Neustar is an information services and technology company and a leader in identity resolution providing the data and technology that enables trusted connections between companies and people at the moments that matter most. More information is available at https://www.home.neustar.
R-3257 Principal Information Security Specialist (Open)
Principal Information Security Specialist
Neustar's Information Security Governance, Risk & Compliance (GRC) Team is responsible for driving enterprise wide GRC best practices and processes throughout the organization, while ensuring that leadership has needed information to make strategic decisions for enablement in achieving global business objectives.
The Principal Information Security Specialist will be responsible for driving Information Security GRC best practices and processes throughout the organization, balancing business priorities, information security risks, emerging threats, and ensuring the confidentiality, integrity and availability of the company's networks, systems and applications.
The key requirements for this role include:
Demonstrate a strong knowledge and understanding of Information Security with respect to Confidentiality, Integrity & Availability.
Collaborate with global leadership teams to author, build, develop, implement and manage Security Policies, Standards and Guidelines.
Participate and provide key inputs in the overall GRC Vision and Cyber Security Program Development.
Work on GRC projects associated with Cyber Security Frameworks and Security Controls.
Operationalize various GRC capability areas (e.g. Enterprise Security Risk Management, Compliance Management & Policy Management) using a state-of-the-art automated GRC platform.
Understand business requirements to help design and implement GRC practices across the CISO Organization.
Lead, Maintain and Monitor Neustar's control framework, an extensive baseline security subset of control activities applicable to Neustar's product/service offerings.
Function as a GRC ambassador to internal customers.
Strong understanding of national and international laws, regulations, policies and ethics related to cybersecurity.
Function as a Subject Matter Expert (SME) providing solution designs and technical consulting services to mature compliance posture for Neustar's internal policies as well as with all applicable regulatory requirements including SOC II, state/federal/international data privacy laws, and NIST/CIS guidelines.
Lead Vulnerability, Systems Security, Information Security Control Assessments (e.g. CIS, NIST, ISO 27001, FedRamp).
Solid understanding of Enterprise Risk Management (ERM) standards on how to identify, access, mitigate, monitor, test and report on risks and controls required by the Risk and Compliance teams.
Work with Enterprise Risk Management (ERM) team to understand expectations for managing cross-functional risks and dependencies.
Ensure appropriate treatment of risk, compliance and assurance from internal teams.
Function as a negotiator for appropriate remediation plans for identified issues while maintaining strong relationships internally and externally.
Conduct Security Assessments related to Security Program and Controls.
Partnering with Internal Risk and Compliance, Data Privacy and Governance, CIRT, Identity and Access Management (IDM), Risk Assessment (RA) Security Engineering and Product Engineering teams to monitor and ensure compliance to standards, policies and procedures.
Partnering with CISO Organization to monitor, identify security gaps, evaluate and develop programs to enhance operational efficiency and also assist in redesigning the efforts to improve/automate control requirements.
Excellent command of Cybersecurity organization practices, operational risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies.
Experience with the assessment, implementation, management and documentation of a broad set of information security technologies and processes (e.g.: application security, data protection, access management, network security).
Develop and maintain Information Security reference architecture documentation and diagrams.
Define metrics to track program progress and generate reports for executive leadership.
Ability to identify network attacks and system security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation.
Expertise in Agile and can work with at least one of the common frameworks.
Noted cybersecurity expert, remaining up to date with latest technologies and participate in multiple forums.
Additionally, this role will:
Study the company's architecture, platforms, and services identifying integration issues.
Act in an advisory capacity for Secure Software Development and Life Cycle (SSDLC) development.
Enhance department and organizational reputation by accepting ownership of information security initiatives; update job knowledge by tracking and understanding emerging security practices and standards; participate in educational opportunities; read professional publications; maintain personal networks and participate in professional organizations.
Desired Skills and Experience
Minimum 8+ years of industry experience, and minimum 2-4 years of experience working on Information Security Governance.
Experience working with business owners and 3rd party vendors to implement appropriate security controls
Institutional knowledge of Neustar's security infrastructure and networks is a plus.
Strong analytical and technical skills with the ability to parse requirements and relate them to appropriate security controls.
Conceptual, analytical thinking and sound judgement with strategic orientation towards business objectives.
Ability to work in a fast-paced complex and dynamic environment, handling multiple projects simultaneously while demonstrating ownership to drive towards project completion.
Ability to engage at all levels of the organization to organize, drive and communicate results.
Excellent verbal and written communication skills along with presentation skills at varying levels of management, senior and executive leadership.
Collaborative team player with a positive attitude to learn and share.
Working with Security Risk Management Frameworks including regulatory compliance requirements (CIS CSC, NIST CSF & 800-53, ISO 27001, FedRamp, etc).
Design, engineering and administration of GRC Automation Platform's (RSA Archer, ServiceNow or SAP).
Security Vulnerability testing solutions (Nessus, AWS, Nexpose).
Cloud Security (AWS, Google, Azure).
As security practitioner/specialist in client facing roles in mid-size or large enterprises and demonstrated client facing consulting skills, including building strong client relationships.
Working skills on Microsoft (Excel, PowerPoint, Word & Visio).
Good to have understanding on
Identity and Access Management solutions (Sailpoint, ForgeRock, CyberArk).
Security Logging and Monitoring solutions (FireEye, Trend Micro, CrowdStrike, Splunk).
Network & Security Engineering technologies (Router, Firewalls, Load Balancers, IDS/IPS, Proxy, E-Mail Security, LAN, WAN, VPN and Micro-Segmentation Concepts).
Mobile device security and mobile device management solutions.
Knowledge of Cloud Security Alliance (CSA) best practices and guidelines.
Education and Certifications
4-year degree in Information Technology, Computer Science, or related field.
Master's degree preferred.
Preferred Security Certifications (CISSP/CRISC/CISM/CISA/CCSK/AWS) or eligible to obtain certification within one year from date of hire.
Work Schedule: Shift (Monday - Friday). Maybe requested to work evenings and weekends to meet project deadlines.
Travel: Less than 10% as needed by the business.
Neustar does not accept unsolicited resumes from external firms or agencies. Neustar will not be responsible for placement fees associated with unsolicited resumes.
Diversity, inclusion and teamwork are second nature to Neustar; and these values permeate our entire business structure. Neustar is committed to creating an environment where a wide spectrum of opinions and beliefs are actively sought, listened to and respected. Further, our talented workforce draws from the many geographic areas and markets in which Neustar operates worldwide, which represents a distinct competitive advantage. The rich and varied personal and professional backgrounds of our employees make Neustar a dynamic and rewarding company at which to build a career. We invite you to join us.
EOE of Minorities/Females/Vets/Disability
Neustar, Inc. considers all applicants for employment without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, or status as a Vietnam-era or special disabled veteran in accordance with federal law and other state and local requirements. Neustar, Inc., complies with applicable state and local laws prohibiting discrimination in employment and provides reasonable accommodation to qualified individuals with disabilities in accordance with the American with Disabilities Act (ADA) and applicable state and local laws.