Information Security Programs Administrator

Job Title: Information Security Programs Administrator

Corp Level : Associate I

Location: COE

Key responsibilities:

• Track the performance of security measures to protect information and network infrastructure and computer systems

• Responsible for the operations of the Third-Party Cyber Risk Management program.

• Conduct thorough risk assessments of third-party vendors and partners.

• Implement risk management strategies to mitigate potential threats.
• Monitor and review third-party compliance with security policies and standards.
• Collaborate with Revantage and Portfolio Companies IT and third parties on their remediation effort
• Collaborate with procurement and legal teams to ensure security requirements are included in contracts.

• Perform annual reviews of provider SOC reports and document the review for audit reviews

• Responsible for the operations of the Security Awareness Training program.

• Administer and maintain the KnowBe4 security awareness training platform.

• Develop and deliver engaging security awareness programs to educate employees on best practices.
• Track and report on training completion rates and effectiveness.

• Continuously update training materials to reflect the latest security threats and trends.

• Maintain policies and procedures for identity and access governance.

• Ensure proper access controls are in place and regularly reviewed.

• Maintain recertification processes and update/remove reviewers.
• Run IAM reports to clean up unused accounts.
• Run reports on stale groups and perform clean-up

• Represent security in annual external audits

• Maintain policies and procedures for SSPM and oversee related operations

• Conduct regular security posture assessments and implement necessary improvements.

• Sort and report on critical vulnerabilities, setting up reports and rules for notifications. Prioritize and assign vulnerabilities by categories to the infrastructure team.
• Identify and clean up dormant users.

• Run regular security posture reports

• Maintain policies and procedures for CSPM and oversee related operations

• Identify and mitigate risks in cloud environments through continuous monitoring and automated remediation.

• Prioritize and assign vulnerabilities by categories to the infrastructure team.

• Discover and integrate additional tools with CSPM tool for enhanced monitoring

• Maintain policies and procedures and administer the vulnerability management program. Assign vulnerabilities by categories to the infrastructure team to remediate

• Monitor DLP and Insider Threat Management systems and respond to alerts
• Monitor systems for irregular behavior and set up preventive measures.
• Maintain secure, resilient enterprise-grade cloud processes in tandem with architects and system engineers.
• Develop, maintain, and utilize scripts for various administrative and application purposes.
• Stay apprised of current and proposed security changes impacting regulatory, privacy, and security industry best practice guidance. Apply learned knowledge across key business lines, including products, practices, and procedures.
• Respond to ServiceNow security tickets, troubleshoot, and resolve reported issues.
• Participate in the change control process.
• Participate in on-call duties during assigned periods.
• Perform other duties as assigned.

WHAT YOU BRING TO THE ROLE

Required:

• Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
• Minimum 2 years experience in security and systems administration with Azure cloud infrastructure, including software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS).
• Solid understanding and experience with administering Windows operating systems and Microsoft Azure cloud ecosystem, including administrative use of PowerShell.
• Knowledge of Microsoft Word, Excel, PowerPoint, and Power BI for creating reports & metrics dashboards
• Excellent verbal and written communication skills

Preferred:

• Preferred experience with Wiz, Adaptive Shield, Veza, Linux, Python, Microsoft  Defender, Microsoft Sentinel and other cloud ecosystems
• Security certifications such as CCSP, CISSP, Azure Security Engineer or similar  certifications