Information Security Programs Administrator

Job Title: Information Security Programs Administrator

Corp Level : Associate I

Location: COE

Key responsibilities:

• Track the performance of security measures to protect information and network infrastructure and computer systems 
• Responsible for the operations of the Third-Party Cyber Risk Management program.
  • Conduct thorough risk assessments of third-party vendors and partners.
  • Implement risk management strategies to mitigate potential threats.
  • Monitor and review third-party compliance with security policies and standards.
  • Collaborate with Revantage and Portfolio Companies IT and third parties on their remediation effort
  • Collaborate with procurement and legal teams to ensure security requirements are included in contracts.
  • Perform annual reviews of provider SOC reports and document the review for audit reviews
• Responsible for the operations of the Security Awareness Training program.
  • Administer and maintain the KnowBe4 security awareness training platform.
  • Develop and deliver engaging security awareness programs to educate employees on best practices.
  • Track and report on training completion rates and effectiveness.
  • Continuously update training materials to reflect the latest security threats and trends.
• Maintain policies and procedures for identity and access governance.
  • Ensure proper access controls are in place and regularly reviewed.
  • Maintain recertification processes and update/remove reviewers.
  • Run IAM reports to clean up unused accounts.
  • Run reports on stale groups and perform clean-up
  • Represent security in annual external audits
• Maintain policies and procedures for SSPM and oversee related operations
  • Conduct regular security posture assessments and implement necessary improvements.
  • Sort and report on critical vulnerabilities, setting up reports and rules for notifications. Prioritize and assign vulnerabilities by categories to the infrastructure team.
  • Identify and clean up dormant users.
  • Run regular security posture reports
• Maintain policies and procedures for CSPM and oversee related operations
  • Identify and mitigate risks in cloud environments through continuous monitoring and automated remediation.
  • Prioritize and assign vulnerabilities by categories to the infrastructure team.
  • Discover and integrate additional tools with CSPM tool for enhanced monitoring
• Maintain policies and procedures and administer the vulnerability management program. Assign vulnerabilities by categories to the infrastructure team to remediate
• Monitor DLP and Insider Threat Management systems and respond to alerts
• Monitor systems for irregular behavior and set up preventive measures. 
• Maintain secure, resilient enterprise-grade cloud processes in tandem with architects and system engineers.
• Develop, maintain, and utilize scripts for various administrative and application purposes. 
• Stay apprised of current and proposed security changes impacting regulatory, privacy, and security industry best practice guidance. Apply learned knowledge across key business lines, including products, practices, and procedures.
• Respond to ServiceNow security tickets, troubleshoot, and resolve reported issues.
• Participate in the change control process.
• Participate in on-call duties during assigned periods.
• Perform other duties as assigned.

WHAT YOU BRING TO THE ROLE

Required: 

• Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
• Minimum 2 years experience in security and systems administration with Azure cloud infrastructure, including software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS).
• Solid understanding and experience with administering Windows operating systems and Microsoft Azure cloud ecosystem, including administrative use of PowerShell.
• Knowledge of Microsoft Word, Excel, PowerPoint, and Power BI for creating reports & metrics dashboards
• Excellent verbal and written communication skills

Preferred: 

• Preferred experience with Wiz, Adaptive Shield, Veza, Linux, Python, Microsoft  Defender, Microsoft Sentinel and other cloud ecosystems 
• Security certifications such as CCSP, CISSP, Azure Security Engineer or similar  certifications