Information Security Programs Administrator - Associate

Job Title: Information Security Programs Administrator

Corp Level : Associate I

Location: COE

Key responsibilities:

• Track the performance of security measures to protect information and network infrastructure and computer systems 
• Responsible for the operations of the Third-Party Cyber Risk Management program.
• Conduct thorough risk assessments of third-party vendors and partners.
• Implement risk management strategies to mitigate potential threats.
• Monitor and review third-party compliance with security policies and standards.
• Collaborate with Revantage and Portfolio Companies IT and third parties on their remediation effort
• Collaborate with procurement and legal teams to ensure security requirements are included in contracts.
• Perform annual reviews of provider SOC reports and document the review for audit reviews
• Responsible for the operations of the Security Awareness Training program.
• Administer and maintain the KnowBe4 security awareness training platform.
• Develop and deliver engaging security awareness programs to educate employees on best practices.
• Track and report on training completion rates and effectiveness.
• Continuously update training materials to reflect the latest security threats and trends.
• Maintain policies and procedures for identity and access governance.
• Ensure proper access controls are in place and regularly reviewed.
• Maintain recertification processes and update/remove reviewers.
• Run IAM reports to clean up unused accounts.
• Run reports on stale groups and perform clean-up
• Represent security in annual external audits
• Maintain policies and procedures for SSPM and oversee related operations
• Conduct regular security posture assessments and implement necessary improvements.
• Sort and report on critical vulnerabilities, setting up reports and rules for notifications. Prioritize and assign vulnerabilities by categories to the infrastructure team.
• Identify and clean up dormant users.
• Run regular security posture reports
• Maintain policies and procedures for CSPM and oversee related operations
• Identify and mitigate risks in cloud environments through continuous monitoring and automated remediation.
• Prioritize and assign vulnerabilities by categories to the infrastructure team.
• Discover and integrate additional tools with CSPM tool for enhanced monitoring
• Maintain policies and procedures and administer the vulnerability management program. Assign vulnerabilities by categories to the infrastructure team to remediate
• Monitor DLP and Insider Threat Management systems and respond to alerts
• Monitor systems for irregular behavior and set up preventive measures. 
• Maintain secure, resilient enterprise-grade cloud processes in tandem with architects and system engineers.
• Develop, maintain, and utilize scripts for various administrative and application purposes. 
• Stay apprised of current and proposed security changes impacting regulatory, privacy, and security industry best practice guidance. Apply learned knowledge across key business lines, including products, practices, and procedures.
• Respond to ServiceNow security tickets, troubleshoot, and resolve reported issues.
• Participate in the change control process.
• Participate in on-call duties during assigned periods.
• Perform other duties as assigned.

WHAT YOU BRING TO THE ROLE

Required: 

• Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
• Minimum 2 years experience in security and systems administration with Azure cloud infrastructure, including software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS).
• Solid understanding and experience with administering Windows operating systems and Microsoft Azure cloud ecosystem, including administrative use of PowerShell.
• Knowledge of Microsoft Word, Excel, PowerPoint, and Power BI for creating reports & metrics dashboards
• Excellent verbal and written communication skills

Preferred: 

• Preferred experience with Wiz, Adaptive Shield, Veza, Linux, Python, Microsoft  Defender, Microsoft Sentinel and other cloud ecosystems 
• Security certifications such as CCSP, CISSP, Azure Security Engineer or similar  certifications