GRC Information Security Business Partner

Job Description

GRC Information Security Business Partner

# Positions: 1

Location: Englewood, CO – in office

Visa Status: Any, as long as they can convert to full-time after 90 days

Length: 90-day CTH

Salary: 108k

Interview Process:

1. Sparkhire
2. 30-minute video interview with hiring manager
3. Assessments
4. Panel
5. References

Overview:

The Information Security Business Partner will function as a central Information Security subject matter expert supporting other teams. They will provide cyber security advice to business partners to effectively manage risk to the business and will validate that security and technology controls are implemented to support business and security requirements.

Responsibilities:

Primary responsibilities of the Information Security Business

Partner include the following:

• Partner with Business Units to identify, analyze and mitigate security risk associated with activities executed throughout the business.
• Provide security consultation for new and ongoing enterprise initiatives.
• Consult on defining security policies and best practices.
• Educate and build awareness of security requirements.
• Improve compliance with security standards and policies across enterprise teams.
• Participate in testing and monitoring of security and privacy controls.
• Lead security enhancement projects focused on new or changing technologies.
• Publish executive-level security reporting across governance, risk, and compliance activities.

Qualifications:

The successful candidate will possess the following qualifications:

Competencies:

• Project Management
• Self-led Learner
• Customer First Mentality
• Strong Adaptability
• Process Documentation Management
• Process Mapping Development
• Presentation Skills
• Multitasking
• General Risk Management Foundation
• General Information Security Foundation
• Communication w Executives
• Team Mentorship
• Can Interpret Regulations and Compliance Requirements
• Thought Leadership
• General Security Control Framework Foundation
• Cross-functional Team Leadership

Personality:

• Requires a well-organized, cheerful and persuasive individual, who can manage multiple priorities at once.
• Must have good meeting management and communication skills to keep conversations focused and productive.
• Must be self-driven; able to manage schedules, meet deadlines, coordinate with others, and perform tasks with minimal supervision.
• Must have the ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems.

Skills:

• Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker.
• Strong understanding of mitigation methodologies and regulatory requirements pertaining to information security, privacy and/or data security.
• High-level interpersonal skills.

Education and Experience:

• Bachelors Degree and at least 3-5 years of directly related experience. Must have a solid understanding of SOX, PCI, CPNI, CCPA, FACTA and similar IT Compliance and Privacy regulations.
• Strong understanding of mitigation methodologies and regulatory requirements pertaining to information security, privacy, and/or data security.

The following experience is strongly preferred:

• Implementation of various security tools.
• Network security configuration background (firewalls, WAFs).
• OWASP top 10 experience.
• NIST, FedRamp, CMMC, HiTrust, Scada experience.
• Identification and automation of processes.
• Program governance and management experience.
• CISSP Certificaion strong plus

Other Qualifications:

• Professional certification (CISA, CSIM, CIA or similar) is highly desired. Candidates who apply will be tested in several areas, including verbal/spelling, math/logic and business problem-solving, and must meet minimum standards to be considered for this position.