REQUIREMENTS:

• A bachelor’s degree in information security, Computer Information Systems, or related field, and at least 4 years of experience in Information Security.
• Relevant Information Security certifications are preferred.
• If no degree, at least 5-7 years of experience in Information Security.
• Experience with GRC tools, process automation, security metrics, and policy management.
• Excellent verbal and written communication skills. Able to communicate persuasively and influence others.
• Strong attention to detail, analytical, and statistical skills.
• Ability to work independently and collaboratively in a fast-paced environment.
• Demonstrate professional skepticism to ensure sufficient evidence when assessing the relevant information security controls.
• Demonstrate an understanding of business processes, internal risk management strategies, IT controls, and how they interact.

The well-being of WWT employees is essential. So, when it comes to our benefits package, WWT has one of the best. We offer the following benefits to all full-time employees:

• Health and Wellbeing: Health, Dental, and Vision Care, Onsite Health Centers, Employee Assistance Program, Wellness program
• Financial Benefits: Competitive pay, Profit Sharing, 401k Plan with Company Matching, Life and Disability Insurance, Tuition Reimbursement
• Paid Time Off: PTO & Holidays, Parental Leave, Sick Leave, Military Leave, Bereavement
• Additional Perks: Nursing Mothers Benefits, Voluntary Legal, Pet Insurance, Employee Discount Program

Preferred locations: MO, FL, NC, TX, AZ, IL, MA, VA, AL, LA, GA, MN, OH, MI, WI, IA, SC
Requirements:

WHAT WILL YOU BE DOING?

The Senior Security Engineer implements and enforces InfoSec policies, standards, and governance that align with industry best practices. This role also consistently conducts risk evaluations and implements mitigation approaches across WWT divisions, products, services, and customer-serving facilities, such as the WWT Integration Centers, Advanced Technology Center (ATC), and Managed Services. The aim is to fulfill organizational and customer needs regarding information protection and act as a senior technical expert liaising between InfoSec and various departments.

RESPONSIBILITIES:

• Research, design, and implement information security solutions for the organization’s systems and products in compliance with the organization’s applicable security policies and standards.
• Lead strategic security risk management projects, evaluate stakeholder requirements for services, identify security gaps, and collaborate with stakeholders to mitigate identified risks.
• Mentor and train security risk management engineers and analysts as directed.
• Provide senior-level security risk consulting to cross-teams and customers which includes secure configuration & hardening recommendations.
• Regularly perform risk assessments, both on-site and remotely, as defined by policies, standards, and industry best practices.
• Utilize risk management strategies across the organization; identify and evaluate internal and external risks, security controls that mitigate risks, and related opportunities for security control improvements.
• Establish and maintain security baselines for organizational assets, as defined by policies, standards, and industry best practices.
• Evaluate business processes and procedures for adherence to security policies and recommend remediation for gaps.
• Apply defense in-depth strategies to protect information assets and systems against attack vectors.
• Regularly evaluate information security baselines; recommend and implement relevant changes.
• Create, maintain, and review relevant risk management reports for compliance and auditing purposes; provide regular updates to management.
• Advise management on critical risks and threats that may affect the organization.
• Utilize technical and business knowledge to determine the business value and cost of a security control.
• Keep up-to-date on the latest security threats, laws, regulations, policies, and industry best practices.
• Consult with stakeholders regarding information system solutions that meet confidentiality, integrity, and availability requirements.
• In-depth knowledge of risk assessment methodologies.
• In-depth knowledge of information security best practices and frameworks, including (but not limited to) NIST Special Publications and Cyber Security Framework, CIS Controls, ISO/IEC 27000 series, and OWASP Top 10.
• General knowledge of laws and regulations related to information security and relevant to the organization, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
• In-depth knowledge in auditing and third-party risk assessment