Location: HYBRID 601 S Belvidere St, Richmond, VA 23220Job Overview:
The Information Security and Privacy Specialist will play a critical role in ensuring the organization's information security controls are effectively implemented and maintained. This position will involve working with stakeholders across various business areas, as well as with external vendors, to ensure the highest level of security compliance is achieved. The role includes participating in Information Security and Privacy initiatives, maintaining security documentation, assisting in project management, and contributing to the development and implementation of security standards.
Key Responsibilities:
- Lead and contribute to Information Security and Privacy efforts across all business units and vendor engagements, ensuring the application and adherence to appropriate security controls.
- Utilize a Governance Risk and Compliance (GRC) system to manage and update security-related information, records, and documentation.
- Collaborate with business stakeholders to develop and maintain Information System Security Plans (SSP).
- Represent the Information Security Office (ISO) in PMO-led projects, ensuring appropriate ISO representation in significant business initiatives.
- Work cross-functionally with various teams and users to identify business challenges, propose security solutions, facilitate compliance, and communicate security-related updates clearly and effectively.
- Support the development and ongoing maintenance of information security standards and processes, including conducting research from reputable sources.
- Assist in creating controls documentation, including system diagrams, risk assessments, and control narrative drafts for business approval.
- Review vendor contracts, agreements, and documentation to ensure they include adequate information security protections.
Required Qualifications:
- A minimum of 3 years of demonstrated experience in Information Security governance, risk, and compliance.
- Strong knowledge of information security principles and practices.
- Extensive understanding of IT infrastructure planning, implementation, and management with an emphasis on security.
- Ability to manage workload independently, prioritize tasks, and meet deadlines with minimal supervision.
- Familiarity or experience with security frameworks such as NIST, ISO 27001, COBIT, etc.
- Superior organizational skills and keen attention to detail.
- Ability to adapt to ambiguous situations and re-prioritize tasks as necessary.
- Experience drafting and updating Information Security and Privacy policies, standards, and procedures.
- Ability to interpret and analyze security documentation, including flow diagrams and process maps.
- Understanding of contract terms and conditions, particularly regarding security protections.
- Proficiency in creating diagrams, flowcharts, and spreadsheets using desktop software.
- Strong written communication skills, with the ability to write clearly and concisely for various audiences.
Preferred Qualifications:
- Bachelor's degree in Computer Science, Information Systems, or a related field.
- Relevant certifications such as Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP).
- Experience in the financial services industry.
- Knowledge of controls related to cloud security and application security.
- Understanding of regulatory compliance requirements, including GLBA, GDPR, PCI, and other privacy regulations such as GDPR, CCPA, and VCDPA.