Job Description:
General Function / Summary:
The Principal Engineer, Information Security is responsible for building digital security protocols, operating a cyber security system and maintaining an IT security infrastructure for the CNG organization.
Essential Duties:
Develop, execute and track the performance of security measures to protect information and network infrastructure and computer systems.
Design computer security strategy and engineer comprehensive cybersecurity architecture.
Identify, define and document system security requirements and recommend solutions to management.
Configure, troubleshoot and maintain security infrastructure software and hardware.
Install software that monitors systems and networks for security breaches and intrusions.
Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation.
Manage third party IT Security vendor relationship.
Monitor systems for irregular behavior and set up preventive measures.
Educate and train associates on information system security best practices.
Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
Liaise with external agencies, such as regulatory examiners and other advisory bodies, to ensure the organization maintains a strong security posture.
Maintain subject matter expertise to assist with security department’s law enforcement contacts and advise on insurance coverage levels related to cybersecurity threats.
Partner with internal stakeholders to identify information asset owners and classify data and systems as part of the information security framework.
Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
Analyze information security hardware and software to ensure maximum performance and provide technical and managerial expertise for the administration of security tools.
Minimum Education and Experience Required:
Bachelor’s degree in Computer Science, MIS, or equivalent experience
7+ years of experience in IT operational roles
Proven experience developing, operating and maintaining security systems
Extensive knowledge of operating system and database security
Proficiency in networking technologies, network security and network monitoring solutions
Knowledge of security systems including anti-virus applications, content filtering, firewalls, authentication systems and intrusion detection and notification systems
3+ years’ experience with cloud environments such as monitoring and deploying security controls in Azure and AWS.
2+ Experience with CICD coding pipeline strategies and working closely with the cloud and application teams.
2+ experience with metrics reporting, monitoring and governance experience for cloud environments. Ability to detect and report on security gaps.
In-depth knowledge of security protocols and principles
Ability to handle multiple projects and tasks simultaneously and collaborate with all areas of the organization
Excellent written and verbal communication skills
Experience managing IT budget and vendors
Proficient in Microsoft Office programs
Ability and willingness to consistently live and embrace our core values of accountable, inclusive, transparent, and focused