The Lead Information Security Engineer is a member of the Information Security Governance and Risk team that is responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with corporate policy, standards, procedures and industry best practices. The engineer will work with project managers and developers to assess the security risks associated with new applications and products; provide security requirements; coordinate vulnerability assessments; and present an overall risk assessment for the project. The engineer supports the International Business Risk Program by establishing/improving processes to conduct risk assessments on proposed international activities; eliciting business requirements from multiple business stakeholders; converting business requirements to technical requirements and coordinating with project teams; and facilitating meetings with the International Business Risk Review Council (IBRRC), if necessary
Assess potential risks with new products and services and provide security requirements and recommendations for risk mitigation.
Architect new information security systems and controls to mitigate emerging threats and risks across the company.
Consult as security subject matter expert with network architects, engineers, and others on security solutions.
Ensure reports and findings are delivered in a timely and appropriate manner to management, operations and executive leadership.
Recommend new security policy, standards, best practices, and system configuration standards. Consult with internal clients on security topics and policy interpretation.
Analyze requests for exceptions to the Information Security Policy, identify risk mitigation steps that should be taken, and make recommendations to the business for accepting the risks associated with exceptions.
Test potential security solutions to validate features and functions, partnering with other organizations in the resolution of interoperability issues to obtain successful integration of security solutions across all platforms.
Understand new laws and regulations and provide consultation, recommendations, and implementation advice to the organization. Make necessary adjustments to the Information Security Policy. Proactively identify higher risk areas of the corporate and carrier infrastructure for assessment.
Work with Product Development on new security-related product offerings and services for customers.
Assess operational business processes to identify opportunities to integrate security risk assessments for greatest impact.
Proactively identify higher risk areas of the corporate and carrier infrastructure for assessment.
Coordinate activities across multiple departments and business units
Bachelor’s degree in Computer Science, Engineering, or related field, plus 8+ years of relevant experience.
Experience in performing security risk assessments and application, system and network security.
Experience with technologies, tools and process controls to minimize risk and data exposure.
Experience in network and/or firewall engineering, administration, design and implementation including experience in applying methodologies and principles for all levels of security.
Must possess, or be willing to pursue, current applicable professional/technical certifications, such as CISSP, GPEN, GWAPT, GISEC, CISM or CISA.
Strong oral and written communication skills and comfort with presenting technical issues to all levels of management, as well as non-technical staff.
Must possess broad technical knowledge of current and emerging technologies used both within the corporate infrastructure and in delivering customer facing services.
Knowledge of information security industry and regulatory obligations (ISO 27001/27002, SOX, PCI, NIST Framework, FISMA, FedRAMP, HIPAA, NACHA, SSAE-16 and GDPR).
Application development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, PERL, Python, or Java.
Knowledge of project management practices.
Experience in large Enterprise data centers and/or networks.
Alternate Location: US-Colorado-Denver
Requisition #: 217693
This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.