Information Security Specialist (CISSP)
- Recruiter
- Major League Soccer
- Location
- New York
- Salary
- Competitive
- Posted
- 14 Aug 2022
- Closes
- 11 Sep 2022
- Job Type
- Information Security
- Employer Sector
- Technology, IT & Telecoms
- Contract Type
- Permanent
- Hours
- Full Time
Overview
MLS is looking for a passionate, organized, and detail–oriented information security specialist to join the Information Security Office. The security specialist will possess CISSP certification to identify and communicate potential and emerging information security threats, vulnerabilities, and appropriate technical controls in the Sports and Hospitality industry, specifically in stadium venues.
Problem–solving and the ability to evolve processes to meet business transformation and security requirements are essential elements of this position. The security specialist will drive threat and vulnerability management and support the development of an enterprise–wide security program. The individual in this role will proactively identify and mitigate risk through awareness training, conducting internal and third parties' assessments.
Responsibilities
Develop and manage the enterprise vulnerability management lifecycle from discovery to remediation throughout the technology and service portfolio
Conduct regular assessment of Web and Internal applications, Cloud Infrastructure, APIs, Networks, IoT devices, and mobile applications
Work closely with Information Security Engineer and vSOC team to test the efficacy of existing security controls and help create new detection
Support the implementation of a comprehensive security program that covers the League office and MLS Clubs
Continuously evaluate and evolve existing methodologies to solve complex security challenges through vendor engagement and technical services
Develop threat models against internal and external systems and design best practices for how they should operate securely
Assist with the development of the security education and awareness training program that stays relevant to business activities and current threats
Maintain Runbooks to continually improve security testing methodologies and threat modeling and lead readiness initiatives for compliance with domestic and global obligations
Well informed of new technologies and advancements in security services and provide regular briefings to Technology management
Work in dynamic, fast–paced environments that require regular team interaction and coordination of efforts
Qualifications
Bachelor's degree
4+ years of experience in information security
CISSP certification
Working knowledge of common information security standards, such as CIS and OWASP
Ability to lead security projects and collaborate with partners and business units across divisions
Demonstrated commitment to training, self–study, and maintaining proficiency in the information security domain
Motivated self–starter with excellent interpersonal, communication, and presentation skill and the ability to create technical reports
Working experience with Pen testing and reporting
Web and Cloud applications vulnerability scanners expertise
Knowledge of vulnerability management best practices
Ability to analyze system and network event logs for incident handling
Knowledge of compliance, audit process, third–party risk assessments, and data privacy
Desired Skills
Knowledge of the sport of soccer
Experience developing and delivering security awareness training and assessments
Options
MLS is looking for a passionate, organized, and detail–oriented information security specialist to join the Information Security Office. The security specialist will possess CISSP certification to identify and communicate potential and emerging information security threats, vulnerabilities, and appropriate technical controls in the Sports and Hospitality industry, specifically in stadium venues.
Problem–solving and the ability to evolve processes to meet business transformation and security requirements are essential elements of this position. The security specialist will drive threat and vulnerability management and support the development of an enterprise–wide security program. The individual in this role will proactively identify and mitigate risk through awareness training, conducting internal and third parties' assessments.
Responsibilities
Develop and manage the enterprise vulnerability management lifecycle from discovery to remediation throughout the technology and service portfolio
Conduct regular assessment of Web and Internal applications, Cloud Infrastructure, APIs, Networks, IoT devices, and mobile applications
Work closely with Information Security Engineer and vSOC team to test the efficacy of existing security controls and help create new detection
Support the implementation of a comprehensive security program that covers the League office and MLS Clubs
Continuously evaluate and evolve existing methodologies to solve complex security challenges through vendor engagement and technical services
Develop threat models against internal and external systems and design best practices for how they should operate securely
Assist with the development of the security education and awareness training program that stays relevant to business activities and current threats
Maintain Runbooks to continually improve security testing methodologies and threat modeling and lead readiness initiatives for compliance with domestic and global obligations
Well informed of new technologies and advancements in security services and provide regular briefings to Technology management
Work in dynamic, fast–paced environments that require regular team interaction and coordination of efforts
Qualifications
Bachelor's degree
4+ years of experience in information security
CISSP certification
Working knowledge of common information security standards, such as CIS and OWASP
Ability to lead security projects and collaborate with partners and business units across divisions
Demonstrated commitment to training, self–study, and maintaining proficiency in the information security domain
Motivated self–starter with excellent interpersonal, communication, and presentation skill and the ability to create technical reports
Working experience with Pen testing and reporting
Web and Cloud applications vulnerability scanners expertise
Knowledge of vulnerability management best practices
Ability to analyze system and network event logs for incident handling
Knowledge of compliance, audit process, third–party risk assessments, and data privacy
Desired Skills
Knowledge of the sport of soccer
Experience developing and delivering security awareness training and assessments
Options