Engineer, Security Risk
Company DescriptionAt Brightspeed, we are reimagining how people live, work, play and connect by providing fast, reliable internet connections and an awesome customer experience in twenty states throughout the Midwest and South.
Backed by funds managed by Apollo Global Management,our vision is to accelerate the upgrade of copper to fiber optic technologies, bringing faster and more reliable internet service to many rural markets traditionally underserved by broadband providers, while delivering best-in-class customer experience.
Be a part of the team that will make this vision a reality.
designing and building a world class fiber network and creating a customer experience second to none.
Check us out on the web! Job DescriptionWe are seeking an Engineer, Security Risk to join our growing team! In this role, you will report directly to the Director of Security Risk Management and Governance to lead efforts in identifying, assessing, and mitigating security risks across the enterprise.
You will be responsible for developing and implementing security policies, procedures, and guidelines that align with industry standards and regulatory requirements.
Additionally, this role will manage security compliance and governance activities across the organization.
The Risk Management and Governance teams primary functions include:
Risk Management FrameworkRisk Identification & MitigationRisk Exception Process (Acceptance)Data Security ManagementData Loss PreventionSecurity Training & AwarenessLegal Hold StrategyCloud Posture Management & Workload ProtectionGoverning Documents (Policy, Standards, Process, Guidelines)Vulnerability ManagementThird Party Security Risk Life CycleThird Party Risk Mgmt.
FrameworkThird Party Security AssessmentsThird Party High-Risk DashboardContractual Security AddendumContract NegotiationsBusiness Interface, Risk Discussions, Business Risk AcceptanceThird Party Process OptimizationThird Party Software ReviewThe role requires a strong background and understanding of all cybersecurity domains.
You will use a business risk-based approach to the decision-making process.
Brightspeed is a cloud-first (Azure, GCP, and SaaS) company with a significant data center presence.
This model will require you to consider security across a diverse portfolio of assets and networks.
In this role, you will have an understanding of the complexities of the telecommunications and ISP (internet service provider) networks.
You will be able to adapt quickly and manage constant change effectively.
You will also need to be able to manage conflict during complex and contentious risk management discussions, ensuring that they care for the risk to Brightspeed's business.
Ultimately, this position is about managing security risk vs.
business risk.
As the Engineer, Security Risk, your duties and responsibilities will include:
Risk Assessment:
Conduct comprehensive risk assessments to identify potential vulnerabilities and threats in the organization's information systems, networks, and applications.
Analyze security controls and processes to evaluate their effectiveness in mitigating risks.
Vulnerability Management:
Identify and track security vulnerabilities using scanning tools, penetration testing, and other methodologies.
Collaborate with system administrators and developers to prioritize and remediate addition, this role will be responsible for coordinating zero-day vulnerability remediation with the security operations team.
Threat Modeling:
Develop threat models to understand potential attack vectors and assess the impact of security incidents.
Analyze the organization's infrastructure and applications to identify areas of concern and propose appropriate countermeasures.
Security Architecture Review:
Evaluate the design and implementation of new systems, applications, and infrastructure components to ensure compliance with security standards and best practices.
Recommend security controls and enhancements to mitigate risks.
Security Policies and Procedures:
Develop and maintain security policies, standards, and guidelines to align with industry best practices and regulatory requirements.
Provide guidance and training to employees on security-related mattersRisk Reporting:
Prepare and present risk assessment reports, security metrics, and executive summaries to stakeholders, including management, technical teams, and business units.
Communicate complex security risks in a clear and concise manner.
Evaluate IT/Network software and hardware for security risks and compliance while providing recommended mitigations, approvals, and risk acceptanceCollaborate with internal stakeholders, including executive leadership, legal, compliance, IT, and Network teams, to ensure security risk management and governance strategies are integrated into business operations.
Conduct security audits and assessments, and monitor compliance with security policies, procedures, and standards.
Project manage various security projects across all verticals.
Manage risk acceptance intake, processing, and periodic reviews.
