Infocenter Security Practice is seeking a Security Operations (SecOps) Practice Leader to work with clients and assigned consultants on the Rapid Digital Transformation of client security incident response, threat intelligence, and vulnerability response, using the ServiceNow Platform. Seeking an innovative and motivated leader who under general direction uses extensive knowledge and skills obtained through knowledge, experience and education to perform the necessary assessment, analysis and consulting tasks related to specific regulations, industry standards and/or a client’s unique requirements.
Infocenter Security Practice aspires to be a strategic partner in helping our ServiceNow clients better serve their customers and citizens. We work to transform their IT challenges, collaborating to make technology work for them, anytime and anywhere. With a dedication to quality and innovation, we deliver implementation, integration, applications development and managed services on the ServiceNow platform.
- Transform IT and business security operation programs based on clients’ business structures, strategies, and priorities using our Rapid Digital Transformation.
- Advise, develop, and implement processes around all security operations, assessment, and remediation, including issues management, exception management, cybersecurity management, policy management, threat intelligence management, and security incident and vulnerability response.
- Help clients manage the risk of enterprise systems, applications and data through policies and controls, risk assessments, audits, and issues and exception management.
- Advise clients on building robust risk management and security programs, identifying and mitigating risks, establishing security policies and practices, implementing security controls, and educating stakeholders.
- Drive high-profile and high-impact projects involving complex SecOps challenges.
- Perform gap assessments between security and risk leading practice frameworks and clients’ risk and control frameworks, and advise on remediating gaps.
- Create budgets, staffing requirements, and privacy and security direction for long-term strategies.
- Advise on and assist clients to implement the ServiceNow SecOps platform and modules.
- Collaborate and lead meetings with diverse high-level stakeholders, including C-suite, IT operations, system architects, security professionals, and business leads.
- Develop training materials and other communications to increase employee understanding and awareness of security issues.
- Translate business requirements into technical requirements.
- Communicate SecOps technology capabilities into business terms for executive stakeholders.
- Perform other duties as assigned to ensure the smooth functioning of the Security Practice and maintain the reputation of the organization as a viable business partner.
- Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of SecOps practices.
- Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates.
- Interacts in both oral and written communications with all levels of System staff including; Computer center staff, developers and other IT staff, campus technical staff, general counsel, auditors, and all System staff and students and technology vendors and contractors, in matters related to information security and security awareness materials.
- Work with Internal Audit, State Board of Regents, Auditor General’s Office and outside consultants as appropriate on required security assessments and audits
- Coordinate and track all information technology and security related audits including scope of audits, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.
- Ability to develop security standards and guidelines based on best practices and industry standards
- Experience responding to, analyzing, and communicating information security incidents
- Excellent interpersonal, communication, and presentation skills, including formal report writing experience
- Bachelor’s degree in information technology or related field
- Knowledge of information security risk management frameworks and compliance practices including ServiceNow SecOps (security incident response, threat intelligence, and vulnerability response), and frameworks such NIST Cybersecurity Framework, ISO 27001, ISO 31000, NIST 800-53, NIST 800-30, and/or PCI DSS, HIPAA, and other applicable standards, guidelines and best practices.
- Knowledge of securing network technologies, client, and server operating systems.
- Information security, compliance management, risk management and audit management experience.
- Information security related training or certifications such as CISSP or CRISC or CISO is beneficial.
- Experience performing and documenting information security audits or risk assessments.
- Familiarity with security auditing processes.
- Familiarity with dashboard creation
- Management consulting experience.
- Agile software delivery methodology experience.