Information Technology Cybersecurity Lead @ Carollo Engineers | Jobright.ai
JOBSarrow
RecommendedLiked
0
Applied
0
External
0
Information Technology Cybersecurity Lead jobs in United States
Be an early applicantLess than 25 applicants
company-logo

Carollo Engineers · 7 hours ago

Information Technology Cybersecurity Lead

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
date10+ years exp
ftfMaximize your interview chances
ConstructionConsulting
check
H1B Sponsor Likelynote

Insider Connection @Carollo Engineers

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Develop and oversee the implementation of process, procedure, and documentation programs designed to instill and enhance overall data and information security.
Conduct risk assessments, evaluate alternative strategies, develop recommendations, and ensure responsive communication with business representatives, security management, and third-party vendors.
Provide technical expertise and guide the administration of security tools that control and monitor information security and ensure Data Loss Prevention, Role Based Access Controls, and Identity Management.
Develop, direct, and improve the Data Protection (DP) and Data Loss Prevention (DLP) programs and associated governance activities including metrics, issue tracking and remediation, and programs supporting Client policies and standards.
Develop and maintain appropriate response playbooks, facilitate routine exercises, and ensure a sound communication process for all cyber risk/threat events.
Provide application and data security solutions to business units, and project teams that enhance the ability to conduct business transactions in a secure manner.
Analyze application security needs based on the sensitivity or proprietary nature of the data, and ensure that all systems are utilized for management-approved purposes only.
Work with IT Leadership and Management to develop and execute Cyber Risk and Security strategy. Assist management in defining and setting appropriate, implementable policies.
Collaborate with IT groups (Technical Support, Applications, Infrastructure, Tools, etc.) for planning, designing, and testing on projects and initiatives.
Lead overall project initiative(s) and assist in planning, implementing, and testing company BC/DR efforts including, where appropriate, partnering with other IT functional leads and external service providers.
Assist in the development, maintenance and publishing of all corporate-level information security standards, procedures and guidelines, including compliance monitoring procedures; assist in resolving security policy issues and implementing security procedures.
Research, evaluate, recommend, plan implementation of, and test new or improved information security software or devices; Analyze new or enhanced software application or tool implementations for impacts to existing security software and devices.
Communicate unresolved security exposures as well as misuse or noncompliance situations to management; Recommend, and implement remedial measures
Participate in investigations of suspected information security issues or in compliance reviews as requested by auditors.
Develop and deliver security guidance and training (security awareness) to technical staff members. Perform security program presentations, both internally and externally as needed; Serve as an expert security resource to the company at large and provide security consultative support as required.
Review to outline improvements for Litigation Hold and eDiscovery-related data audit and collection requirements stemming from Carollo Legal/Risk Management Services
Updates job knowledge by participating in educational opportunities, reading professional publications, maintaining personal networks, participating in professional organizations, coordinating hardware and software evaluations with vendors.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Enterprise-class security solutionsIdentity managementInformation security servicesNetwork SecurityIdentity & Access ManagementApplication SecurityInformation Security Incident ResponseMicrosoft technologiesActive DirectoryISO/IEC standardsNIST frameworksCMMC standardsEnd Point SecuritySingle Sign On (SSO)Windows ServerGroup Policy (GPO)TCP/IP conceptsSecurity controlsCISSP certificationCyber security programsCloud architecturesRisk assessmentsAnti-Malware SolutionsSNMPSMTPSSLSSHDNSDHCPLDAP

Required

Demonstrated experience in designing and implementing enterprise-class security solutions; Ability to translate the information security domain to IT and business domains, as well as communicate complex technologies in a clear and concise manner.
Design, architecture, and implementation of centralized security technology solutions at mid/large enterprises; operations experience in identity management, key management, or other security domains.
Leadership role in the development or delivery of information security services and in-depth knowledge of key information security domains, including authentication, authorization, access control and encryption.
Knowledge of industry standards and frameworks (e.g. ISO/IEC, NIST, and CMMC); Project Management skills and experience mapping and securing business processes / data flows.
Must be fully knowledgeable and able to design, plan, and support deployment efforts around IT security solutions using four or more of the following technologies - Network Security, End Point & Mobile Security, Virtualization Security, Identity & Access Management, Security Management and Operations, Encryption & VPN, Application Security (including web and database), Anti-Malware Solutions, Web & Email Gateways, and Single Sign On (SSO).
Experience in Information Security Incident Response, IaaS/SaaS environments, and broad understanding of all aspects of IT and enterprise systems interoperability.
Strong knowledge and real-world expertise in all Microsoft technologies and solutions including but not limited to Windows Server 200x/201x, Active Directory, Domain Controller, System Center (SCCM), File Servers, DFS, Azure, Office365, etc.
Strong knowledge in Windows-based authentication and authorization services, Group Policy (GPO) for enterprise, server, and workstation groups based on AD/OU sets.
Superior understanding of, and expertise in Windows-based AD environments, AD Domain Service, and ADFS including support for Single Sign On (SSO) requirements for 3rd party and internal applications.
Understanding of TCP/IP, SNMP, SMTP, SSL, SSH, DNS, DHCP, LDAP, Samba and Kerberos concepts, enterprise LAN, WAN including broad-based internet and MPLS & SD-WAN networks.
Knowledge of routing protocols and experience with vendor technologies from Fortinet and Cisco is a plus.
Experience with enterprise monitoring tools/applications.
Experience with web/content filtering products, and anti-spam/anti-virus solutions.
Experience in designing and implementing security controls using native Microsoft Windows tools and 3rd party solutions.
+ 10-12 years of direct, related experience in IT Security with 4-5 years of progressively increasing responsibilities (Security Architect to Security Lead roles).
One or more of industry-recognized security certifications such as CISSP, SSCP, GIAC Security Expert (GSE), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA) or CISM.
Relevant (significant) experience with cyber security programs, network and computing infrastructure, cloud architectures and implementations.
Expert understanding and ability to communicate specific business, technology, and enterprise cyber security requirements to appropriate groups; Excellent communicator at all levels of the organization.
Thought leadership capabilities in the evaluation of cyber security risks and mitigation solutions.
Demonstrated knowledge of network, application, platform, and database technologies and strong knowledge of infrastructure-related processes and controls.
Knowledge of related industry standards, frameworks, and best practices, such as NIST Cyber Security Framework, CMMC, and ISO27001 including associated regulatory requirements.
Demonstrated experience performing Risk assessments, Control assessments or Audits; working knowledge of Governance, Risk, and Compliance tools.

Company

Carollo Engineers

twittertwittertwitter
company-logo
Carollo Engineers is a full-service environmental engineering firm that plans, designs, and constructs water and wastewater facilities.
dateFounded in 1933
location
Walnut Creek, California, USA
people-size1,001-5,000 employees
web-link
http://www.carollo.com

H1B Sponsorship

Carollo Engineers has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (24)
2022 (16)
2021 (18)
2020 (15)

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
B Narayanan
President and CEO
linkedin
leader-logo
Dave Sobeck
Partner
linkedin

Recent News

PRNewswire
Carollo Engineers introduces XBAT: a revolutionary approach to water purification
2024-04-23
LinkedIn
Carollo Engineers on LinkedIn: We are excited to welcome Michael Van Antwerp, who will spearhead our…
2024-04-10
Tampa Taps Novel Tech for $200M Project to Remove Organics and Other Pollutants From Water Supply
2024-03-07
Company data provided by crunchbase
logo

Orion

Your AI Copilot