Job Description:

SUMMARY

Reporting to the VP, IT Risk Management, you will be responsible for the FGF Brands Group in assessing, designing, and guiding the implementation of network, software and computer security structures and identify opportunities for process and continuous improvement while optimizing the security apparatus.
The successful candidate will develop a complete understanding of the organization’s systems, networks, risk appetite, maintaining key relationships within the IT Organization, and develop robust security practices to ensure the journey of the organization towards frameworks such as CIS and NIST frameworks.

EXPERIENCE:

• 8-10+ years in IT, with at least 3-5 years focused on cybersecurity.
• Hands-on experience designing secure systems, networks, or applications
• Exposure to Zero Trust Architecture, cloud security, DevSecOps, and IT risk management

EDUCATION AND PROFESSIONAL CERTIFICATIONS:

• Bachelor’s degree in computer science, Information Security, Engineering, or a related field.
• Master’s degree (optional but advantageous) in Cybersecurity, Information Systems, or Technology Management.
• SABSA or TOGAF; CISSP, CISM, and/or GIAC Enterprise Security Architect (GSEA) or Security Essentials (GIAC)
• Azure Security Engineer Associate

Technical Skills:

• Network security, encryption, identity & access management (IAM).
• Secure SDLC, threat modeling, security frameworks (NIST, ISO 27001, MITRE ATT&CK)
• Cloud security (AWS, Azure, GCP)
• Tools: SIEMs, firewalls, VPNs, EDR/XDR, container security, Identity and Accesss Management (IAM)
• Zero Trust architecture
• Risk Assessment & Threat Modeling
• Secure SDL

• Collaborate with VP, IT Risk Management to establish an effective cyber security risk management program.
• Plan, research, and develop robust security architectures for systems and networks and define security assurance requirements based on industry standards and cyber security policies and practices
• Define and review technology and information systems, and ensure security requirements are met often crossing multiple technology domains
• Recognize appropriate disaster recovery plans and business continuity functions, including any failover or backup requirements for system restoration
• Research current and emerging technologies to understand capabilities of required networks or systems
• Supervise vulnerability testing, conduct risk analyses and security assessments and provide remediation guidance.
• Ensure the acquired or developed systems and architectures are consistent with FGF Groups’ cyber security policies and practices
• Perform security reviews and identify gaps or determine the capability of security architectures, integrations and designs (e.g. firewall, virtual private networks, routers, servers, etc.), and develop a security risk management plan
• Conduct User or Departmental training camps/seminars/presentations to disseminate pertinent security information/training when a cyber security situation demands
• Document and address FGF’s information security, cyber security architecture, and systems security engineering requirements throughout a system life cycle
• Prepare technical reports that document the architecture development process
• Advise the leader on security requirements and risk management process activities
• Support incident management and post-analysis advising on recovery operations
• Develop, deliver, and oversee related cyber security training material and educational efforts related to role
• Ensure compliance with the changing laws and applicable regulations
• Other tasks as assigned within the scope of security and controls

Requirements of the Role:

• Technical expertise with ability to execute projects in a fast-paced environment.
• Ability to collaborate with various teams, especially IT Infrastructure team and liaise with various business departments.
• Outside the box thinking skills to ensure security in spite of various restrictions and limitations
• Articulate technical scenarios with senior leaders in a manner to gain trust and acceptance
• Attention to detail

Technical Skills:

• Network security, encryption, identity & access management (IAM).
• Secure SDLC, threat modeling, security frameworks (NIST, ISO 27001, MITRE ATT&CK)
• Cloud security (AWS, Azure, GCP)
• Tools: SIEMs, firewalls, VPNs, EDR/XDR, container security, Identity and Accesss Management (IAM)
• Zero Trust architecture
• Risk Assessment & Threat Modeling
• Secure SDLC