Job IdN1966268Job TitleIT Security Engineer, Sr. Staff (Risk Management)Post Date08/28/2018Company-DivisionQualcomm Incorporated-Information Technology
Job AreaEngineering - Security
LocationCalifornia - San Diego
Job OverviewThe Information Security & Risk Management organization is looking for a strong team player with significant industry experience in cyber security risk management and regulatory compliance. The role will evangelize security practices, lead risk management, compliance activities, and provide internal consulting to various corporate services. The candidate will be working in a global, cross-functional role that will ensure consistent application of Information Security best practices to the business. The candidate will also partner with various internal/external stakeholders and internal support organizations to ensure alignment and quality execution. The candidate should be comfortable working with a technical team, talking to clients, mentoring colleagues and documenting processes.The responsibilities of this role include: Working independently with little supervision.Taking responsibility for own work and making decisions with more significant impact, influencing overall program or project success, finances, and/or the ability to meet objectives; errors are not readily apparent due to the complexity of work process/product or time between decisions and results; errors typically result in significant expenditure of time, resources, and funds to correct. Using verbal and written communication skills to convey complex and/or detailed information to multiple individuals/audiences with differing knowledge levels. Role may require strong negotiation and influence, communication to large groups or high-level constituents.Having a moderate amount of influence over key organizational decisions (e.g., is consulted by senior leadership to provide input on key decisions).Using deductive and inductive problem solving is required; multiple approaches may be taken/necessary to solve the problem; often information is missing or conflicting; advanced data analysis and interpretation skills are required.Exercising exceptional creativity is needed to innovate new ideas and develop innovative products/ processes without established objectives or known parameters.PRINCIPAL DUTIES AND RESPONSIBILITIES: Works with cross-functional teams to harden large and highly visible environments according to security policies.Identifies and examines unusual or difficult to identify vulnerabilities in large systems.Drives technical conversations to ensure the right path is followed to project completion.Serves as a technical lead on multiple large projects/systems, assigns work to a project team, and works on more advanced tasks to complete a project.Determines the best strategies to solve current and future challenges associated with area of expertise.Proactively identifies trends in the industry that may create vulnerabilities for Qualcomm.Works with IT stakeholders to identify opportunities to detect and respond to emerging threats.Collaborates with business partners to identify system solutions or other complex technical information.Communicates within and outside of project team to resolve conflicts in implementation schedules, design challenges, and other complexities.Re-scopes projects based on discussions with business partners, identifies resources, delegates work, and reviews the work of team members in order to address changing timelines or priorities.Networks with colleagues across and outside the organization to gain insights, ideas, and connections.All Qualcomm employees are expected to actively support diversity on their teams, and in the Company.Minimum Qualifications" id="hdnMinimumQualifications" />Bachelor's degree and 7+ years IT-relevant work experience OR 9+ years IT-relevant work experience without a bachelors degree.
Preferred Qualifications7+ years experience in IT, Cyber Security, or related area.4+ years experience with Programming Language such as C, C++, Java, etc. 4+ years experience with network monitoring software such as Nagios, Wireshark, Snort, etc. 6+ years experience in software and/or application testing (e.g., creating test cases and prototype environments, QA, software or application testing).3+ years leadership role in projects/programs.OCSP Certification.Will have a professional demeaner and have experience presenting to executive leadershipWill have a demonstrable track record for taking initiative and getting things done under ambiguous direction.Will have experience with industry standards and regulations, including GDPR, NIST CSF, ISO 27001, and NIST Risk Management Framework (800-39/37) Will be knowledgeable in a wide variety of industry governance, risk, and compliance tools and reporting systemsExceptional communications skills with fluency in English desiredWill have a track record of flexibility and versatility to adapt to the ever-changing threat environment and business drivers that influence the projects and priorities of ISRMCan manage complex programs or projects on a global scaleExperience in designing, implementing and maintaining a risk management and assessments programExperience with responding to security audits (internal and customer-based) Knowledge of Network Security, protocols and standardsExcellent cross functional relationship building skillsAt least six years of hands on information security experience in a mid- to large-sized enterprise environment with thorough understanding of compliance issues, ISO 27001/2, EU privacy and data protectionOther preferred skills include:-Ability to follow, enhance, and create processes that support compliance activities-Ability to document, enhance, and create compliance metrics and Key Performance Indicators-Contractual reviews (from a security and privacy perspective)-Experience with Works Councils a plusEducation Requirements
OCSP Certification preferred" id="hdnEducationalRequirements" />Bachelor's degree and 7+ years IT-relevant work experience OR 9+ years IT-relevant work experience without a bachelors degree.
OCSP Certification preferredKeywordscyber security, risk management, compliance
Qualcomm is a semiconductor company that designs, manufactures, and markets digital wireless telecommunications products and services.