Lead IT Security Engineer / Manager
Chicago, IL, United States
This is a direct to permanent employment role at one of our clients in Downtown Chicago. Reporting directly to the CISO
People interested in these titles should apply:
Lead IT Security Strategist
Lead IT Security Engineer
Senior IT Security Engineer- Team Lead
IT Security Manager
Location: on Wabash avenue in Chicago. A beautiful location next to the river. 3 days a week onsite. flexible days
Estimated Salary: $150,000-$160,000 + 9% bonus (negotiable)
Overview:
This role will serve as the primary backup for CISO. This individual will be groomed for movement into a CISO role at some point.
This role will provide subject matter expertise on the research, design, implementation, and operation of technical and process security controls. Develops strong relationships across the IT department and with business unit teams; serves as a trusted advisor to assess security risk in technology selection with an appropriate balance that supports business outcomes. Responsibilities include data security, collaboration with the security operations team, and maintaining the broad suite of information security infrastructure, and all associated contracting, policy, and regulatory compliance implications. Keeping abreast of current threat activities and trends through active participation within governmental and industry-leading organizations to research, prepare, and maintain strategic roadmaps incorporated into the Information Security Program. Lead or assist with security incidents and compliance investigations and produce timely and clear reporting to both technical and senior business leader audiences.
This is not day to day security ticket management.
Essential Functions/Responsibilities:
System/Network/Application Security 40%
Research, design, evaluate, and test the security of applications, systems, and networks to ensure the operational effectiveness of technical controls implemented by the organization; purpose-built security tools such as data loss prevention, logging and event management, enterprise encryption systems and also security controls embedded in enterprise systems and applications such as authentication and access controls
Responsible for the effective use of cybersecurity systems including enhancements, upgrades, and lifecycle management through relationships with product and service vendors
Ensure the technical integration of security components within the company to optimize the value and control benefits including ease of use, effectiveness, and breadth of coverage
Technology Risk Management 25%
Assess technical risks in the company both pre and post-production through the Software Development Lifecycle (SDLC) and Change & Release Management Boards; communicate identified risks and recommend solutions
Manage the research, appropriate response, and remediation of malicious and inappropriate activity; ensure consistency of the risk assessment approach across the organization
Support policy updates; research and recommend changes to maintain strong security posture relative to enterprise architecture standards, cloud strategy, and AI implementations
Service Delivery 25%
Manage continuous process improvement to identify technical or process enhancements in the delivery of IT Security services to increase service quality
Prioritize improvements on a cost/benefit basis, communicating opportunities to management.
Serve as backup and/or escalation point in the fulfillment of IT Security service requests
Project Management 10%
Manage IT Security-led projects following applicable project governance processes, including Software Development Life Cycle; ensure successful project outcomes, such as completing projects within time and budget tolerances
Support new software, data, and service provider product and contract reviews
Candidate Profile:
Minimum 10+ years engineering/design experience with a mix of the following security platforms is required: network and application-layer firewalls and secure network design; infrastructure and application-layer vulnerability management, security information and event management (SIEM); Security, Orchestration, Automation and Response (SOAR), data loss prevention (DLP); enterprise encryption solutions for database, file systems and data in motion; Internet/Web Gateway; end point security controls (such as anti-virus, anti-malware XDR, host-based firewall, and full disk encryption solutions); and intrusion detection and prevention systems. Knowledge of Attack and Penetration methodologies, tools, and techniques
Minimum 5 years conducting infrastructure and application project design reviews Engineering/design experience with a mix of infrastructure technologies
Working knowledge of security scanning and analyzing tools; Commercial Application and Infrastructure/Operating System and Opensource Vulnerability scanning/management, etc.
Security within a Microsoft environment is required
Palo Alto experience is highly preferred but not required.
Polished verbal and written communication, interpersonal, analytical, and organizational skills, attention to detail, and a high level of integrity are required
Strong business acumen. Ability to understand the organization's various business functions and their objectives
Professional IT Security and IT Audit certifications such as CISSP, CISM, CEH, CISA, and/or technical certifications preferred
Experience with IT security standards, such as CIS Top 20, ISO 27001, NIST CSF, NIST 800-53, HITRUST, MITRE, OWASP, CWE/SANS Top 25 Programming Errors, and attestation reports such as SOC 1/2/3 and technology risk management methodologies, such as NIST 800-30 preferred.
#J-18808-Ljbffr