Summary

Responsible for supporting cybersecurity initiatives and business processes. Provides support for cybersecurity certification and compliance efforts (ISO, SOC 2, Sox, etc.), cyber and privacy awareness training program initiatives, Helpdesk and general IT security related functions including but not limited to training, project team compliance coordination, policy review and enforcement. Excellent organizational, analytical, communication and documentation skills are required.

Job Description

Essential Functions

• Monitor helpline and reporting channels, applying standard operating procedures to determine next steps.
• Assist in the development, maintenance and execution of tools and processes to streamline and automate activities.
• Analyze processes and provide recommendations to improve efficiency.
• Develop and deliver materials for the enterprise Information Security awareness, communication, and education programs.
• Provide excellent customer service in support of program activities.
• Develop and maintain an ongoing relationship with control owners and key stakeholders including Information Security, IT, business lines, Internal Audit, and external third parties.
• Coordinate and facilitate with various groups to achieve end goals timely.
• Assist with the maintenance and update of program documents.
• Perform ongoing education and training in Information Security related areas.
• Compile results into reports or analytical products as required.
• Prepare metrics and analytics to support key functions.
• Coordinating ISMS activities with project team.
• Ensuring compliance to privacy regulations and contractual stipulations.
  

Job Complexities

• Tasks will vary from structured (answering helpline/data analysis) to creative (maturing training and awareness initiatives)
• Ability to correlate data from logs or activities to enable quantitative analysis and metrics
• Tasks can require originality and ingenuity to evaluate risks and determine appropriate and cost-effective controls to mitigate risk
• Attention to detail is a key success factor (accuracy outweighs speed)
• Participates in brain-storming discussions and does act in an advisory capacity
• Focus of interaction is with IT personnel including control owners and key stakeholders

Knowledge and Skills/Technology Used

• Knowledge of and familiarity with IT and Information Security control standards and frameworks (NIST, ISO27001, SSAE16/SOC1/SOC2, etc.)
• Proficient in Microsoft Word, Excel, and PowerPoint
• Team player with positive energy and strong customer service skills
• Ability to work independently and demonstrate initiative
• Ability to effectively manage multiple tasks
• Ability to work effectively with internal and external (clients, partners, etc.) at all levels
  

Typical Education

• Bachelor’s Degree or equivalent experience

Typical Range of Experience

• College graduate or a minimum of 2 years relevant work experience in Information Security, IT Risk Management, IT Governance, IT Audit, or Insider Threat

License or Certification

• Relevant, industry recognized security certification such as Security +, CISA, CISM (optional)

EEO Non-Discrimination and ADA Reasonable Accommodation Statement:
Applicants are considered for all positions without regard to race, religious creed, color, age marital status, sex, sexual orientation, gender identity, gender expression, citizenship status, national origin, ancestry, religion, military service or veteran status, disability, medical condition, childbirth and related medical conditions, genetic testing, reproductive status or any other classification protected by federal, state or local laws and ordinances. Willdan does not discriminate on the basis of physical or mental disability where the essential functions of the job can be reasonably accommodated. Determinations on requests for reasonable accommodation will be made on a case-by-case basis. If you need reasonable accommodation for any part of the application and hiring process, please notify us.

Willdan Group, Inc. participates in E-Verify.