Develop and foster strong peer-to-peer relationships across all interfacing security teamsPartner with teams across Brightspeed to identify and deliver shared outcomes that measurably improve the security posture across the organizationStay current with emerging security threats, vulnerabilities, and best practices, and recommend appropriate actions to mitigate riskQualificationsWHAT IT TAKES TO CATCH OUR EYE:
Bachelor's Degree in Cyber Security, Computer Science, or directly related field5
years of experience in cyber security5
years of experience managing and mitigating business risk5
years in a variety of telecommunications and IT rolesStrong knowledge of security risk management principles and practices, including risk assessment, mitigation, and managementBroad knowledge and experience in all eight cyber security domainsExperience developing and implementing security policies, procedures, and standardsProficiency in conducting risk assessments, vulnerability assessments, and threat modelingKnowledge of relevant regulations and standards, such as NIST, SOX, and PCIWorking knowledge of standard computer software, including MS Excel, Office, and WordAbility to work in a fast-paced environment with competing time-sensitive prioritiesStrong attention to detail to ensure that policies and standard procedures are followedExcellent communication and collaboration skills, including the ability to effectively communicate security risk management and governance strategies to both technical and non-technical stakeholdersExperience with security technologies, such as firewalls, intrusion detection/prevention systems, and security information and event management (SIEM) systemsExperience leading security risk assessments and developing risk management frameworksStrong analytical skills and the ability to identify and prioritize security risksKnowledge of secure coding practices and software development lifecycle (SDLC) securityExcellent problem-solving and analytical skills with the ability to prioritize and manage multiple tasksStrong communication and presentation skills to effectively convey complex security concepts to technical and non-technical stakeholdersBONUS POINTS FOR:
Certified Information Security Systems Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) #LI-SS1Additional InformationAll your information will be kept confidential according to EEO guidelines.
WHY JOIN US?We aspire to contemporary ways of working.
We are committed to being a leader in defininga new way to workbecause we recognize the changing mindset of today's workforce.
We have a brand new, state-of-the-art corporate HQ in Charlotte, NC and our current priority is to make it a truly vibrant destination by hiring talent in the greater Charlotte area.
Why? Becauseour purpose is to reimagine how people work, learn, play and connect!We offer competitive compensation and comprehensive benefits.
Our benefits and paid time off programs reflect our underlying belief in promoting overall wellness throughphysical, emotional and financial health.
We are committed to building a team as diverse as the customers we serve.
Diversity, equity and inclusionare at the center of our grounding belief inBeing Real.
When we bring our authentic selves to work, everyone is better as a result.
A diverse team helps us befierce advocatesfor moreaccessible,inclusiveand high-quality internet, because webelieve doing so promotesequityin the communities we serve.
Brightspeed is an Equal Opportunity EmployerFor all applicants, please take a moment to review our Privacy Notices:
Brightspeed's Privacy Notice for California ResidentsBrightspeed's Privacy NoticeVideos To Watch Recommended Skills Adaptability Analytical Architecture Assessments Attention To Detail Certified Information Security Manager Estimated Salary: $20 to $28 per hour based on qualifications.
Backed by funds managed by Apollo Global Management,our vision is to accelerate the upgrade of copper to fiber optic technologies, bringing faster and more reliable internet service to many rural markets traditionally underserved by broadband providers, while delivering best-in-class customer experience.
Be a part of the team that will make this vision a reality.
designing and building a world class fiber network and creating a customer experience second to none.
Check us out on the web! Job DescriptionWe are seeking an Engineer, Security Risk to join our growing team! In this role, you will report directly to the Director of Security Risk Management and Governance to lead efforts in identifying, assessing, and mitigating security risks across the enterprise.
You will be responsible for developing and implementing security policies, procedures, and guidelines that align with industry standards and regulatory requirements.
Additionally, this role will manage security compliance and governance activities across the organization.
The Risk Management and Governance teams primary functions include:
Risk Management FrameworkRisk Identification & MitigationRisk Exception Process (Acceptance)Data Security ManagementData Loss PreventionSecurity Training & AwarenessLegal Hold StrategyCloud Posture Management & Workload ProtectionGoverning Documents (Policy, Standards, Process, Guidelines)Vulnerability ManagementThird Party Security Risk Life CycleThird Party Risk Mgmt.
FrameworkThird Party Security AssessmentsThird Party High-Risk DashboardContractual Security AddendumContract NegotiationsBusiness Interface, Risk Discussions, Business Risk AcceptanceThird Party Process OptimizationThird Party Software ReviewThe role requires a strong background and understanding of all cybersecurity domains.
You will use a business risk-based approach to the decision-making process.
Brightspeed is a cloud-first (Azure, GCP, and SaaS) company with a significant data center presence.
This model will require you to consider security across a diverse portfolio of assets and networks.
In this role, you will have an understanding of the complexities of the telecommunications and ISP (internet service provider) networks.
You will be able to adapt quickly and manage constant change effectively.
You will also need to be able to manage conflict during complex and contentious risk management discussions, ensuring that they care for the risk to Brightspeed's business.
Ultimately, this position is about managing security risk vs.
business risk.
As the Engineer, Security Risk, your duties and responsibilities will include:
Risk Assessment:
Conduct comprehensive risk assessments to identify potential vulnerabilities and threats in the organization's information systems, networks, and applications.
