* Bachelor’s Degree in Computer Science or Engineering, Management Information Systems, or a related technical field.
* 5-7 years of combined experience in security risk and compliance management, assessment, auditing, research and/or consulting.
* Active Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or equivalent industry certifications.
* Proficiency and experience in performing security risk and compliance assessments in fast-paced, global business and technology environments.
* Experience in researching, authoring or supporting development of information security policies and standards.
* Experience with vulnerability management.
* Experience using or implementing an eGRC platform (LockPath Keylight) is highly desirable.
* Experience developing security and risk performance metrics and reporting dashboards for executive, business and technical audiences.
* Good understanding of ISO 27000 and SANS 20 security standards as well as other information security management or compliance frameworks.
* Basic understanding of U.S. and global regulatory compliance drivers and requirements relevant to information security and data protection, such as U.S. State statutes, FERPA, and the EU Data Protection Directive.
* Basic understanding of network, system, application and data protection standards, benchmarks, processes, applications, tools, and techniques.
* Basic understanding of enterprise, network, system/endpoint, application and data protection issues and security risks.
* 1+ years of experience performing security risk assessments of cloud-based applications and services.
* Basic understanding of cryptographic controls and the application and use of encryption to safeguard network traffic, system and application data.
* Solid verbal, presentation and written communication skills.
* Team player; demonstrated ability to develop positive relationships and effectively communicate with management, product managers and architects, software and systems engineers, quality assurance and IT operations staff.