MATRIX Resources is now “Motion Recruitment” and proud to combine job boards to bring the talent community even more expansive market opportunities.

Information Security Risk Specialist- 1 day on site Herndon, VA

Arlington, Virginia

Hybrid

Full Time

$120k - $150k

Information Security Risk Specialist

This company is seeking a Security and Compliance Specialist to join their expanding software team at their software development center. In this position, you'll concentrate on guaranteeing their adherence to industry-standard security frameworks (such as IEC 62443, SOC 2, NERC CIP/NIST-800, ISO 27001) while also providing guidance to their development team on security matters.

The company is located in Herndon, VA and the candidate will need to come on site 1 day a week.

What You Will Be Doing:
• Lead the cybersecurity compliance and documentation initiatives pertaining to their Operational Technology (OT) products for power plants.
• Serve as the subject matter expert (SME) for all aspects of security compliance, including adherence to IEC 62443 & SOC 2 standards.
• Provide recommendations on tools, whether self-hosted or SaaS-based, to facilitate compliance management and assist in monitoring their findings, enhancing cybersecurity posture.
• Collaborate closely with technical teams across the Energy Storage & Optimization organization to support compliance-related projects.
• Conduct internal audits, evaluate compliance discrepancies, and devise remediation strategies to rectify shortcomings.
• Collaborate with global sales teams to analyze and address regional cybersecurity standards, documenting how their products align with them.
• Formulate security policies, standards, and guidelines for software development and operations teams to adhere to regarding security compliance.
• Stay abreast of evolving cyber security requirements and assist in ensuring the adherence to them.
• Assist in refining the Software Development Lifecycle to ensure ongoing security compliance.
Required Skills & Experience:
• Proven track record in implementing, auditing, or maintaining compliance with industry-standard frameworks. A minimum of five years of practical experience in cybersecurity, information security, or compliance roles is highly preferred.
• Comprehensive understanding and experience with computer software and hardware, spanning both on-premises and cloud environments.
• Demonstrated expertise in risk assessment, management, and mitigation strategies, with a focus on identifying and addressing potential security threats and vulnerabilities.
• Meticulous attention to detail in documenting and tracking the company's adherence to customer cybersecurity requirements, particularly in OT environments.
• Proficiency across various technical domains, including network security, application security, encryption technologies, identity and access management, and security incident response.
• Ability to thrive in a fast-paced, dynamic, and highly technical environment.
• Eagerness to stay abreast of the latest trends, technologies, and best practices as the field of cybersecurity continues to evolve.

Desired Skills & Experience:
• A bachelor's degree in computer science, information technology, cyber security, a related field, or equivalent combination of education & experience.
• Advanced degrees or certifications such as CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) are beneficial.

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn’t provide sponsorship.

Posted by: Ashton Corbett

Specialization: Cloud Security