Lead IT Security Engineer / Manager

This is a direct to permanent employment role at one of our clients in Downtown Chicago. Reporting directly to the CISO

People interested in these titles should apply:

• Lead IT Security Strategist
• Lead IT Security Engineer
• Senior IT Security Engineer- Team Lead
• IT Security Manager

Location: on Wabash avenue in Chicago. A beautiful location next to the river. 3 days a week onsite. flexible days

Estimated Salary: $150,000-$160,000 + 9% bonus (negotiable)

Overview:

This role will serve as the primary backup for CISO. This individual will be groomed for movement into a CISO role at some point.

This role will provide subject matter expertise on the research, design, implementation, and operation of technical and process security controls. Develops strong relationships across the IT department and with business unit teams; serves as a trusted advisor to assess security risk in technology selection with an appropriate balance that supports business outcomes. Responsibilities include data security, collaboration with the security operations team, and maintaining the broad suite of information security infrastructure, and all associated contracting, policy, and regulatory compliance implications. Keeping abreast of current threat activities and trends through active participation within governmental and industry-leading organizations to research, prepare, and maintain strategic roadmaps incorporated into the Information Security Program. Lead or assist with security incidents and compliance investigations and produce timely and clear reporting to both technical and senior business leader audiences.

This is not day to day security ticket management.

Essential Functions/Responsibilities:

System/Network/Application Security 40%

• Research, design, evaluate, and test the security of applications, systems, and networks to ensure the operational effectiveness of technical controls implemented by the organization; purpose-built security tools such as data loss prevention, logging and event management, enterprise encryption systems and also security controls embedded in enterprise systems and applications such as authentication and access controls
• Responsible for the effective use of cybersecurity systems including enhancements, upgrades, and lifecycle management through relationships with product and service vendors
• Ensure the technical integration of security components within the company to optimize the value and control benefits including ease of use, effectiveness, and breadth of coverage

Technology Risk Management 25%

• Assess technical risks in the company both pre and post-production through the Software Development Lifecycle (SDLC) and Change & Release Management Boards; communicate identified risks and recommend solutions
• Manage the research, appropriate response, and remediation of malicious and inappropriate activity; ensure consistency of the risk assessment approach across the organization
• Support policy updates; research and recommend changes to maintain strong security posture relative to enterprise architecture standards, cloud strategy, and AI implementations

Service Delivery 25%

• Manage continuous process improvement to identify technical or process enhancements in the delivery of IT Security services to increase service quality
• Prioritize improvements on a cost/benefit basis, communicating opportunities to management.
• Serve as backup and/or escalation point in the fulfillment of IT Security service requests

Project Management 10%

• Manage IT Security-led projects following applicable project governance processes, including Software Development Life Cycle; ensure successful project outcomes, such as completing projects within time and budget tolerances
• Support new software, data, and service provider product and contract reviews

Candidate Profile:

1. Minimum 10+ years engineering/design experience with a mix of the following security platforms is required: network and application-layer firewalls and secure network design; infrastructure and application-layer vulnerability management, security information and event management (SIEM); Security, Orchestration, Automation and Response (SOAR), data loss prevention (DLP); enterprise encryption solutions for database, file systems and data in motion; Internet/Web Gateway; end point security controls (such as anti-virus, anti-malware XDR, host-based firewall, and full disk encryption solutions); and intrusion detection and prevention systems. Knowledge of Attack and Penetration methodologies, tools, and techniques
2. Minimum 5 years conducting infrastructure and application project design reviews Engineering/design experience with a mix of infrastructure technologies
3. Working knowledge of security scanning and analyzing tools; Commercial Application and Infrastructure/Operating System and Opensource Vulnerability scanning/management, etc.
4. Security within a Microsoft environment is required
5. Palo Alto experience is highly preferred but not required.
6. Polished verbal and written communication, interpersonal, analytical, and organizational skills, attention to detail, and a high level of integrity are required
7. Strong business acumen. Ability to understand the organization's various business functions and their objectives
8. Professional IT Security and IT Audit certifications such as CISSP, CISM, CEH, CISA, and/or technical certifications preferred
9. Experience with IT security standards, such as CIS Top 20, ISO 27001, NIST CSF, NIST 800-53, HITRUST, MITRE, OWASP, CWE/SANS Top 25 Programming Errors, and attestation reports such as SOC 1/2/3 and technology risk management methodologies, such as NIST 800-30 preferred.