Listing Description
Build and maintain the cybersecurity control library composed of global and regional controls aligned against the NIST Cybersecurity Framework and utilizing NIST 800-53 controls as a basis.
Establish and maintain the associated test scripts and meta data for the controls as well as the control mapping to laws, regulations, and industry standards. Perform quality review of requests for test script changes to ensure proper rigor is consistently in place across all regions. Assist with conducting the annual inherent risk assessment for each region and globally that is mapped to the controls.
Facilitate the annual Control Owner attestation process.
Maintain the control self-testing procedures which address testing of control operating design and effectiveness. Identify Control Owners and Testers for each control, provide training, facilitate the self-testing process via a defined schedule, and track status of testing progress.
Provide first level quality assurance of the testing documentation, evidence, and other supporting material to confirm the test conclusion is properly supported. Confirm self-test was completed in accordance procedure (e.g. population was complete for each control and proper sample selection).
As assigned, provide support to regional CAP teams (e.g. Japan CAP) regarding CAP processes. This isinclusive of second level quality assurance for control tests that has been through the first level QA process in other regional CAP teams.
Provide QA results to stakeholders to obtain agreement. Present and discuss any portions of the test and associated documentation that was not executed correctly, accurately, or completely.
Collect remediation plans from Control Owners where control gaps have been identified, track progress of remediation, and determine when control is ready for re-test.
Assist with facilitation of a robust, annual maturity assessment of the Global Security program against the NIST Cybersecurity framework either via the oversight of an independent assessment conducted by a third party or via self-assessment in alignment with CAP’s procedures. I
Provide recommendations for control enhancements and identify testing automation opportunities.
Identify integration points into enterprise processes as well as with disciplines that are outside of the security department but have security related responsibilities to provide holistic view (i.e. Asset Management, Patch Management, Application Development, Architecture, Infrastructure, Third Party Risk Management, and Physical Security,).Education & Experience
Bachelor's Degree in Computer Science, business administration or a related field, and five to six years of information technology security experience, or an equivalent combination of education and experience.
Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) preferred
Listing Details
- Salary: $110000 - $130000
- Citizenship: Us Citizen
- Incentives: Bonus
- Education: Associates Degree
- Travel: Travel 25
- Telework: Full Telecommute