Security Governance Engineer II
Location: Overland Park, KS
Responsible for developing and executing risk, compliance, and privacy programs and developing security policies, standards, and best practices. Responsible for the development and oversight of security requirements involved in new initiatives or the modification and ongoing support of existing objectives and initiatives. Responsible for performing security-based risk assessments of internal controls and processes, third party service providers, along with business and technology sponsored projects and initiatives. Includes working with stakeholders to develop contractual requirements, security assessments, and timely reporting of assessment results to management.
- Liaise between business, IT, and security teams to ensure the needs of each are understood by all.
- Develop policy and standards to support risk and compliance objectives.
- Perform security risk assessments on enterprise systems, applications, and projects.
- Collaborate on business and IT projects to ensure security requirements are addressed throughout the project life cycle.
- Coordinate and execute risk assessments on third parties.
- Coordinate and execute processes to ensure compliance with SOX IT controls, PCI, DoD CMMC, and CCPA.
- Maintain the information security risk register and any associated issues or findings.
- Report on the status of the program and provide supporting metrics.
- Coordinate and deliver security awareness tests and training.
- Leverage expert security and technology knowledge and understanding of information technology and security concepts and principles, as a means of relating business needs to security solutions.
- Actively coach level one engineers, providing feedback, as necessary.
- Assist with strategy/roadmap and identify and recommend new technology solutions to meet business needs.
- Minimum of three (3) years of IT security risk or compliance experience.
- Computer Science, Information Technology, or a related discipline from an accredited college.
- Intermediate knowledge and understanding of risk and compliance programs, practices, and frameworks, including Sarbanes-Oxley (SOX), PCI, NIST, and North American privacy laws.
- Strong conceptual knowledge of information technology and security controls.
- Knowledge of the fundamentals of project management, and experience with creating and managing project plans.
- Experience in developing, documenting, and maintaining security policies, processes, procedures, and standards.
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
- A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships.
- Demonstrated knowledge of information security discipline via relevant industry certifications such as CISA, CRISC, or equivalent certification.
- Experience with GRC platforms.
- Hands-on experience with security technologies, especially in identity and access management.