Information Security Framework Specialist
ProductFull TimeSydney, NS
Information Security Framework Specialist
We’re currently searching for an experienced and driven individual to join our team in the role of Information Security Framework Specialist. The successful candidate will work either remotely in locations throughout the Atlantic and East Coast time zones or from our HQ located in Cape Breton, Nova Scotia.
In this role, you will report to our Senior Director of Product and work with the product team to enhance the security policies that are generated by our automated system. You will focus on gap analysis and mapping of information security frameworks to existing documentation. Additionally, you will write policies based on responses to questions about a company's technology, culture, organizational structure, objectives, target market, and required regulatory and privacy considerations.
We ask that interested candidates upload their resumes in PDF format.
Responsibilities include but are not limited to:
- Translating complex security framework requirements into simple and readable policies, tasks and control activities.
- Analyzing existing policy content for gaps against various information security frameworks and standards
- Working with the Senior Director of Product in the research, scoping, planning and execution of product plans to incorporate new frameworks and regulations into existing content across the application.
- Keeping on top of changes to existing frameworks and standards, applying changes and continuous improvement into application content.
- Writing policy content.
- Writing additional helpful content to assist customers in the implementation and maintenance of policy.
- Writing and organizing the content in a product that helps people secure trust in their customers.
- Writing discovery questions and some select responses.
- Training an application to deliver content based on user responses to discovery questions.
Additional responsibilities may include:
- Interacting with customers to discover/define security requirements and solve real-world problems.
- Taking on additional responsibilities as the company scales and being challenged by the Senior Director of Product as deemed appropriate for your development in your role.
- Building and managing relationships with consultant and auditor partners to improve content quality and accuracy.
- Taking on responsibilities such as project management and service delivery management of advisory services, penetration testing and other professional services.
Experience or familiarity with several information security frameworks and standards such as ISO 27001, NIST CSF, NIST 800-171, SOC2, and more.
Core skills and experience:
- Ability to interpret and apply theory into practice.
- Outstanding written communication skills.
- Written and oral fluency in English is paramount.
- Bilingual or multilingual written and oral fluency is an asset.
- 1-3 years minimum working in information security is a must.
- A strong understanding of information security is a must.
- Strongly recommend having experience writing security policies.
- Relevant certifications include: ISO Implementor/auditor, CISSP, CISA, etc.
- Experience with SOC2 type I or type II a bonus.
- Experience as an ISO 27001 auditor or implementer is a bonus.
- Willingness to seek opportunities to improve the application, the content and the company in the form of receiving opportunities for paid (employer-paid) training, certifications and professional development.
- Display clear motivation about collaborating and communicating closely with other teams and stakeholders.
- Be willing to collaborate and assist teammates, share knowledge and experience with them, and learn from their knowledge and experience.
- Be open to receiving feedback and constructive criticism.
- Be prepared to give feedback and constructive criticism.
- Be a continuous learner and pursue self-improvement opportunities.
- Stay motivated about and remain current on industry trends and research in application, cybersecurity and information security.
More About Securicy:
High-growth companies use the Securicy platform to implement information security practices that win business.
It is becoming increasingly difficult for organizations to function in today’s technological world without having proper plans for data security. Enterprise organizations lead this charge, as they will not work with vendors who can’t prove their data to be secure. Startups and growing companies are losing major deals to inaccurate or insufficient answers to confusing security questionnaires. Plus, the cyber-attack and data breach risks they leave themselves vulnerable to.
Our web-based software enables organizations to efficiently implement, maintain and demonstrate a strong information security program. Securicy's software has navigated companies through the complex security requirements of major players like Microsoft, Netflix, National Bank, Target and more.