Position:	Full-Time
Location:	Remote
Start Date:	June 1, 2023
Nationality:	Any

Windows Management Experts (WME) is looking for a Senior Security Control Assessor role. As a Senior Security Control Assessor, you will play a critical role in ensuring the security and compliance of our organization. You will be responsible for conducting security assessments, identifying, and analyzing risks, and providing guidance to stakeholders on remediation strategies. As a key member of our security team, you will lead security assessments of critical systems and applications and ensure that they meet the requirements of our security policies and standards.

You will also develop and implement security procedures and controls and provide guidance on best practices to other members of the team. That said, you will be responsible for staying up to date with the latest security trends and technologies and applying that knowledge to improve our security posture.

You will have the opportunity to make a significant impact on our organization’s security posture. You will be joining a dynamic and collaborative team and will have the support of senior leaders to help drive change and innovation. The ideal candidate for this role will have extensive experience in security assessment, risk analysis, and compliance. You will be able to demonstrate a deep understanding of security frameworks such as NIST and be able to apply them to real-world scenarios. You will also have experience with security tools and technologies and be comfortable working with technical teams to implement and maintain security controls.

All in all, WME is looking for some exceptional communication and interpersonal skills in our new team member. The candidate’s toolbox must be diverse & complete. From being technically savvy to displaying a vigorous passion for learning beyond their traditional areas of expertise, the resource must prove to be an asset to the company.

Required SkillsQualifications/Education:

• Degree in Computer Science, Information Systems, or related discipline from an accredited college or University required.
• 5+ years of experience conducting security control assessments of all NIST 800-53 controls.
• Certification(s) in information technology (i.e., CISSP, CISM).
• Thorough knowledge of NIST 800-53 security controls and required documentation.
• Conducted security control assessments based on a Risk Management Framework approach.
• Experience conducting risk assessments and developing security assessment reports.
• Experience with security tools such as vulnerability scanners, intrusion detection/prevention systems, and security information and event management (SIEM) platforms.
• Strong understanding of cloud security concepts and experience with cloud service providers such as AWS, Azure, and Google Cloud.
• Experience with conducting security assessments of web applications and mobile applications.
• Knowledge of security requirements for compliance standards such as HIPAA, PCI-DSS, and GDPR.
• Ability to develop and deliver security awareness and training materials to technical and non-technical audiences.
• Experience with conducting security audits and working with auditors to ensure compliance with regulations and standards.
• Excellent communication skills and the ability to work collaboratively with cross-functional teams and stakeholders to achieve common security goals.

Responsibilities of the Senior Security Control Assessor:

• Conduct security control assessments and risk analysis of systems, applications, and infrastructure to identify vulnerabilities and potential threats.
• Develop and maintain security policies, standards, and procedures to ensure compliance with industry regulations and organizational requirements.
• Work with technical teams to implement and maintain security controls and systems and ensure that they meet security requirements.
• Provide guidance and recommendations to stakeholders on security best practices, risk mitigation strategies, and remediation plans.
• Develop and deliver security training and awareness programs to technical and non-technical staff to ensure that security is integrated into all aspects of the organization.
• Participate in incident response activities, investigate security incidents, and provide recommendations for remediation and prevention.
• Engage with third-party vendors and partners to ensure that their security controls meet organizational requirements and comply with industry regulations.
• Stay up to date with the latest security trends and technologies and apply that knowledge to improve the security posture of the organization.
• Conduct security audits and assessments to ensure compliance with regulatory requirements and industry standards.
• Lead security assessments for new projects, systems, and applications to identify and address potential security risks.
• Provide guidance and mentorship to junior members of the security team and help to build a culture of security within the organization.
• Develop and maintain relationships with key stakeholders, including technical teams, business leaders, and auditors, to ensure that security is integrated into all aspects of the organization.

Core Values:

• Integrity (Doing What’s Right)
• Inclusion (Encouraging Diversity)
• Teamwork (Working Together)
• Excellence (Being Your Best)
• Accountability (Taking Personal Responsibility)

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.