Primary Objective of Position
Serves as the company’s primary security officer. Leads the cross-functional company security program responsible for ensuring that the company’s information resources are secure from unauthorized access, protected from inappropriate alteration, physically secure, and available to users in a timely fashion. This position serves as an internal information security consultant and assists in designing, implementing, supporting, and maintaining policies and security solutions in both corporate and cloud-hosted environments.
Major Areas of Accountability
- Responsible for company information security, including security planning, monitoring and enforcement. Leads Controltec’s security council.
- Participates in IT, information security risk and compliance assessments, audits, gap analyses, and remediation.
- Actively works with the Development and IT departments to define security criteria and execute the advancement of Controltec’s information security program internally and for the clients it supports.
- Conducts and evaluates vulnerability assessments of corporate and customer-hosted assets both internally and with the assistance of consultants.
- Provides support with third-party security risk assessments and audits.
- Communicates with program stakeholders to effectively convey requirements and risks of technical and process improvements.
- Develops customized policies, procedures, controls, and technical security documentation for applications, systems, and infrastructure.
- Manages a suite of monitoring tools.
- Leads incident response activities.
- Performs workforce awareness trainings both live and automated.
- Ensures security is part of the SDLC process; proactively reviews new components, APIs, and applications for security vulnerabilities before deployment to publicly accessible environments.
- Conducts a yearly security architecture review of Controltec’s applications.
- Assists in proposal writing by creating, augmenting, and supplementing existing documentation.
- Defines, documents, analyzes, traces, prioritizes, and confirms requirements throughout the duration of customer contracts.
- Conducts vendor assessments both during onboarding and on a yearly basis in conjunction with the Vice President of Operations.
- Performs additional duties and projects as assigned by management.
- Organized, detail-oriented team player with the ability to prioritize daily work and support multiple initiatives simultaneously.
- Strong communication and customer focus are required.
- Knowledge of ISO 27001, HIPAA, SOC2, NIST 800-53, FedRAMP Moderate, PCI, IRS Publication 1075.
- Advanced knowledge of security architecture, infrastructure, network and systems design.
- Knowledge of common IT and security concepts including firewall management, server management, access control, web application security, cloud security and authentication.
- Experience working with and securing multiple operating systems (Windows, Linux, MacOS, Android, iOS)
- Experience in policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans.
- Connects easily with clients and colleagues to communicate effectively across business and technical boundaries.
- Works independently without detailed guidance.
- Proficient in writing executive-level reports and technical documentation.
- Experience performing static code analysis.
- Travel as required.
- All employees must be vaccinated for COVID-19.
Education and Experience
- BS/BA degree in Computer Science or related discipline or equivalent experience in information security governance and/or related functions (such as IT audit and IT Risk Management).
- Minimum six years of experience in the Information Security field.
- CISM, CRISC, CISSP, or similar security certification desired.
- US Citizen with Passport.
- Valid driver’s license.
- No criminal record and no bankruptcies or other negative reports on credit report.
- Ability to pass a background check.
Controltec (www.controltec.com) provides subsidy management solutions for childcare providers and agencies throughout the United States. Built and supported by industry experts, all of Controltec’s innovative software solutions share a single goal: allowing users to work smarter and more cost-effectively. Implementation of the Company’s systems enables social service agencies and childcare providers to manage cases more efficiently, reduce clerical errors, remove worker frustration, and reduce fraud.
If you are interested in joining the Controltec family, please send your resume to Lynn Sanger, email@example.com.