Title: Information Risk Security Specialist
Location: Seattle, WA
Duration: 6 to 9 Months + Contract to Hire
Position Purpose:
Seeking an experienced, detail-orientated, and motivated Information Risk Security Specialist to monitor and oversee the Information Security program and activities of Avanade, protecting the confidentiality, integrity, availability, and accountability of Avanade’s assets.
Key Responsibilities:
Assisting in maintaining the security and health status of Avanade’s systems by supporting the following tasks:
Establishes and maintains the annual Information Security Risk Assessment for the entity
Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards
Identify and evaluate complex technology risks, internal controls which mitigate risks and related opportunities for internal control improvement
Understand complex business and information technology management processes
Facilitate the use of technology-based security testing tools or methodologies, synthesize results and make recommendations for technical remediation
Understand the fundamentals of risk management and using the organization’s risk management framework to risk rate issues and vulnerabilities and effectively negotiate risk levels and response and complete the required information security
Skills/Knowledge:
Strong Knowledge of Microsoft Technologies
Strong Knowledge of Cloud Technologies i.e. IaaS, SaaS, PaaS, Public, Private, Hybrid
Collaboration: Leverage others (people, group, services) to achieve maximum results. Use collaboration tools effectively to support the process
Ability to work with teams both on shore and off shore, using remote collaboration technologies
Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
Experience in full project life cycle and application development desired
5 or more years in system security, controls or information management experience
Familiar with security industry standards (ISO 17799, ISO 27001/2, ISO 31000, NIST 800 series, etc.)
Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
Familiar with regulatory (GLBA, SOX) and standards-body based requirements (ex: PCI) for protecting information
Implements security improvements by assessing current situation, evaluating trends and anticipating requirements
Highly motivated and organized with excellent time management and problem solving skills
Demonstrated ability to write business and technical reports and participate in presentations
Influencing experience at senior levels within an organization
Excellent verbal and written communication skills
Proficiency in spreadsheet and word processing applications
Industry experiences in high-tech preferred
Minimum years of experience (or attach Job Description)
A minimum of five years of experience in Information Security with SANS and/or CISSP accreditation
Bachelor's degree in Information Technology or Business Administration or a related discipline, or equivalent work experience