Vice President, Security and Compliance

The VP, Security and Compliance is primarily responsible for security engineering and operational activities related to security controls, policies, and processes within 304Basics Information Technology program. This position will also provide policy and security control recommendations for an improved security posture and guidance on a wide range and variety of complex IT and cybersecurity issues.

RESPONSIBILITIES

• Assess security violations and vulnerability reports for cloud implementations.
• Perform root-cause and trend analysis and provide recommendations for security control improvements.
• Implement security objectives in a consistent, repeatable and automated way across multiple cloud environments with an emphasis on Azure and AWS.
• Find opportunities to improve security and assist in defining the strategies for strengthening our security posture, including but not limited to Identity and Access Management, Key Management, Vulnerability Management, and Data Encryption for cloud solutions.
• Work closely with other groups to elevate our posture in cloud services through improved security methodologies and industry best practices.
• Document security policies, controls and processes, and develop runbooks, and how-to guides for operational readiness of engineered solutions.
• Produce actionable threat analysis and remediation strategies in written and presentation form.
• Execute internal and external network attack and penetration tests and application penetration testing, and vulnerability assessments. Provide recommendations for prioritization based upon existing controls.
• Lead incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage.

REQUIRED SKILLS

• Build out procedures for new IAM use cases.
• Azure Cloud Identities, Groups, Roles, Azure Custom Roles, Azure Resource Roles
• Expertise with Azure Security
• Azure JIT/PIM configurations
• Experience Active Directory Roles, SQL MI, AAD integrations with SQL MI
• Experience Agile framework - sprint, cadenced meetings, JIRA
• Required - Experience Terraform, ARM and bicept scripting
• Azure Service Principals / Managed Identities
• Ability to script/automated Azure Operational processes.

SKILLS & CERTIFICATIONS

• Healthcare experience with HIPAA, PHI, PII, HITRUST, etc.
• Information Security Certifications preferred (ie, CISSP, CISA, CISM, ISO 27001, COBIT, CRISC, CCSP, AWS Certified Security Specialist, Azure Security Engineer Associate).
• Experience supporting Azure Cloud Network Security Software, to include Firewalls, Intrusion Detection, SIEM (Microsoft Sentinel), Secure Web/Email Gateways, WAF, Anti-Virus and Vulnerability Assessments.
• Public cloud experience specifically in MS Azure, M365
• Experience with scripting languages such as Kusto Query Language (KQL), Powershell, Python, Ruby, Perl, or VB, is required.
• Experience with cloud security configuration management using published baselines and monitoring tools.
• Experience managing Microsoft 365 Defender, Defender for Cloud and Defender for Endpoint.
• Experience maintaining policies, procedures, standards and guidelines.
• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, National Institute of Standards and Technologies (NIST), Payment Card Industry Data Security Standards (PCI DSS) and Proficiency in performing risk, business impact, control and vulnerability assessments.
• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
• Experience with penetration tools, post exploitations & forensics tools, and practical knowledge in modern offensive tactics.
• Strong Information Security related experience in the implementation of security capabilities (IAM, PKI/KMS, Data security, Vulnerability Management).
• Experience in application technology security testing (white box, black box and code review).
• Develops, implements, and performs ongoing information security risk assessments, providing recommended methods for vulnerability detection and remediation.
• Serves as an internal audit resource for Information Security
• Reviews all system-related security plans throughout the organization's
• Maintains active networking, research, and industry liaison to identify information security best practices, equipment, and device updates, existing and emerging IS
• Advises the organization regarding current information security technologies and related regulatory issues.
• Evaluates Security Vendors as well as vendors, from a security

What we offer our team members:

• A great benefits package that includes (but is not limited to) Medical/ Dental/ Vision, 401(k) plan with matching, Healthcare Savings Accounts
• Ongoing training throughout your employment with opportunities to participate in professional and personal development programs
• Great culture and opportunities for growth and advancement.

Job Type: Full-time

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Health insurance
• Paid time off
• Vision insurance

Schedule:

• 8 hour shift
• Day shift
• Monday to Friday

Supplemental pay types:

• Bonus pay

Ability to commute/relocate:

• Melville, NY 11747: Reliably commute or planning to relocate before starting work (Required)

Application Question(s):

• Are you based in NY?
• Can you commute to the Melville, NY office every day?

Experience:

• Cybersecurity: 3 years (Preferred)

Work Location: One location

Please Note :
bankofmontserrat.ms is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, bankofmontserrat.ms provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, Site.com is the ideal place to find your next job.