governance, risk and compliance processes. The Security Risk Consultant will be a part of the Risk Remediation Team focused on remediating security risks within Windstream. The primary responsibilities include use of analytical skills to determine security risks based on the results of internal vulnerability scans and external threat feeds to create and manage remediation activities. The ideal candidate will also assist with third-party risk assessment, policy maintenance, and security consulting on contracts. The Security Risk Consultant will support these processes directly and through consultation with other departments.
The primary focus is to provide proactive solutions to correct vulnerabilities through the mitigation of security risks. In this exciting role, you will work with business units, process owners, and cutting-edge technologies to assess, detect, and mitigate security risks. The ideal candidate for this position should have IT security experience, excellent networking skills, a strong understanding of information security risks, IT technologies, and a passion for the security discipline. The Security Risk Consultant will assist in vulnerability scanning, dynamic application system testing (DAST), execute on project initiatives, and participating in governance activities to ensure risks are appropriately identified and addressed.
SPECIFIC RESPONSIBLITIES INCLUDE, BUT ARE NOT LIMITED TO:
The individual should demonstrate effective communication skills, an understanding of information security, and will exercise judgment within existing practices and policies.
- Drive documentation and communication with key business and IT functions regarding security risks and deficiencies
- Experience working in a consultative role providing guidance and requirements to development, systems, network and infrastructure teams, while driving the enterprise risk and security strategy and policies
- Prepare and present remediation reports and recommendations to reduce information security risks to system owners and business units
- Requires an in-depth understanding of the application of security control frameworks (NIST CSF, ISO 27001) and compliance regulations (PCI-DSS, SOX, GDPR, HIPAA, CCPA)
- Assist application security risk or compliance remediation efforts and communication
- Maintain partnerships to facilitate participation in corrective action plans for identified issues
- Communicate and collaborate with multiple lines of business and information technology teams within Windstream to help provide effective solutions
- Engage in the initial requirements definition (including analysis of threats and risks and alignment with architecture standards)
- Assist with threat modeling and architecture risk analysis, including Project Management security requirements throughout the project lifecycle
- Participate in security awareness program development
- Populate, extrapolate, and maintain metrics and reporting data
- Identify enhancements to information security tools, standards, and processes
- Other duties as assigned
REQUIRED SKILLS AND EXPERIENCE:
- College degree in business, computer science, information systems, engineering, or a related discipline required or equivalent security certification
- 6+ years of experience with Information Security and Risk Management initiatives, teams, and programs or equivalent course work
- Knowledge of penetration testing principles, Red Team /Blue Team functions and application security practices
- Familiarity with industry standard application security, vulnerability scanning, and GRC tools
- Understanding of the information control areas including Authentication, Authorization, Access Control, auditing, and cryptography for applications
- Working knowledge of OWASP Guidelines (XSS, SQL Injection, etc.) for application security
- Understanding of network security technologies including firewalls, Intrusions Detection and Prevention Systems, Router ACLs, Content Filtering, etc.
PREFERRED SKILLS AND EXPERIENCE:
- Familiarity with penetration testing methodologies
- Knowledge of software development lifecycle processes, integration of security assessments in System Development Life Cycle (SDLC) process, and secure coding practices
- Network / System Administration experience / background
- Security Certifications (i.e. CISSP, CISA, CSSLP, CEH, DCSP, SSCP)
Job RequirementsMinimum Requirements: College degree in a Technical or related field and 5-7 years professional level experience with 2-3 years supervisory experience for roles with supervision; or 9 years professional level related Technical experience with 2-3 years supervisory experience for roles with supervision; or an equivalent combination of education and professional level related Technical experience required.
EEO Statement: Windstream is an equal opportunity employer. At Windstream, we celebrate the authenticity and uniqueness of our people and their ideas. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability and veteran status. The diverse voices of our employees fuel our innovation and our inclusive culture. Employment at Windstream is subject to post offer, pre-employment drug testing.
Let us know
Help us maintain the quality of jobs posted on RemoteTechJobs and let us know if: