Information Security Specialist

Job Description We’re building meaningful ways to support professional and personal development while strengthening the trust we’ve earned as a global market leader. Role Overview The Information Security Specialist is responsible for supporting enterprise-wide cyber risk management and governance activities. This role requires a strong foundation in information technology and internal controls, along with proficiency in security frameworks and a solid understanding of cybersecurity risk management practices.

The individual will collaborate across global teams to assess risks, recommend and implement robust security controls, and contribute to the development and maintenance of information security policies and standards. The role also supports local and global regulatory compliance efforts, identifies control gaps, assists in risk remediation, and enhances security processes through standardization, consistency, and continuous improvement initiatives. This role follows a four-day in-office work model.

Your responsibilities will be: Maintain assurance and governance activities related to organization‑specific security compliance methodologies that demonstrate our security governance to management and other key stakeholders including regulators, auditors, and boards. Develop and maintain security policies, procedures, and guidelines according to industry best practices and regulatory requirements. Conduct regular security controls testing to evaluate the effectiveness of existing security systems and procedures and recommend improvements.

Conduct comprehensive risk assessments to identify potential risks in the organization’s IT infrastructure and oversee the lifecycle of any security risks, ensuring that remediation is agreed, effective, and timely. Prepare regular reports on the organization’s cyber risk posture for presentation to senior management. Foster strong partnerships and collaborate regularly with other departments communicating security issues, obtaining additional information as needed, and providing status of remediation to security management.

Assist with regulatory exams by obtaining documentation, drafting responses, and helping develop security action plans. Stay current with the latest cybersecurity regulatory standards, trends, threats, and technologies, and provide recommendations for improvement. The ideal candidate has: Bachelor’s degree in Cybersecurity, Computer Science, or related field. 2+ years of experience in information security risk management or similar role.

Knowledge and expertise with a wide range of security/risk management governance, guidance, compliance concepts and documentation such as NIST 800-53, NIST Cybersecurity Framework (CSF), ISO or equivalent. Experience using and administrating GRC tooling. Proficient with Windows and Linux, including Active Directory and EntraID.

Strong analytical, good organizational, effective communication, and presentation skills. Flexibility in work given and ability to actively research how to perform new tasks. Proficient in using Microsoft Teams, Excel, PowerPoint, Word and AI tools (Copilot, ChatGPT and others).

Experience with GenAI coding assistance and leveraging AI to improve processes. CISSP, CRISC, CISM or other related security certifications. Equal Employment Opportunity We’re proud to be an equal opportunity employer and do not discriminate against any employee or applicant for employment based on any legally protected characteristic, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, or veteran status.

We are committed to fostering a workplace where all individuals are valued and respected. #J-18808-Ljbffr