Senior Security Compliance Engineer

Arch Capital Group Ltd. Farmington , CT 06030

Posted 2 months ago

The Position

The Senior Security Compliance Engineer will provide leadership, oversight, and hand on delivery of the IT Security solutions across different areas like infrastructure, network, and identity for the Arch Reinsurance Group worldwide. The individual will be responsible for working closely with the Reinsurance Infrastructure team, Security team and Shared Service team to provide comprehensive solutions to ensure compliance on security requirements. The individual will report to the Reinsurance VP of IT & Security Assurance and be responsible for security across multiple production environments in the cloud and on-prem, including ensuring conformity to IT Security Requirements and Best Practices (CIS, NIST, CSA). Travel up to 25% may be required. Position can be based in Farmington, CT, Morristown, NJ, or remote.

Job Responsibilities

  • Work with multiple operational infrastructure
    etwork teams, and ensure that we have secure-by-default systems.

  • Use your technical expertise to cultivate pragmatic engineering decision-making and sustain high engineering standards.

  • Supports the implementation and maintenance of assigned information security solutions to ensure successful deployment and operations; develops and documents detailed standards (e.g., guidelines, processes, procedures).

  • Design and implement solution on security controls to achieve desired risk mitigation results.

  • Monitors existing security controls, assesses gaps and recommend improvements to the IT environment.

  • Coordinate penetration testing, simulating an attack on the system to find exploitable weaknesses, and monitors networks and systems for security breaches.

  • Collaborate with other IT teams including Engineering to design and implement remediation solutions.

  • Provide support in the event of escalated security incidents (diagnose, troubleshoot, and resolve issues).

  • Support the implementation of hardware and software changes into environments to ensure security requirements are met.

Required Skills/Experience

  • 7+ years of work experience in implementing and supporting network infrastructure for large enterprise networks including data centers and hybrid-cloud environments

  • 2+ years of hands on experience as a network engineer with moderate-size operational network (hundreds of devices).

  • 2+ years of security engineering experience

  • 2+ years of experience with firewall technology (Palo Alto, Cisco)

  • Knowledge of scripting languages (PowerShell, python, etc.)

  • Basic knowledge of network protocols

  • Basic knowledge of physical and virtualized networking fundamentals, such as routing, switch, network configuration in VMware and Citrix

  • 1+ year of experience in database technologies

  • 1+ year of experience in software development

  • Certification Requirements:Preferably two or more of the following

  • CEH - Certified Ethical Hacker

  • ISSAP - Information Systems Security Architecture Professional

  • ISSEP - Information Systems Security Engineering Professional

  • CISSP - Certified Information System Security Professional

  • CIS - Certified Information Systems Auditor (CISA)

  • CCNP - Cisco Certified Network Professional

  • F5-CTS Certification

  • PCNSE - Palo Alto Certified Network Security Engineer

  • Cisco CCIE Security

Desired Skills/Experience

  • Experience must include familiarity with applicable NIST, ISO, and CIS information security documentation

  • 3+ years of working hands-on experience in the following:

  • Identifying, exploiting, and remediating Network attacks

  • Network auditing and monitoring including SIEM experience

  • Active Directory

  • Cloud Security (AWS and Azure)

  • Recommending, communicating, and tracking remediation of IT Threats

  • 2+ years of experience with Next Generation Firewall

  • 2+ years of implementing network segmentation

  • 2+ years of experience with micro-segmentation platforms, such as VMware NSX or Cisco ACI

  • 2+ year of implementing and administration of Network Access Control solutions such as Cisco ISE

  • Strong knowledge of F5 load balancers, TACACS, etc.

  • Hands-on experience with Cisco Nexus and Catalyst Series switches design and implementation

  • Deep understanding of various network protocols and technologies such as OSPF, BGP, MPLS, VxLAN, etc.

  • Strong understanding of Network monitoring, analysis, and familiarity with tools such as Cisco DNA Center, Cisco Prime, Solar Winds, etc.

