Senior IT Security Engineer Vendor Management

Experience is the key. REQUEST’s executive recruiters are established Associates, each with years of in-depth recruiting experience, many of whom have practical industry experience. They stay abreast of trends — which offer you extensive knowledge of what’s going on in the field.

Prestigious Fortune 500 Company is in need of a Senior Security Analyst to function as a Vendor Assessment Manager. Reporting to the Information Security Director-Security Vendor Management, the individual will act as a subject matter expert to successfully manage vendor security assessments. This individual will also act as a liaison to both the vendor and internal business teams on security controls design and management. Candidates will conduct and manage vendor security assessments and due-diligence reviews to assess vendor compliance to the security controls outlined in business agreements, security or corporate policies, procedures, and regulations along with ability to map security controls and requirements. Review vendor supplied policies and procedures, internal/external assessment reports, security technology information and agreements. The Candidate will provision assessment reports and executive summaries with recommendations and direction regarding remediation efforts and disposition of the third party. Communicate, escalate, and track vendor progress on assessment remediation activities. Understand information security risks that are inherent to a business and articulate those risks in business terms. Maintain current knowledge on information security topics and their applicable program requirements.

* Supports the assessment and management of security for one or more vendors across the enterprise. Provides insight on the deployment of security technology solutions at vendors, which may include technology for encryption, firewalls, authorization, authentication, intrusion detection, and gateway security controls. * Develops, implements, and ensures documentation of security standards, procedures, processes, guideline and policies, such as user authentication rules, security breach resolution procedures, security auditing procedures, and use of firewalls and encryption routines. Ensures requirements and deliverables are clearly defined. * Prepares status reports on security matters to analyze security risk and response of vendor security controls. Monitors and proactively recommends solutions for correcting issues related to security technology performance and capabilities of vendors. May track and monitor software viruses or vulnerabilities as identified at vendor locations. * Enforces security policies and procedures by monitoring security profiles. Reviews security violation reports and investigates possible security exception of vendors. Updates, maintains and documents security controls. * May be involved in the evaluation of products and/or procedures to enhance productivity and effectiveness. * Provides direct support to the business and IT staff for security-related issues, which may include off hour analysis of vendor security posture. * Acts as a subject matter expert on the implementation and capabilities of the existing security technology within the Company and at vendor sites. * Works collaboratively with areas of IT, IT security and vendors to ensure that all IT technology solutions are appropriately implemented and supported. * May guide and provide leadership to more junior analysts.

* Bachelor’s Degree and at least 5 years of experience in IT OR do you have a High School Diploma/GED and at least 7 years of experience in IT. * At least 2 years of experience in information security designing and implementing enterprise security solutions. * Experience with some aspects of information security and compliance, such as PCI, SOX, and HIPAA requirements for information systems and industry best practices such as ISO17799/27001, NIST (National Institute of Standards and Technology). * Experience with some networking and security technologies such as IPSEC (Internet Security Protocol), VPN (Virtual Private Network), routers, switches, firewalls, intrusion detection and prevention, data leakage, WAF (Web Application Firewall). * Experience in examining reports on security controls (SSAE-16, PCI-ROC, Application Security Assessments) * Experience communicating conceptual and technical information. * Experience translating technical data into business impact information. * Available for on-call coverage during evenings, weekends, and holidays. * At least 2 years of experience in information security designing, implementing or managing incident response technology such as Security Information and Event Management (SIEM), Intrusion Detection / Prevention Systems (IDS, IPS), Data Loss Prevention (DLP), Web Application Firewall (WAF), Malware analysis systems or conducting forensic investigations. * At least 2 year of experience with host and network security technologies such as routers, switches, firewalls, Operating System administration (such as Unix/Linux, Microsoft Windows, mobile operating systems). * Experience management multiple tasks/projects simultaneously and meeting established deadlines. * Experience communicating and translating conceptual and technical data into business impact information (such as intruder techniques, new vulnerabilities, attack vectors, exploits). * Experience with various protocols (SMTP, HTTPS, FTP, DNS, SSH, RDP, etc.) and programming/scripting or other methods of automation. * Tagged as: firewall, information security professional, security, siem, SOC, vendor assessment management, vendor management