Information Security Programs Administrator

Job Title: Information Security Programs Administrator

Corp Level : Associate I

Location: COE

Key responsibilities:

- Track the performance of security measures to protect information and network infrastructure and computer systems
- Responsible for the operations of the Third-Party Cyber Risk Management program.

- Conduct thorough risk assessments of third-party vendors and partners.
- Implement risk management strategies to mitigate potential threats.
- Monitor and review third-party compliance with security policies and standards.
- Collaborate with Revantage and Portfolio Companies IT and third parties on their remediation effort
- Collaborate with procurement and legal teams to ensure security requirements are included in contracts.
- Perform annual reviews of provider SOC reports and document the review for audit reviews

- Responsible for the operations of the Security Awareness Training program.

- Administer and maintain the KnowBe4 security awareness training platform.
- Develop and deliver engaging security awareness programs to educate employees on best practices.
- Track and report on training completion rates and effectiveness.
- Continuously update training materials to reflect the latest security threats and trends.

- Maintain policies and procedures for identity and access governance.

- Ensure proper access controls are in place and regularly reviewed.
- Maintain recertification processes and update/remove reviewers.
- Run IAM reports to clean up unused accounts.
- Run reports on stale groups and perform clean-up
- Represent security in annual external audits

- Maintain policies and procedures for SSPM and oversee related operations

- Conduct regular security posture assessments and implement necessary improvements.
- Sort and report on critical vulnerabilities, setting up reports and rules for notifications. Prioritize and assign vulnerabilities by categories to the infrastructure team.
- Identify and clean up dormant users.
- Run regular security posture reports

- Maintain policies and procedures for CSPM and oversee related operations

- Identify and mitigate risks in cloud environments through continuous monitoring and automated remediation.
- Prioritize and assign vulnerabilities by categories to the infrastructure team.
- Discover and integrate additional tools with CSPM tool for enhanced monitoring

- Maintain policies and procedures and administer the vulnerability management program. Assign vulnerabilities by categories to the infrastructure team to remediate
- Monitor DLP and Insider Threat Management systems and respond to alerts
- Monitor systems for irregular behavior and set up preventive measures.
- Maintain secure, resilient enterprise-grade cloud processes in tandem with architects and system engineers.
- Develop, maintain, and utilize scripts for various administrative and application purposes.
- Stay apprised of current and proposed security changes impacting regulatory, privacy, and security industry best practice guidance. Apply learned knowledge across key business lines, including products, practices, and procedures.
- Respond to ServiceNow security tickets, troubleshoot, and resolve reported issues.
- Participate in the change control process.
- Participate in on-call duties during assigned periods.
- Perform other duties as assigned.

WHAT YOU BRING TO THE ROLE

Required:

- Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
- Minimum 2 years experience in security and systems administration with Azure cloud infrastructure, including software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS).
- Solid understanding and experience with administering Windows operating systems and Microsoft Azure cloud ecosystem, including administrative use of PowerShell.
- Knowledge of Microsoft Word, Excel, PowerPoint, and Power BI for creating reports & metrics dashboards
- Excellent verbal and written communication skills

Preferred:

- Preferred experience with Wiz, Adaptive Shield, Veza, Linux, Python, Microsoft Defender, Microsoft Sentinel and other cloud ecosystems
- Security certifications such as CCSP, CISSP, Azure Security Engineer or similar certifications