Global Information Technology

Essential Duties and Responsibilities

• Track enterprise compliance across several security frameworks including NIST, SCF, SOC 2, ISO, etc.
• Develop and deliver operational and executive reports / metrics to track and report on security initiatives, processes, and risks.
• Aid development of security processes and procedures and manage security controls.
• Engage in the development of security and privacy awareness training.
• Perform information security assessments, compliance gap analyses, and risk assessments
• Develop written information technology and security policies and procedures
• Work directly with clients to provide advisory services and guidance that will reduce organizational risk, improve their overall security posture, and achieve compliance
• Prepare reports and other deliverables that contain strategy, technical analysis, findings, and recommendations
• Provide approved responses to client inquiries and maintain library of records, documentation, and responses
• Ensures key security controls are identified, implemented, tested, and remediated as required
• Manage / configure enterprise GRC tool.
• May assist with Third Party Risk Management, assessment requests, vendor evaluations and remediation oversight
• Highly prefer one or more of the following Certifications: CISSP, CRISC, CISA, CISM or other equivalents

Knowledge, Skills, and Abilities

• Ability to write solution workflow diagrams, system documentation, playbooks, etc.
• Strong analytical skills
• Excellent written and verbal communications skills, including presentational skills
• Ability to work with others in both individual and team settings.
• Understanding of or experience with industry and regulatory standards, including NIST 800-53, HIPAA Security Rule, ISO 2700x, AICPA SOC 2, PCI DSS, GDPR, CCPA

• Prior experience auditing and performing quality control actions of audits.
• Experience with GRC tools for information gathering and reporting
• Expertise and understanding of five or more of following areas:

o Auditing and testing
o Internal controls
o Cyber risk program management and delivery
o Security architecture
o Security technologies (e.g., firewalls, security event monitoring, intrusion detection and prevention, malware detection)
o Data protection
o Application security/SDLC
o Third party risk management
o Cloud security
o Security Training & Awareness

Salary Range $125K - $145K (doe)

Job Benefits

• Competitive Insurance
• Investment 401k with match
• PTO (vacation and sick)
• Employee Discounts
• Opportunities nationwide
• Serve the Deaf and hard of hearing community!

Company Summary

Our Mission…Harnessing the power of language, we connect diverse people and enrich the human experience.

Our Vision…To provide global language services that expand opportunities, nurture belonging, and empower the world to connect beyond words.

As one of the world’s leading language services providers, Sorenson combines patented technology with human-centric solutions. We strive to increase diversity, equity, inclusion, and accessibility for underrepresented people through communication solutions for all: call captioning and video relay services, over-video and in-person sign language and spoken language interpreting, translation, real-time captioning, and post-production language services.

Sorenson’s impact vision and plan extends to supporting employment opportunities for diverse employees, customers, and communities. As a minority-owned company, we are committed to expanding opportunities for underserved communities while promoting an inclusive workplace for our own employees.

Equal Employment Opportunity:

CaptionCall and Sorenson Communications are an EOE, Disability/Age Employer.

Experience

• 3 - 5 years: Experience in Information Security audit work with combinations in operational technology security, risk management, IT, Compliance and Audit.

Education

• Bachelors or better
• Bachelors or better in Information Systems or related field

Skills

• Builds Relationships

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)