Sr Governance, Risk, and Compliance Engineer
Lowell, MA

Job Description

Job Opening ID:

00315174 Sr Governance, Risk, and Compliance Engineer (Open)

Job Title:

Sr Governance, Risk, and Compliance Engineer

Department:

IT, Telecom & Internet

Country:

United States of America

State/Province:

Arkansas

City:

Lowell

Full/Part Time:

Full time

Shift:

Job Description Summary:

Reporting to the E&T GRC (Governance, Risk, and Compliance) Manager, the Sr GRC Engineer significantly contributes to the security governance and control program focused on security policies and standards, IT Control governance, security awareness training, and IT security audits. IT Control governance involves the investigation of company risk, identification of mitigating factors, and development and evaluation of security controls. Responsible for the facilitation of product risk management processes and collaborating cross-functionally to help mature and execute the product risk management framework. Collaborates cross-functionally with IT and business teams to analyze and define security policies and information security standards.

Job Description:

Key Responsibilities:

* Conducts network and application security scans and tests by using a variety of technical security tools to reduce vulnerability of company information systems.
* Studies and interprets past security events and current security threats to improve security defenses by developing and implementing new tools and processes.
* Consults on information security best practices by researching and analyzing company technical initiatives to mitigate risk.
* Evaluates and implements new security technology and toolsets to ensure optimal security posture.
* Communicates developing security threats associated with specific business related data exchanges and connectivity to senior leadership.
* Influences direction for protecting the company's data assets by sharing security expertise with other technology departments.

Additional Responsibilities

* Participate in the review and update cycle for security policies, standards, and controls. Engage with subject matter experts to address new requirements and emerging business needs in a secure manner.
* Conduct periodic security audits against documented controls and remediate findings.
* Conduct periodic user access reviews (UAR) of systems to ensure appropriate access levels across all job roles.
* Coordinate security risk assessments for new products & solutions.
* Maintain a risk register and risk visual with clearly defined owners for each risk.
* Develop and deliver training and awareness content to educate the business about security risks, IT security controls and other GRC programs as needed.
* Contribute to a culture where security and risk management are considered foundational rather than afterthoughts.
* Collaborate with team members to analyze information and formulate recommendations and reports for management review and decision making.
* Consult with the Internal Audit, HR, and Legal teams to resolve potential legal compliance issues.
* Ensure excellent consistency, documentation, and process across all programs.
* Build solid working relationships with business stakeholders to maintain and improve product and application security processes.
* Comprehensive understanding of Technical, Administrative and Physical controls to safeguard information security.

Education:

Bachelor's degree in Computer and Information Science, Engineering, or related field, or foreign equivalent, or suitable combination of education, experience and training; plus 4 years of experience in Security Operations or Information Technology.

Preferred Qualifications:

* Experience with work-related Governance, Risk, and Compliance (e.g. product security, IT security, secure software development, risk assessment and vulnerability management)
* Highly knowledgeable of regulations and security standards such as SOX, PCI, HIPAA, GDPR, CCPA, etc.
* Knowledgeable of popular application security standards including NIST 800, ISO 27001, OWASP TOP 10, SANS TOP 25, etc.
* Experience in one or more of the following areas: Security Risk Management, Security operations, Network Administration, Systems Administration, SDLC, Encryption, Asset Management, Identity and Access Management, IT operations.
* Experience conducting security risk assessments of revenue-generating products and solutions.
* Experience developing and editing security policies
* Experience developing third-party risks
* Certified Ethical Hacker (CEH) and/or GIAC Security Essentials (GSEC)
* Certified Information Systems Security Professional (CISSP)
* Microsoft Certified Systems Engineer (MCSE)

Preferred Qualifications:

Qualifications:

Education:

Bachelors: Chemical Engineering, Bachelors: Civil Engineering, Bachelors: Computer and Information Science, Bachelors: Computer Engineering, Bachelors: Electrical Engineering, Bachelors: Industrial Engineering, Bachelors: Mechanical Engineering

Language:

English (Required)

Work Experience:

Information Technology/Systems, Security Operations

Certifications:

Certified Ethical Hacker (CEH) - International Council of Electronic Commerce Consultants (EC-Council), Certified Information Systems Security Professional (CISSP) - International Information System Security Certification Consortium (ISC)², Certified Systems Engineer (MCSE) - Microsoft Corporation, Security Essentials Certificate (GSEC) - Global Information Assurance Certification (GIAC)

Competencies:

Digital Forensic Tools (Extensive Experience), Firewall Management (Extensive Experience), Information Security Management (Extensive Experience), Information Security Operation Center (ISOC) (Working Experience), Intrusion Detection and Prevention (Extensive Experience), Network and Internet Security (Extensive Experience), Vulnerabilities Assessment (Extensive Experience)

Responsibilities:

Communicates developing security threats associated with specific business related data exchanges and connectivity to senior leadership, Consults on information security best practices by researching and analyzing company technical initiatives to mitigate risk., Evaluates and implements new security technology and toolsets to ensure optimal security posture, Influences direction for protecting the company's data assets by sharing security expertise with other technology departments, Studies and interprets past security events and current security threats to improve security defenses by developing and implementing new tools and processes

Company Overview:

Fortune 500 experience. Career Development. Nation-wide opportunities. We are J.B. Hunt.

Our success comes from strategically placing you in the most suitable role. Whether you have a passion for operations, sales, engineering, or information technology, we can jump start your career!

J.B. Hunt Transport, Inc. is no stranger to the transportation logistics industry. From our humble beginnings in 1961, with only five tractors and seven refrigerated trailers, we have evolved into one of the largest transportation logistics companies in North America. We provide safe and reliable transportation services throughout the United States, Canada and Mexico. Our four business segments (Intermodal, Dedicated Contract Services, Truckload, and Integrated Capacity Solutions) allow us to provide customized freight solutions for customers big and small. It's no wonder we have been named one of America's Most Admired Companies by Fortune Magazine.

J.B. Hunt Transport, Inc. is committed to basing employment decisions on the principles of equal employment opportunity without regard to race, color, religion, sex, national origin, age, persons with disabilities, protected veterans or other bases by applicable law.

"This job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions."