ELEVATE is seeking an experienced IT Information Security Lead. This is a vital role in leading ELEVATE’s posture around IT Security and infrastructure management covering such aspects as Information Risk Management (IRM), Cybersecurity Incident and impact assessment, understanding these risks in context of the IT control environments and covering all related applications and platforms. This role will evaluate and establish scalable infrastructure and appropriate security controls for ELEVATE’s enterprise applications which will transform the way brands and retailers assess their supply chains and drive improvements.
- Develop technical requirements, policies, procedures and controls for network, system and data security
- Provide technical guidance to application teams and implement the necessary security configurations related to the infrastructure and applications
- Define appropriate framework for cybersecurity monitoring and implement cybersecurity control mechanisms which are consistent with ELEVATE strategy
- Manage end-to-end project management from initiation to deployment and rollout as well as post-implementation on Information Security including establishment of policies, the deployment of Security Controls & Framework, DevSecOps best practices, etc.
- Ensure appropriate network, infrastructure and application security hardening and resiliency – especially in the context of cloud hosted applications or platforms (e.g. AWS, Office 365, etc.)
- Manage information system security operations, including executing and reporting on security operations performance
- Implement general IT risk and control mechanism such as access controls, and IT operations controls
- Detect, identify and monitor security vulnerabilities and make recommendations on remediation actions
- Act as a focal point for internal/external audit around technology risk and information security matters
- Lead IT projects that cover IT Infrastructure and IT Security and establish specifications, functional requirements, test plan, and use cases, etc. for the same
- Manage and oversee the Office 365 platform from a security policy and security controls perspective.
- Lead and/or support company wide initiatives around security assessments, penetration testing, mock-phishing, end user information security education, etc. to ensure we have a strong security posture
- Implement best practices around security and help with security “hygiene” aspects incl. monitoring, log reviews, SDLC/code compliance against OWASP Top 10, etc.
- Lead incident investigations, reporting and remediation actions – and participate in on-call rotations as required.
- Other duties as assigned.
Requirement and Qualifications
- At least 5 years working experience on IT Information Security such as Application Security, and security architecture
- Knowledge of enterprise infrastructure, AD, Group Policy, Office 365, Identity and Access Management, Windows, Linux, VMware, cloud services such as AWS and GCP.
- Strong understanding of Application Design including web, mobile and backend platforms, Cloud Security, TCP/IP, system and network fundamentals.
- Experience with Atlassian suite of tools: JIRA, Confluence, BitBucket
- Understanding of system monitoring and application logging solutions (SumoLogic, New Relic, Nagios, Graphite, Grafana, Logstash, InfluxDB, Solarwinds)
- Knowledge of common information security management frameworks, including but not limited to: ISF, ISO 27000, ITIL, COBIT and NIST is desired.
- Professional security management certification, such as a CISSP, CISM, CEH is desired
- Professional certification on Penetration Testing such as OSCP/E, GWAPT, GPEN, or GXPN certification(s) or other similar credentials will be an added advantage.
- Holder of professional qualification(s) any of Project Management, Security, Cloud, Linux, or MS certifications is advantageous
- Good problem-solving skill for handling complex issues
- Strong written and oral communication skills including the ability to communicate complex issues to technical and non-technical staff and management.
- Good leadership and communication skills, team player with multi-tasking capabilities and able to meet tight deadline
- Highly motivated team player with excellent analytical, written, verbal communications and presentation skills is required.