It Cybersecurity Engineer

Title:  IT Cybersecurity Engineer

Location:  Des Moines, IA or Sioux Falls, SD

Job Summary:

Responsible for providing technical leadership in needs identification, requirements development, and implementation, management, and monitoring of cybersecurity and identity and access management (IAM) processes and technologies. Provide expertise in the conduct of risk management and risk assessment. Coordinate technical resources for response and remediation of security incidents and vulnerabilities. Enable the Company to effectively identify important data and operations, manage protection technologies, respond to security events and incidents, and support recovery operations. Coach and mentor junior staff members and serve as trusted advisor to management on threats and appropriate mitigations and compensating controls. Work and communicate with various stakeholders throughout the enterprise.

Essential Functions:

• Function as department Subject Matter Expert (SME) in two or more areas of cybersecurity (incident response, security operations, vulnerability management, application security, systems security, network security, etc.).
• Identifies need, supports justification for, develops requirements, and implements, and manages cybersecurity and IAM tools, technologies, and processes.
• Lead the Information Security Incident Management process, including independently analyzing and responding to all potential and actual information security incidents. Independently coordinate resolution of security incidents and events.
• Monitor the IT environment to identify potential and actual security breaches; responds to security breaches in an urgent matter by notifying the appropriate individuals and taking the necessary action.
• Serve as a mentor to junior staff and a trusted advisor to management and leadership.
• Partner with other IT and company team members to effectively resolve information security incidents.
• Advise other IT stakeholders on appropriate security best practices.
• Support risk management and risk assessment processes.
• Utilize variety of tools and processes to gain complete understanding of the Company environment.
• Continuously monitor industry threats and trends, and apply the knowledge to IT Security and Risk Management functions.
• Report risks, vulnerabilities, threats, incidents and other security related information to management for decision.
• Report metrics to management.
• Participate in knowledge sharing with other IT Security and Risk Management team members.
• Commitment to embrace Sammons Financial Group Companies shared values (Accountability, Connection, Openness, Respect and Integrity).
• As stated within the Company Attendance and Punctuality policy, regular attendance is required and expected in order to meet the business service levels and workflow demands.

Qualifications:

• Bachelor's Degree in a technology field preferred
• Minimum 10 years' experience in cybersecurity preferred
• Experience applying cybersecurity and risk management methodologies in a complex and dynamic environment preferred
• Experience identifying requirements, selecting vendors, and implementing and managing endpoint protection, vulnerability management, security and event monitoring (SIEM), IAM, and other cybersecurity tools preferred
• Experience effectively communicating and presenting security design and policy requirements with technical and non-technical personnel preferred
• Experience creating in-depth design documentation to ensure regulatory compliance and business continuity preferred
• Experience leading cybersecurity project and training initiatives preferred
• Experience evaluating organizational security in accordance with compliance standards and developing a roadmap to enhance maturity preferred
• Broad and deep knowledge of Information Security concepts and how these concepts apply to the business
• Strong knowledge of IT, information security, and information risk management domain areas such as Information Systems Security, Systems Development Lifecycle Methodology, Testing Methodologies, Back-up and Recovery, Risk Management, Risk Assessment, Data Retention and Recovery, Business Continuity, Disaster Recovery, Leadership and Communication, and Security Awareness
• Expertise in one or more areas of IT to include systems administration, networking, or application development
• Deep knowledge of information security tools
• Demonstrated ability to act independently within the context of corporate and divisional goals, using tact and good judgment
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Excellent written, oral, and interpersonal communication skills
• Ability to lead technical cybersecurity initiatives and provide in depth analysis and expertise in conducting detection, response, and triage
• Criminal background check required.

Licenses and Certifications:

• CASP preferred
• CISSP preferred
• CISM preferred

At this time, we’re not considering candidates that need any type of immigration sponsorship now or in the future or those needing work authorization for this role (This includes, but is not limited to students on F1-OPT, F1-CPT, J-1, etc.)