Information Security Specialist

Job Description Role: Information Security - Lead/Sr. Lead/ Associate ManagerDepartment: Information SecurityExperience: 7-9 YearsRoles & Responsibilities:as the primary point of contact for client security-related issues, escalating and resolving technical client escalation issues.as the Client Assurance Subject Matter Expert (CA SME) in collaboration with the Service Management (SM) team.in and host client meetings to review deliverables, discuss requests, and provide high-level security expertise and support on existing controls and frameworks.with client management aspects, including questionnaires, timely response to client queries, and concerns.technical client escalation issues before reaching the Director CA, documenting and mitigating future escalations.technical support during the entire audit process, including following up on audit findings for remediation.collect, document, and store evidence needed for client audits.SMEs from different business units through quarterly meetings.client security control requirements to the SM team through regular training sessions.engage SMEs to update the evidence library with new information.FAQs for all business units annually and update with the latest information.and maintain customer-facing Security overview presentations.new vulnerabilities from external sources, internal penetration tests, or client notifications.the impact of vulnerabilities and generate initial communications for clients.real-time vulnerability calls for urgent issues and follow up on remediation progress.and respond to technical issues raised by the RFP team.SharePoint folders for easy access to information and evidence.Jira updates and maintain accuracy in the CA confluence space.and update the Client Assurance Standard Operating Procedure after consulting with the team.SME support for client audits in collaboration with the CA Service Management team.teams on security controls and processes monthly, storing sessions in an easily accessible location.the Service Management team on updates and new developments in the security space.training opportunities from SMEs for the team to learn different security controls.the annual review with Compliance of company-wide Security information presentations.client-facing teams in sales meetings and client communications requiring security specialist support.with urgency for fast turnaround in competitive situations.in SOC operations threat tracking.in incident management, change control meetings, and cloud migration initiatives.Requirements:to prioritize tasks, make quick decisions, and a strong understanding of security controls and governance.degree in computer science, Engineering, Information Systems, Business, or other Information security disciplines OR 7+ years of relevant professional experience in Information Security or IT Risk Management.relevant information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) and GRC tools.of legal and regulatory compliance standards and requirements against data and IT, including, CIS, FERPA, Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST, and COBIT.the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization; Excellent interpersonal, verbal, and written communication, including good presentation skills.multi-task, communicate clearly, learn new technologies and processes, and provide support to process/solution owners.drive projects focused on continuous improvement and efficiencies in the organization. Is someone who takes initiative and doesn't require continuous monitoring.to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.to understand technology, management, and leadership issues related to organization processes and problem-solving.of new and emerging information technology (IT) and cybersecurity technologies.of information security program management and project management principles and techniques.of products that protect systems, such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring, and logging mechanisms, etc. PRB