Security Risk Specialist III

United States - Remote

Full Time Senior-level / Expert
Rackspace logo
Rackspace
As a cloud computing services pioneer, we deliver proven multicloud solutions across your apps, data, and security. Maximize the benefits of modern cloud.
Apply now Apply later

Overview:
Acts as an advocate in the development of overall information security programs globally
Creates and performs global IT Risk and Compliance assessments
Assists in the development and execution of information security, compliance, and risk best practices globally through audits, assessments, and policy-making
Little instruction on daily work, general instruction on new assignments
Fluency in both Spanish and English is required

You Will:

  • Uses best practices and knowledge of internal or external business issues to improve products or services
  • Acts as a resource for colleagues with less experience
  • Collaborates across the organization to execute and mature the Risk Assessment process, including developing all necessary charters, processes, methodologies, and reports.
  • Participates in cross-functional workgroups and planning meetings to promote ideal solutions that meet the objectives of both the business and the IT Risk, Compliance, and Information Security team
  • Adapts and creates processes as applicable, including changes in processes or reporting metrics
  • Executes as the conduit between internal control owners and external auditors, including kickoff meetings, interview requests, closing meetings, and evidence gathering
  • Executes internal customer audits which include scheduling, presentation of the Rackspace compliance portfolio, and overseeing the successful visit in conjunction with Account Managers
  • Responsible for adhering to company security policies and procedures as directed
  • Conducts annual audits for industry-specific reports, including ISO 27001, ISO 9001, ISO 14001, ISO 18001, IRAP-AUS, Cyber Essentials+, NHS-DSP, SOC1, SOC2, SOC3, PCI, HIPAA, HiTrust, CyberGRX, SIG, NIST 800-53, NIST CSF.
  • Conducts annual audits for industry-specific reports, including FEDRAMP, CDSA, DoD (applies to government team)
  • Promotes Cybersecurity Awareness and Education and supports key functions
  • Where ideal solutions cannot be found, identifies and reports enterprise-level risks and failures to management for escalation
  • Promotes sharing of expertise through consulting, presentation, and documentation
  • Assists in training other Information Security, IT Risk, and compliance staff
  • Communicates the value of IT Risk, Compliance, and Information Security within the organization
  • Continuously validates the organization against additional mandates, as developed, to ensure full compliance
  • Promotes sharing of expertise through consulting, presentation, and documentation
  • Coordinates cross-functionally to ensure a holistic approach to security and compliance across the organization
  • Evaluates, monitors, and ensures compliance with IT Risk and Information Security policies, standards, guidelines and relevant legal and regulatory requirements
  • Supports business partners where necessary in dealing with current and prospective clients
  • Develops appropriate data and analytics that deliver appropriate data to communicate risk at the executive level
  • Conducts IT Risk and Information Security due diligence activities relative to vendors and third parties
  • Conducts risk assessments and documents findings where the deviation from information security or IT Risk policy or standard is desired
  • Creates risk remediation plans with business owners and follows through in the implementation of changes
  • Documents findings where deviations exist through internal or external testing
  • Develops internal control testing and documented processes
  • Updates internal control matrices were necessary to support annual changing environments

You Have:

  • 5 years of related experience is required
  • Fluency in both Spanish and English is required
  • Practical information security experience in developing and maintaining secure architectures for large enterprises is preferred.
  • Mastery knowledge of IT General Computing ControlsStrong knowledge of IT General Computing Controls
  • Functional knowledge gained through an IT Risk Management, Governance, Risk and Compliance, Information Security, Data Privacy, Vendor Management, and/or Business Continuity Management role in a global organization, professional services/consulting firm, or within a related industry
  • Working knowledge of IT network security, Data Center operations, build pipeline, and cloud infrastructure security. Strong knowledge of application and system vulnerabilities and exposures
  • Knowledge of basic system, network, operating system hardening techniques, and SDLC Development methodologies
  • Excellent knowledge of Information Assurance (IA) principles and tenets (confidentiality, integrity, availability, authentication, non-repudiation)
  • Strong knowledge of network architecture concepts including topology, protocols, and components
  • Knowledge of network communication protocols and directory services
  • Knowledge of network security architecture and risks associated
  • Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems
  • Strong knowledge of security policies and practices, including ISO 27001, Payment Card Industry (PCI), NIST 800-53 and other application frameworks
  • Familiarity with Vulnerability Scanners and Robot Process Automation
  • Deep understanding of Cloud Computing technologies and migration challenges
  • Ability to implement security controls, SCTMs
  • Technology/software sales, consulting, or equivalent skills
  • Ability to architect/deploy/operate solutions built on Multi-Cloud Web Services
  • Ability to apply knowledge of vulnerability management, risk management assessment, and IA policy and procedures to develop, implement, and maintain a secure business environment
  • Excellent written and verbal communication skills
  • Excellent analytical skills to analyze and evaluate technical information
  • Advance knowledge of IT auditing concepts
  • Experience with customer success and/or account management
  • Strong knowledge of compliance programs, policy management, Archer, security risk management, vendor risk management, and security awareness and education
  • Proficiency with MS Word, MS Excel, MS PowerPoint and MS Visio

Education:

  • High school diploma or equivalent required
  • Bachelor’s degree in Computer Science, Computer Studies, Information Technology, Information Security or a related field

Certifications:

  • CISSP, CISM, CISA, CCSP, Security+, Project+, PMP, CRISC, CTPRP, CTPRA, ITIL, GRCP, CGEIT, CSX-P and/or other similar security-based and/or cloud certifications preferred
  • Current enrollment in the course is acceptable

About Rackspace TechnologyWe are the multicloud solutions experts. We combine our expertise with the world’s leading technologies — across applications, data and security — to deliver end-to-end solutions. We have a proven record of advising customers based on their business challenges, designing solutions that scale, building and managing those solutions, and optimizing returns into the future. Named a best place to work, year after year according to Fortune, Forbes and Glassdoor, we attract and develop world-class talent. Join us on our mission to embrace technology, empower customers and deliver the future.  More on Rackspace TechnologyThough we’re all different, Rackers thrive through our connection to a central goal: to be a valued member of a winning team on an inspiring mission. We bring our whole selves to work every day. And we embrace the notion that unique perspectives fuel innovation and enable us to best serve our customers and communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, color, disability, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know.  Position is available for remote work in the following states unless otherwise specified. Alabama, Arizona, Arkansas, California, Connecticut, Delaware, District of Columbia, Florida, Georgia, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, Wyoming.
Job perks/benefits: Team events
Job region(s): North America
Job stats:  0  0  0
  • Share this job via
  • or

Explore more Remote Work and WFH career opportunities