  • Experience with SD-WAN support and implementation

Education

  • Four year Computer Science, Engineering, Cybersecurity, or related field degree (Bachelors) is preferred

The Company

Arch Capital Group Ltd. is a Bermuda-based company which provides insurance, reinsurance and mortgage insurance on a worldwide basis. Arch Capital Services LLC provides support and expertise to entities across ACGL to help them operate effectively and efficiently. Arch is committed to helping its associates create what's next by providing access to a variety of programs supporting your professional development and a culture that encourages innovation, collaboration and professional growth. We seek talent that thinks innovatively, values collaboration and will go the extra mile to serve our customers and develop our company.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Manager IT Risk And Compliance

Arch Capital Group Ltd.

Posted 2 months ago

VIEW JOBS 9/15/2021 12:00:00 AM 2021-12-14T00:00 The Position The Reinsurance IT Risk and Compliance Sr. Manager will provide leadership, oversight, and delivery of the IT audit and control compliance function for the Arch Reinsurance Group worldwide, liaising closely with other IT and business management, individual contributors, and customers. The individual will report to the Reinsurance VP of IT & Security Assurance and be the main point of contact for all IT and Business Audits and compliance-related activities including leading the IT control assessments (SOX, IA, Regulator, etc.) and customer information security due diligence reviews. The individual will also be responsible for managing the internal tools for managing user access and control process narratives. Travel up to 25% may be required. Position can be based in Farmington, CT, Morristown, NJ, or remote. Job Responsibilities * Individual contributor working closely with different teams within Arch and with outside consultants to deliver on risk and compliance goals. * Participate in review and audit activities, including SOX, Local Regulator, internal controls, and internal audits, as the central point of contact. Take ownership of open items and manage the remediation till closed. * Participate in M&A's IT due diligence, security assessments, and integration activities. * Manage the users' access review process over critical IT systems and file shares. * Conduct third-party security assessments and participate as a member in Risk Committees. * Ensure internal IT & Security controls process narratives, descriptions, attributes, and owners are kept up to date in the internal controls and audit management system. * Manage the change control/program code change review process over critical IT systems production environments for segregation of duties conflicts * Manages requests from the business for security assessments of the Arch Reinsurance Group worldwide. * Deliver regular reporting to senior management regarding IT Compliance matters. * Provide advisory support and education relating to IT risk management and compliance to leaders responsible for identification, management, and monitoring of IT risks. * Lead the efforts to proactively identify changes to the risk and regulatory IT compliance environment of Arch Reinsurance Group; communicate this to Privacy and Security representatives. * Monitor the performance and completion of IT risk-related remediation activities. * Coordinate the reviews and implementation of new or existing policies, standards guidelines, and procedures annually. * Collect, analyze and distribute key information security metrics. Required Skills/Experience * Minimum of 8+ years' of experience in a combination of audit, compliance, risk management, information security, and information technology fields. * 3+ years' of experience in a leadership role - employment history must demonstrate increasing levels of responsibility. * Demonstrated experience of relevant legal and regulatory requirements, such as SOX 404, SOC 1 and 2, GDPR, NYDFS, and other regulations and guidelines. * Possess the following certifications: CISA, CRISC, CISSP, CPA, and CIA preferred. Desired Skills/Experience * In-depth knowledge and experience of Sarbanes-Oxley, ISO 27001, SOC 1 and SOC 2. Knowledge of related standards such as PCI-DSS is required. * Individual with excellent relationship and personable skills who has mastered the art of influencing others to deliver on the stated goals. * A thorough understanding of the relationship between Risks and Controls along with a grasp of prioritizing remediation efforts. * Well-rounded understanding of technology, operations, security, and key business processes. * Excellent inter-personal skills, able to work independently and a key contributor in a team environment. * Familiarity with DevSecOps processes is preferred. * Excellent analytical and problem-solving abilities and process oriented. * Excellent written and oral communication skills. * Effective leadership and motivational skills. * P&C Insurance and Reinsurance industry experience required. Education * Bachelors' degree in Information Security, Computer Science, Accounting, or related field required. The Company Arch Capital Group Ltd. is a Bermuda-based company which provides insurance, reinsurance and mortgage insurance on a worldwide basis. Arch Capital Services LLC provides support and expertise to entities across ACGL to help them operate effectively and efficiently. Arch is committed to helping its associates create what's next by providing access to a variety of programs supporting your professional development and a culture that encourages innovation, collaboration and professional growth. We seek talent that thinks innovatively, values collaboration and will go the extra mile to serve our customers and develop our company. Arch Capital Group Ltd. Farmington CT

Senior Security Compliance Engineer

Arch Capital Group Ltd.