Job title: Info Security Gov & Risk Specialist
Locations: Charlotte NC, Denver CO, Iselin NJ, Frisco TX, or Bloomfield IL
Salary: On Discussion (W2 Only-No C2C/1099) + Benefits
VISA: USC/GC/H4 EAD/L2 EAD (OR ANY PERMANENT VISA)

SKILLS:
Cybersecurity
Information Security Governance
Understand and disect Policy
Security Management
VMware
CIS Benchmarks, DISA STIGs, SRGs
National Vulnerability Database (NVD) and Common Vulnerability Enumeration (CVE)

Description:

Team:
Team sits in Cyber Sec
Front door for everything standpoint
People who work withd detect
Work with services to ensure configuration are in TIAA standards and controls
Consists with 10 resource types:
Asset types they monitor: Cloud resources( (AWS, GCP, Container, SAS), on prem (network configurations, databases, storage, middleware)

Role Description:
Partner with resources to benchmark (industry minimum requirements - Servers in prod environment, make sure they are configured within TIAA standards).
Windows - pull benchamarks with this server, mirror with control and standards at TIAA, configure like suck
Collaboration, vetting and help provide from team, to make sure everything to be considered secure
Baseline review = Call this vetting process (min requirements, mapping against, consolidation into one file or record)
Baseline created is used as code of requirements to get server tool to be secure in production environment

Day to Day:
Understand and read through benchmark material
Mapping Requirements
Configuration compliance team to make sure they are a baseline and oversite of scanning tools and remediate when needed
Tool white papers - might not be guidance on all, use Skids, use CBE
Break (Findings) - collaborate with other individuals to make sure remediation is being completed
Lots of work on Cyber Improvement
Track work and building on program from past two years to get it to maturity
Touch points with CCO and flexible to participate with C-suite individuals

Experience Needed:
Agile environment - JIRA, serviceNow
3+ years of Cybersecurity
Remediation exp
Governance - Info Security exp
Tenable, Wiz - some technical exp with Industry knowledge with looking at benchmark configurations

Info Security Gov & Risk Specialist
Defines, enhances, and implements information security configuration controls, while ensuring consistent and effective information security administration procedures and processes.

Key Responsibilities and Duties

• Review industry configuration safeguards and monitor compliance for infrastructure assets: databases, workstations, network, middleware, servers, cloud services, and mobile
• Partners with multiple business stakeholders to drive work and monitor through completion
• Analyze internal information security controls and convert control criteria and their severity into functional compliance scanning results
• Create and support program governance documentation such as standard operating procedures, control assessments and training materials
• Monitor industry security updates, technologies and best practices to improve security management
• Generate metrics and reports in assigned functional business area to inform decisions on tactical issues that impact the business
• Perform QA/QC activities to drive configuration management program maturity
• Support remediation efforts through gap identification and action plan creation to operationalize scan results
• Participates in various tool testing and validation efforts for on-prem and cloud scanning
  
  Required Qualifications
• Bachelor's degree in IT or Cybersecurity
• Experience with developing, customizing, reviewing and updating a wide range of enterprise security configuration baselines, with input from subject matter experts
• Experience interpreting and applying CIS Benchmarks, DISA STIGs, SRGs, and has an awareness of the National Vulnerability Database (NVD) and Common Vulnerability Enumeration (CVE)
• 1 year of direct experience working with teams in an agile and horizontal environment
• Experience with remediation activities within Cybersecurity
• Ability to translate the low-level security baseline requirements into security baselines
• Ability to work independently to anticipate needs, support a changing landscape and willingness to act with minimal supervision
  

Preferred Qualifications:

• Knowledge and understanding of technology operations/processes, as well as experience with evaluating technology-related risks and controls
• Experience in working with the NIST 800 Special Publication series and providing guidance for risk management and security control implementation, including 800-53 and others.
• Experience with one or more of the following technologies: Networking (including CISCO or Palo Alto); Operating Systems (including Windows Server, RedHat, or Linux); Cloud Services (including GCP, AWS, and Azure)
• Ability to apply a technical skill set to research and document industry knowledge and best practices with established or newly released applicable security controls
• Written and verbal communication skills: articulate and effective communicator and presenter, able to describe complex problems in both technical and business terms
• Demonstrated experience learning new technologies
• Experience with an Agile methodology
• Knowledge of ServiceNow and Archer

If this is a role that interests you and you'd like to learn more, click apply now and a recruiter will be in touch with you to discuss this great opportunity. We look forward to speaking with you!

About ManpowerGroup, Parent Company of:Manpower, Experis, Talent Solutions, and Jefferson Wells

ManpowerGroup® (NYSE: MAN), the leading global workforce solutions company, helps organizations transform in a fast-changing world of work by sourcing, assessing, developing, and managing the talent that enables them to win. We develop innovative solutions for hundreds of thousands of organizations every year, providing them with skilled talent while finding meaningful, sustainable employment for millions of people across a wide range of industries and skills. Our expert family of brands - Manpower, Experis, Talent Solutions, and Jefferson Wells - creates substantial value for candidates and clients across more than 75 countries and territories and has done so for over 70 years. We are recognized consistently for our diversity - as a best place to work for Women, Inclusion, Equality and Disability and in 2022 ManpowerGroup was named one of the World's Most Ethical Companies for the 13th year - all confirming our position as the brand of choice for in-demand talent.