Campus Pride Jobs

Description Summary Oversee the execution of our program for evaluating compliance with industry standards (ISO, SOC), federal regulations (FedRAMP/NIST, DOD) and customer contractual requirements. This position interacts with both technology and business leaders across the organization. Assess Information Technology risk, policies, and system settings to verify that controls are effective or remediated to become effective. Lead alert investigations and incident response efforts. Report confirmed incidents to leadership and compliance organizations. Duties and Responsibilities * Perform annual 'IT' security audits and Self-Assess against DFARS requirements. * Manage the company's PoAM and run projects to mitigate gaps. * Submit answers to company customer cybersecurity questionnaires. * Manage, edit and update 'IT' Policy and procedures and ensure compliance company wide. * Confirm current configuration of IT security systems, document inconsistencies to policy, then lead remediation efforts. * Ensure that the organization complies with external regulations and internal policies. * Manage 'IT' alerting system and develop mitigation standards based on types of alerts. Train other 'IT' staff members on process. * Conduct regular audits and risk assessments, following up with mitigation plans. * Stay up to date on required compliance programs and their changing rules. * Manage and update the cybersecurity plan in order to identify needs and implement comprehensive security controls using multi-layered security and defense in depth. * Collaborate with all operations teams to ensure security controls and configurations are implemented and incorporated in their ongoing operations. * Ensure system security through vulnerability management, system patching and secure configuration policies. * Confirm implemented network security through segmentation, firewall zoning and ACL policies, as well as secure configurations in firewalls, routers, switches, VPNs and load balancers. * Set corporate policies for endpoint security management to prevent malware and insider threats. * Monitor SIEM, IPS, event logs and reports for indicators of attack and indicators of compromise. * Keep security plans and documentation updated, such as the disaster recovery plans and security policies, create internal operating procedures to support and enforce policies and procedures in order to ensure the availability, integrity, and confidentiality of assets and data. * Lead Tabletop exercises that simulate disaster, breach, etc. * Contribute to 'IT' status reports and presentations. * Oversee, develop and provide compliance training to the workforce. Educate and coach internal Technology teams on technology risk, audit, and control principles. Skills and Specifications Project management and team leadership Knowledge of relevant laws, regulations, and standards Strong analytical and problem-solving skills Exceptional communication and presentation skills with diverse audience. Experienced with security solutions (e.g. firewall, VPN, SIEM, IPS, URL filtering, Endpoint protection, MFA, NAC) Experience with Threat Hunting utilizing major IT security products Strong understanding of NIST risk assessment and incident response standards Strong understanding of Microsoft Active Directory, GPOs, Windows DACL/SACL Ability to perform and analyze packet captures Knowledge of hacking techniques, vulnerability disclosures, and security analysis techniques The ability to present and explain security and risk information for business executives to understand Incident tracking, change management and project tracking systems like ServiceNow. Ability to identify risks associated with business processes, operations, information security programs and technology projects. Abi