Assist the Cyber Governance Manager (“Manager”) with the execution of NIST Cybersecurity framework for risk management through the identification, assessment, maturity measurement, monitoring and management of cyber risk across Securus and the subsidiaries. The role is responsible for the Cybersecurity program governance activities including security requirements management, risk assessments, training and awareness, policy and standards management, and KPI/metrics reporting.
- Be a champion for the CyberSTARR (Cyber Security Technology Assessment Risk Reduction) program.
- Design cybersecurity requirements for adoption by the EPMO during planning, functional, technical requirement phase, user story creation, grooming, and design
- Lead and assist Business and IT team with designing the environment to conform to the Securus Cybersecurity NIST CSF.
- Conduct information systems, process, and vendor risk assessments using the NIST CSF
- Conduct the 2nd line of defense security assessment, identify trends, and generate executive level and actionable reports on findings.
- Lead efforts in identifying, managing, configuring, and monitoring vulnerability/penetration assessments tests and Plan of Action & Milestones
- Implement key performance and metrics across the Cybersecurity program.
- Promote and facilitate cyber risk, security awareness, phishing campaigns, security newsletters publications, and training programs.
- Work with the Sales Team to analyze security questionnaires and provide a timely response to all RFPs.
- Manage vendor relationships and maintain an IT Vendor Management Office by ensuring core security requirements and thresholds are baked in all contracts.
- Conducts periodic security reviews and monitoring of vendors and outsourced activities to ensure contractual commitments are met consistently.
- Create a detailed Security assessments/characterizations playbook for all technology acquisition. Provide security advice to all teams engaged in the integration.
- Serve as primary liaison between Cybersecurity team and Business Stakeholders
- Work closely with leaders across functional areas to ensure security standards, policies, and procedures are deeply embedded and understood.
Knowledge, Skills, and Abilities:
- Occasional travel to subsidiary offices across North America may be required.
- Prioritize work activities and use time efficiently, work with urgent deadlines.
- Flexibility and adaptability in work approach
- Excellent influencing and problem resolution skills
- Must have very strong organizational skills.
- Excellent communications skills with the ability to express technical concepts effectively, both verbal and in written form
- Advanced Microsoft Office skills – PowerPoint, Excel, Outlook, and Word.
- Strong subject matter expertise in risk management, governance, risk and Compliance (GRC)
- Excellent problem solving, analytical, critical thinking, decision-making, communication, organization, task and time management skills.
- Ability to manage multiple, concurrent projects.
- Prioritize tasks, work independently, and meet deadlines with minimal supervision
- Proficient with Microsoft Office Suite
- Knowledge and experience with various standards (NIST CsF, PCI-DSS, SOX, FISMA, HIPAA etc.)
- Experience with risk-centric standards/frameworks
- Working knowledge of network infrastructure and security monitoring tools.
- 7+ years’ experience in Information Technology; 7+ in an Information Security role.
- Information Security certification required. Security certifications may include, but not be limited to CISSP, CISA, CISM, GSEC, Security+, and CEH.
- Experience with threat assessment, vulnerability analysis, risk assessment, information gathering, correlating and reporting
- 9+ years’ experience in Information Technology; 9+ in an Information Security role.
- Experience / Certification in project management.
- Industry standard Information Security Management Certification; i.e. CISSP, CISM
Standing, sitting, walking, speaking, listening, bending, reaching, pushing, pulling, lifting, grasping and manipulating tools, typing, using peripheral computer tools. May be required to lift up to 25 pounds. The Company’s policy is to provide equal employment opportunity to all individuals in all of its employment programs and decisions. Securus Technologies, Inc., and its Subsidiaries will not discriminate against any associate or qualified job applicant with respect to any terms, privileges, or conditions of employment because of that person’s race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic or status protected under local, state or federal law, ordinance or regulation.