Information Security Specialist
Title: Information Security Specialist
Location: Stamford, CT
Type: Contract 6 months with poss/ extension
- 3-6 years of experience in cyber security/ info security programs
- Experience with implementing data privacy policies/ procedures, GDPR or NIST security frameworks
Our client is a giant media company seeking an Information Security Specialist to support the company’s data security and privacy initiatives, including new privacy regulations associated with the General Data Protection Regulation (GDPR).
The Information Security Specialist will work in collaboration with the Information Security division and the GDPR project team to implement controls, policies and standards to further mature overall data security program. In addition, the role of the Information Security Specialist will be responsible for supporting the development of data privacy policies and practices required to meet GDPR compliance.
The successful candidate will have experience and knowledge in Information Security and concepts relating to data management, data security, user access provisioning, application security, system management and security operations (SecOps).
- Work with the Information Security department, Legal department and the GDPR program team in the development of security and data privacy policies and practices.
- Support GDPR compliance initiative, including short and long term goals.
- Partner with internal departments to implement privacy and security by design, including assisting in identifying and documenting gaps and risks associated with data compliance.
- Evaluate established data security controls for effectiveness and efficiency.
- Work with internal IT support teams in developing incident response procedures.
- Work with internal IT support teams for improving overall logical access controls and Principle of Least Privilege (PoLP).
- Work with internal IT support teams in evaluating application security, data encryption methods and technologies.
- Work with internal IT support teams in evaluating data security in relationship to private and public cloud platforms.
- Assist the internal IT support teams in developing and documenting the security hardening of the Microsoft Windows 10 image and deployment to key business units.
- Work with the designated Technical Writer in documenting current data security and privacy programs.
- Participate in and support a Privacy Impact Assessment (PIA).
- Work with and support the GDPR Program Manager in the completion of a Data Protection Impact Assessment (DPIA).
- Assist and support the GDPR Program Manager in day-to-day activities relating to established data privacy and compliance projects.
- Four year degree in computer science or related combined work/education experience.
- Three to five years of experience in cyber security/information security.
- Experience in data compliance programs a plus.
- Familiarity with European Data Privacy requirements (e.g. GDPR) a plus.
- Certified Information Systems Security Professional (CISSP) a plus.
- Experience in the implementation of CIS Controls in a practical and systematic manner.
- Knowledge in Microsoft Windows Server file permissions and Active Directory Services (ADS).
- Knowledge in IT Infrastructure and Data Management technologies.
- Knowledge in vulnerability and patch management programs.
- Experience in developing and implementing end-point protection programs.
- Experience in application security, user access permissions and controls
- Knowledge in cloud security architectures as it relates to data protection.
- Experience working within a global, IT organization.
- Ability to analyze complex information and identify key and relevant points, including communicating in a relevant and easy to understand manner.
- Practical experience in implementing security policies, procedures and technologies.
- Strong verbal and written communication skills.
- Excellent interpersonal skills.
- Strong attention to detail, well-organized, and able to manage time efficiently.
- Team player with ability to deal effectively with individuals at all levels.
- High degree of initiative requiring little or no supervision, sound judgment, and the ability to prioritize assignments, solve problems, and meet deadlines.
- Ability to produce high-quality work in a timely fashion in a fast-paced environment.