Burns & McDonnell Jobs

Description

The Information Security program protects Burns & McDonnell data, systems, and employees from evolving cyber threats with focus on continually reducing cybersecurity risk for the company. Information Security needs an Information Security Specialist to provide support within the areas of security governance, access management, risk management, incident response, vulnerability management; and security technology implementation and operations. This position will be an in-office working environment in our Kansas City location.

• Support escalation and response of cyber-threats associated with Incident Response according to established processes and procedures on a periodic or as-needed basis.

• Conduct security assessments in accordance to defined processes and procedures to assess the risk of software, services, and technology used, or being procured, throughout the business.

• Implement and maintain Information Security policies, standards, and related governance documents.

• Provide oversight to remediate security findings identified through internal audits, external audits, vulnerability assessments or penetration testing as applicable.

• Implement and support assigned security technology and controls to reduce cybersecurity risk for the company.

• Complete routine processes and procedures as assigned to support ISO 27001 compliance certification.

• Identity and assess management in accordance to maturing processes and procedures applicable to the Information Security strategy.

• Implement security awareness training program related to phishing campaigns as needed.

• All other duties as assigned.

Qualifications

• Bachelor's degree in Information Security, Computer Science, Computer Engineering, Information Technology or related field. Applicable years of experience may be substituted for degree requirement.

• Minimum 4 yrs experience in information security.

• An Information Security certification covering multiple security domains (such as CISSP, GSEC, Security ) or specialized cybersecurity related certification is preferred

• Effective oral and written communication skills with ability to convey security concepts and risks to non-technical personnel.

Strongly preferred skills in:

• cybersecurity principles and concepts.

• cybersecurity threats and vulnerabilities.

• one or more Information Security technologies such as firewall, EDR, IPS, SIEM, SOAR, CASB, CAASM, IAM, PAM, NAC, MFA, and DLP.

• common network and security protocols such as DNS, SSL/TLS, TCP/UDP, IPSec, SNMP, and SAML.

• evaluate cybersecurity risk and propose risk mitigations.

• applying security regulations and policies.

Demonstrated knowledge of:

• methods for evaluating, implementing, and disseminating IT security tools and procedures.

• computer forensics principles.

• requirements analysis principles and methods.

• procedures for purchasing/using COTS products.

• performance management methods.

• analytical ability; and communications techniques.

• test and assessment methods.

• network operations and protocols.

• life cycle management principles.

EEO/Minorities/Females/Disabled/Veterans

Job Security

Primary Location US-MO-Kansas City

Schedule: Full-time

Travel: Yes, 5 % of the Time

Req ID: 231466

Job Hire Type Experienced #LI-SN #COR