Strategy & Planning:
- Develop, implement, and monitor a comprehensive security program and policies focused on ensuring the availability, confidentiality, and integrity of owned information that is controlled or processed
- Design and implement an effective corporate-wide security awareness training program
- Act as Point of Contact by engaging in ongoing communications with peers, senior IT management as well as
the various business groups to ensure enterprise wide understanding of security goals
IT Operation Management:
- Procuring and managing IT inventory (quoting, receiving goods, software management/license compliance, etc.) and update documentation
- Managing and monitoring all end-user devices via MDM (i.e. Moysle, Maraki, Jamf or similar) and ensuring all devices are kept up to date
- Owning and managing a suite of SaaS tools such as OneLogin, GSuite, MS Office, Slack, RingCentral and more as well as integrate new SaaS tools
Application Security:
- Own Security in SDLC, Security Reviews, Vulnerability Scans, Code Analysis
- Build and drive security roadmap items
- Organize application Pen Testing and remediation process
- Respond to Security questionnaires
Application Security:
- Own Security in SDLC, Security Reviews, Vulnerability Scans, Code Analysis
- Build and drive security roadmap items
- Organize application Pen Testing and remediation process
- Respond to Security questionnaire
- Create and maintain a Risk Register and conduct Risk Assessments
- Lead certification efforts and audits around ISO, SOC etc.
- Maintain agreements and inventory of sub-processors (location, business purpose, data shared with, etc.)