Security Risk Operations Specialist
Location: Dallas, Texas, Denver, Colorado, Houston, Texas, Phoenix, Arizona, Seattle, Washington
Job Type: Full time
Avanade is looking for passionate technologists who want to contribute to keeping our internal security technology on the bleeding edge. Constant opportunities for growth and learning have helped make Avanade one of the best places to work in IT and provide an excellent environment to build skills and experience that help launch exciting IT careers.
The Information Technology Vendor Management and Information Security Assessment teams (“Teams”) are looking for an adaptable team member to deliver high-visibility work under the scope of our portfolio.
Seeking an experienced, detail-orientated, and motivated Information Security Risk professional to assess information security risks and activities of internal Avanade and third-party solutions to protect the confidentiality, integrity, availability, and accountability of Avanade’s assets. This individual will leverage SharePoint, Power BI Reporting, OneTrust, RiskRecon and other technologies for general program administration.
This role would be a great fit for someone who is versed in systems security auditing and risk assessment.
The position will involve the following: managing security risk assessments, aiding in maturation process of our security assessments programs, validating security compliance, researching vulnerabilities and security risk, and other project related activities under the umbrella of the Risk & Audit service portfolio within Avanade Governance, Risk & Audit, and Compliance (GRC). This position may also involve assisting in other information security documentation and regulatory compliance project efforts.
Assist in maintaining the lifecycle of the security and health status of Avanade’s third-party solutions by supporting the following tasks as shown. This position will also support the Program Leads in overseeing as well executing security assessment responsibilities.:
- Demonstrate an advanced understanding of business and information technology internal control risk management, IT security controls and related standards.
- Prioritize and triage security assessments incorporating Delivery and Internal timelines.
- Use the organization’s risk management framework to effectively negotiate risk levels for issues related to control weaknesses and other vulnerabilities.
- Evaluate complex technology risks, controls which mitigate them and related opportunities for control improvement.
- Support efforts and gather requirements for continuous service and /or process improvement projects within the Team’s scope.
- Facilitate the use of technology-based security testing tools or methodologies, synthesize results, and make recommendations for technical remediation.
- Evaluate and coordinate Security and Vendor Risk Assessments for new and existing entities.
- Coordinating security assessment activities with Avanade stakeholders and external suppliers.
- Monitor and manage projects and data in SharePoint, OneTrust or other tools.
- Provide audit support for internal and external audits.
- Support Teams’ Risk Assessments over solutions and initiatives that impact the organization.
- Direct communications with onshore and offshore teams to help unblock requests.
- Participate as UAT OneTrust Tester for various assessment templates.
- Understand the fundamentals of security and risk management to facilitate the execution and growth of the Teams’ goals and programs. This position will also support the Program Leads as a delegate of authority as needed.
- Familiar with security industry standards (ISO 27001/2, ISO 27017/18, NIST 800 series, etc.), regulations (e.g., HIPAA, GDPR, and SOX), and standards-body based requirements (e.g., COBIT) for protecting information.
- Effective people collaboration skills with an ability to leverage others (people, group, services) both onshore and offshore to achieve maximum results. Use collaboration tools effectively to support the process.
- Strong Knowledge/experience of Cloud Technologies including, but not limited to: IaaS, SaaS, PaaS, Public, Private, Hybrid with an emphasis on Microsoft Technologies, familiarity with AWS and Google platforms.
- Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.
- Ability to present to all levels of the organization (up and down) in a concise and organized manner.
- Highly motivated and organized with excellent time management and problem-solving skills.
- Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing.
- Proven Project Management skills.
- Demonstrated efficient, succinct, and risk-based document writing capabilities, including technical and business reports.
- Review and provide timely feedback on Teams’ draft reports or other documents.
- High proficiency with Microsoft Office (O365) products (e.g., Word, Excel, Power BI, PowerPoint, SharePoint, Power Platform, etc.).
- Suggests security improvements by assessing current situation, evaluating trends, and anticipating requirements.
Education and Experience:
- Bachelor’s degree in Information Technology or Business Administration or a related discipline, or equivalent work experience (e.g., Military, Government service, etc.).
- A minimum of four years of experience in Information Security with CISA, CISM, CRISC and/or CISSP accreditations or willing to become accredited within 7 months.
Compensation for roles at Avanade varies depending on a wide array of factors including but not limited to the specific office location, role, skill set and level of experience. As required by local law, Avanade provides a reasonable range of compensation for roles that may be hired in Colorado and Washington as set forth below and information on benefits offered is here.
Role Location: Range of Starting Pay for role
Colorado: $95,000 - $160,000
Washington: $110,000 - $185,000
You’ve got this!