Analyze security controls and processes to evaluate their effectiveness in mitigating risks.
Vulnerability Management:
Identify and track security vulnerabilities using scanning tools, penetration testing, and other methodologies.
Collaborate with system administrators and developers to prioritize and remediate addition, this role will be responsible for coordinating zero-day vulnerability remediation with the security operations team.
Threat Modeling:
Develop threat models to understand potential attack vectors and assess the impact of security incidents.
Analyze the organization's infrastructure and applications to identify areas of concern and propose appropriate countermeasures.
Security Architecture Review:
Evaluate the design and implementation of new systems, applications, and infrastructure components to ensure compliance with security standards and best practices.
Recommend security controls and enhancements to mitigate risks.
Security Policies and Procedures:
Develop and maintain security policies, standards, and guidelines to align with industry best practices and regulatory requirements.
Provide guidance and training to employees on security-related mattersRisk Reporting:
Prepare and present risk assessment reports, security metrics, and executive summaries to stakeholders, including management, technical teams, and business units.
Communicate complex security risks in a clear and concise manner.
Evaluate IT/Network software and hardware for security risks and compliance while providing recommended mitigations, approvals, and risk acceptanceCollaborate with internal stakeholders, including executive leadership, legal, compliance, IT, and Network teams, to ensure security risk management and governance strategies are integrated into business operations.
Conduct security audits and assessments, and monitor compliance with security policies, procedures, and standards.
Project manage various security projects across all verticals.
Manage risk acceptance intake, processing, and periodic reviews.
Develop and foster strong peer-to-peer relationships across all interfacing security teamsPartner with teams across Brightspeed to identify and deliver shared outcomes that measurably improve the security posture across the organizationStay current with emerging security threats, vulnerabilities, and best practices, and recommend appropriate actions to mitigate riskQualificationsWHAT IT TAKES TO CATCH OUR EYE:
Bachelor's Degree in Cyber Security, Computer Science, or directly related field5
years of experience in cyber security5
years of experience managing and mitigating business risk5
years in a variety of telecommunications and IT rolesStrong knowledge of security risk management principles and practices, including risk assessment, mitigation, and managementBroad knowledge and experience in all eight cyber security domainsExperience developing and implementing security policies, procedures, and standardsProficiency in conducting risk assessments, vulnerability assessments, and threat modelingKnowledge of relevant regulations and standards, such as NIST, SOX, and PCIWorking knowledge of standard computer software, including MS Excel, Office, and WordAbility to work in a fast-paced environment with competing time-sensitive prioritiesStrong attention to detail to ensure that policies and standard procedures are followedExcellent communication and collaboration skills, including the ability to effectively communicate security risk management and governance strategies to both technical and non-technical stakeholdersExperience with security technologies, such as firewalls, intrusion detection/prevention systems, and security information and event management (SIEM) systemsExperience leading security risk assessments and developing risk management frameworksStrong analytical skills and the ability to identify and prioritize security risksKnowledge of secure coding practices and software development lifecycle (SDLC) securityExcellent problem-solving and analytical skills with the ability to prioritize and manage multiple tasksStrong communication and presentation skills to effectively convey complex security concepts to technical and non-technical stakeholdersBONUS POINTS FOR:
Certified Information Security Systems Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) #LI-SS1Additional InformationAll your information will be kept confidential according to EEO guidelines.
WHY JOIN US?We aspire to contemporary ways of working.
We are committed to being a leader in defininga new way to workbecause we recognize the changing mindset of today's workforce.
We have a brand new, state-of-the-art corporate HQ in Charlotte, NC and our current priority is to make it a truly vibrant destination by hiring talent in the greater Charlotte area.
Why? Becauseour purpose is to reimagine how people work, learn, play and connect!We offer competitive compensation and comprehensive benefits.
Our benefits and paid time off programs reflect our underlying belief in promoting overall wellness throughphysical, emotional and financial health.
We are committed to building a team as diverse as the customers we serve.
Diversity, equity and inclusionare at the center of our grounding belief inBeing Real.
When we bring our authentic selves to work, everyone is better as a result.
A diverse team helps us befierce advocatesfor moreaccessible,inclusiveand high-quality internet, because webelieve doing so promotesequityin the communities we serve.
Brightspeed is an Equal Opportunity EmployerFor all applicants, please take a moment to review our Privacy Notices:
Brightspeed's Privacy Notice for California ResidentsBrightspeed's Privacy NoticeVideos To Watch Recommended Skills Adaptability Analytical Architecture Assessments Attention To Detail Certified Information Security Manager Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
