Security Controls Assessor Lead

Over 17,000 organizations worldwide rely on SHI’s concierge approach to help them solve what’s next. But the heartbeat of SHI is our employees – all 6,000 of them. If you join our team, you’ll enjoy:

• Our commitment to diversity, as the largest minority- and woman-owned enterprise in the U.S.
• Continuous professional growth and leadership opportunities.
• Health, wellness, and financial benefits to offer peace of mind to you and your family.
• World-class facilities and the technology you need to thrive – in our offices or yours.

• Manage Security Controls assessments including kickoff, submission of deliverables, final report, and executive briefing;
• Conduct controls assessments of existing security measures and identify areas for improvement
• Lead assessment interviews, testing, and coordinate evidence requests;
• Conduct audits to ensure that Security Controls are implemented correctly and operating effectively;
• Establish policies and procedures based on industry standards and compliance objectives;
• Perform security risk assessments of new technologies and third party vendors to determine potential impact on security;
• Monitor and evaluate a system's compliance with security, resilience, and dependability requirements;
• Perform security reviews and identify security gaps in architecture resulting in recommendations for inclusion in the risk management strategy;
• Perform security risk analysis whenever an application or system undergoes a major change;
• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks;
• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations;
• Produce quality deliverables in a timely fashion;
• Prepare metrics and reports for management on the status of IT Compliance objectives;
• Produce documentation and diagrams as needed;
• Represent the Information Security Team by participating directly with projects and provide guidance, requirements and documentation for security related purposes when requested;
• Evaluate, document and maintain standards, processes and procedures relative to security and privacy;
• Provide insightful recommendations to improve security posture.

• 5 years experience in Ccybersecurity
• Minimum 3 years' experience in a Security Controls Assessor position
• Bachelor’s degree in information technology or equivalent experience
• Security certification such as CISA, CISM, and CISSP.
• Experience with security and privacy standards (PCI, ISO27001, SOC2, NIST, GDPR, CCPA, etc.)

• Able to meet deadlines and manage multiple projects
• Able to build and foster strong working relationships
• Able to present information on technical subjects in an understandable manner in both oral and written form
• Able to take ownership of a project through the life cycle
• Able to work independently, self-motivated
• Proficient computer skills required, experience using Microsoft applications (Word, Excel, PowerPoint, Visio and Outlook)
• Experience with ServiceNow or other GRC application a plus
• Excellent communication and organizational skills

• Security certification such as CISA, CISM, and CISSP.

• The estimated annual pay range for this position is $90,000- $110,000. The compensation for this position is dependent on job-related knowledge, skills, experience, and market location and, therefore, will vary from individual to individual. Benefits may include, but are not limited to, medical, vision, dental, 401K, and flexible spending.
• Equal Employment Opportunity – M/F/Disability/Protected Veteran Status