1. 14-18 years of progressive information security experience across various information security / information technology risk management domains such as but not limited to: application security, infrastructure security, identity and access management, vulnerability and cyber threat management, security architecture, etc.
2. 2-4 years vulnerability and Penetration testing audits and assessment experience required
3. 2-4 years information security threat modeling and information risk modeling experience required
4. Previous knowledge and expertise in designing information technology and security controls across complex and diverse networks, applications and infrastructures
5. Technical aptitude and critical thinking skills while having the ability to think outside the box, demonstrated ability to solve complex information security problems, ability to observe security risks and weaknesses and provide security recommendations to respective project teams
6. Ability to translate technical risk issues and distill such issues to common IT business leaders and upper management
7. Ability to author security risk reports and clearly articulate such risks in both report writing and presentations to diverse IT audiences and senior management
8. Subject matter expert (SME) across the entire IT stack as well as diverse IT systems, networking and security components, applications, and operating systems. Solid understanding as to how to mitigate risks with common controls such as WAFS, IDPSs, MPSs, AWL, etc.
9. Ability to think strategically, strong attention to detail and organization skills
10. Understanding of information risk management frameworks, regulations, data protection guidelines and standards
11. Experience with working on global teams across time zones, cultures and languages
12. Bachelors degree in Computer Science or Engineering related field required
13. Minimum one (1) CISSP, CEH or other relevant security certification required