Lead Red Teamer/Pen Tester

Company: Hays Recruitment
Location: Raleigh
Posted on: March 18, 2023

Job Description:

The end client is unable to sponsor or transfer visas for this position; all parties authorized to work in the US without sponsorship are encouraged to apply.

An American Company is seeking a Lead Red Teamer/Pen Tester in Raleigh, NC.

Roles & Responsibilities
---A successful candidate needs to be highly collaborative in nature, ability to build strong partnerships and leverage relationships to help further mature security and data privacy, while keeping an eye on emerging risks and threats.

In this role, you will...
---The Sr. IT Audit Manager position is responsible for performing Cyber, Privacy and Infrastructure Security and Controls review audits throughout the organization globally. This role will perform reviews against known Security Frameworks (such as NIST, ISO 27000 series, GDPR, etc.) across all 5 main stages in the security lifecycle, i.e. Identify, Protect, Detect, Respond and Recover. This role will also perform Data Privacy reviews against various Privacy Standards (e.g. GDPR, CCPA, China Cybersecurity/CPCS, etc.)
---This role will also be instrumental to identify vulnerabilities and gaps and make IT, R&D and the business aware of risks and issues identified to strengthen the overall security posture of the organization.
---Review Security policies, standards and technical controls related to infrastructure, application, database, cloud, network devices (Firewalls, routers, switches, wireless access points) and participate in various security improvement/ optimization initiatives.]
---Be a 'Trusted Advisor' on Cybersecurity, Data Privacy and Infrastructure to the organization (e.g. IT, R&D, Security, Operations, etc.) and feedback/inputs frequently sought on these topics
---Continuously act as a Cybersecurity and Data Privacy Advocate within the organization, constantly helping to raise awareness, educate groups of risks and being proactive to help company protect against new threats
---Responsible for Privacy audits and data privacy compliance work performed by Internal Audit (IA)
---Support IT infrastructure and technology teams with multi-year Digital Transformation initiative, in a consultative and audit role to support this important strategic initiative. This could include areas such as Infrastructure, Security, Privacy, Identity & Access Management (IAM), Multi Factor Authentication (MFA), etc.
---Lead or participate in Cyber risk, Privacy and Intellectual Property (IP) Protection forums, participate in our Security Council meetings within company, with linkage to our Enterprise Risk Management (ERM) program
---Identify new Cybersecurity threats, risks and issues by performing hands-on reviews (e.g. pen tests) and making management aware to remediate these issues.
---Provided support to our Digital Transformation initiative and audit and advise on technology risk related matters, e.g. customer experience, technology changes, Identity & Access Management (IAM), Data storage and privacy, etc.
---Assist IA or Security team with Investigations related to Cybersecurity, Data Privacy or Infrastructure as necessary to identify root causes and provide suggestions on next steps and remediations required
---The Sr. IT Audit Manager will perform hands-on security reviews, network and infrastructure penetration testing (external and internal) based on approval from company and according to our audit plan to provide best practice advice and recommendations.
---The Sr. IT Audit Manager, Security & Privacy will perform reviews and provide advice of all aspects related to Security, including but not limited to: Policies, Standards, Technical Controls, Security Governance, Vulnerability Management, Identity and Access Management, Risk Assessment, Data Security, Alerts & Monitoring, Incident Response Management.

Skills & Requirements
---Bachelor's degree in computer science, information systems business administration or related discipline is require
---10-12+ years of relevant experience, i.e. Information System Audit and hands-on Information Security and Data privacy experience, including Cybersecurity incident response, SIEM, disaster recovery and business continuity management, identity and access management, information privacy, security operations center management and security architecture, with progressive responsibility
---Public Accounting Big 4 Audit experience highly desired
---CISSP, CISM certification required
---Other certifications preferred: (e.g., CISA, CPP, CRISC, CEH, AWS, Azure)
---Data privacy qualifications preferred (e.g. CIPM, CIPP, CDPSE)
---Strong knowledge & prior experience with PCI compliance
---Prior experience in managing and auditing Cloud security and Third Parties
---Deep hands-on technical infrastructure and security experience, including but not limited to: Security Penetration Testing, Cloud systems, Oracle and SQL databases, Linux, UNIX, Windows operating systems, TCP/IP networks, Firewalls, Routers, Switches, VPN, Wireless networks, etc.
---Deep working knowledge with Privacy standards globally including GDPR, HIPAA, China Cybersecurity laws, etc.
---Experience with Security and Privacy reviews and standards, e.g. designing and implementing programs to secure and maintain systems consistent with principles embodied in ISO, SOX, NIST, SSAE, HIPAA, PCI, FedRAMP, FISMA, GovCloud, FIPS, and comparable US and international standards and frameworks
---Knowledgeable of data interrogation tools (e.g. IDEA, ACL) or SQL
---Excellent interpersonal, written and verbal communication skills, i.e. effective presentations to all levels of management up to and including Board and C-levels.
---Ability to manage multiple tasks concurrently with limited supervision
---Ability to effectively engage and communicate as directed with a variety of audiences both technical and non-technical staff.
---Must be able to explain complex systems and technical topics to others who may have minimal technical knowledge using oral, written and visual presentations
---Strong analytical skills. Ability to process and analyze information and develop related action plan
---Excellent MS Office skills, including Excel and Visio

Why Hays?

You will be working with a professional recruiter who has intimate knowledge of the industry and market trends. Your Hays recruiter will lead you through a thorough screening process in order to understand your skills, experience, needs, and drivers. You will also get support on resume writing, interview tips, and career planning, so when there's a position you really want, you're fully prepared to get it.

Nervous about an upcoming interview? Unsure how to write a new resume?

Visit the Hays Career Advice section to learn top tips to help you stand out from the crowd when job hunting.

Hays is an Equal Opportunity Employer including disability/veteran.

In accordance with applicable federal and state law protecting qualified individuals with known disabilities, Hays U.S. Corporation will attempt to reasonably accommodate those individuals unless doing so would create an undue hardship on the company. Any qualified applicant or consultant with a disability who requires an accommodation in order to perform the essential functions of the job should call or text 813.336.5570

Drug testing may be required; please contact a recruiter for more information. #1148417

Keywords: Hays Recruitment, Raleigh , Lead Red Teamer/Pen Tester, Other , Raleigh, North Carolina