Associate Lead - Information Security

Roles and Responsibilities

• Engage in and host client meetings to review deliverables, discuss requests, and provide high-level security expertise and support on existing controls and frameworks.
• Assist with client management aspects, including questionnaires, timely response to client queries, and concerns.
• Handle technical client escalation issues before reaching the Director CA, documenting and mitigating future escalations.
• Provide technical support during the entire audit process, including following up on audit findings for remediation.
• Proactively collect, document, and store evidence needed for client audits.
• Engage SMEs from different business units through quarterly meetings.
• Communicate client security control requirements to the SM team through regular training sessions.
• Proactively engage SMEs to update the evidence library with new information.
• Review FAQs for all business units annually and update with the latest information.
• Develop and maintain customer-facing Security overview presentations.
• Manage new vulnerabilities from external sources, internal penetration tests, or client notifications.
• Identify the impact of vulnerabilities and generate initial communications for clients.
• Attend real-time vulnerability calls for urgent issues and follow up on remediation progress.
• Update and respond to technical issues raised by the RFP team.
• Organize SharePoint folders for easy access to information and evidence.
• Manage Jira updates and maintain accuracy in the CA confluence space.
• Review and update the Client Assurance Standard Operating Procedure after consulting with the team.
• Coordinate SME support for client audits in collaboration with the CA Service Management team.
• Train teams on security controls and processes monthly, storing sessions in an easily accessible location.
• Educate the Service Management team on updates and new developments in the security space.
• Coordinate training opportunities from SMEs for the team to learn different security controls.
• Orchestrate the annual review with Compliance of company-wide Security information presentations.
• Support client-facing teams in sales meetings and client communications requiring security specialist support.
• Operate with urgency for fast turnaround in competitive situations.
• Engage in SOC operations threat tracking.
• Participate in incident management, change control meetings, and cloud migration initiatives.

Requirements

• Ability to prioritize tasks, make quick decisions, and a strong understanding of security controls and governance.
• Bachelor's degree in computer science, Engineering, Information Systems, Business, or other Information security disciplines OR 5+ years of relevant professional experience in Information Security or IT Risk Management.
• Desired: relevant Information Security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) and GRC tools.
• Understanding of legal and regulatory compliance standards and requirements against data and IT, including, CIS, FERPA, Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST, and COBIT.
• Possess the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization; Excellent interpersonal, verbal, and written communication, including good presentation skills.
• Can multi-task, communicate clearly, learn new technologies and processes, and provide support to process/solution owners.
• Can drive projects focused on continuous improvement and efficiencies in the organization. Is someone who takes initiative and doesn't require continuous monitoring.
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• Ability to understand technology, management, and leadership issues related to organization processes and problem-solving.
• Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
• Knowledge of Information Security program management and project management principles and techniques.
• Knowledge of products that protect systems, such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring, and logging mechanisms, etc.