Technical Security Policy Engineer

Job ID:
Chicago, IL
Information Technology, Telecommunications, Array
$110,000.00 per year
Zip Code:
Employment Type:
Full time

Job Description:

Technical Security Policy Engineer


  • Serve as a subject matter expert for Information Security, consulting to technical management (serving on project teams, discussing application and systems architectures, etc), non-technical management (educating the user community on information security) and attorneys (eg litigation-related technical education) as necessary.
  • Security Awareness: assist in coordination of the program, including development of awareness content, scheduling of awareness activities and measuring progress of the program.
  • Vulnerability Management: collect information on emerging threats including software vulnerabilities. Coordinate triage of and response to vulnerability information. Disseminate this information regularly to firm staff and management as appropriate.
  • Participate in long-term strategy and planning for Information Security
  • Manage and support GRC technology and Security Governance solutions. Create and maintain system, procedural and support documentation.
  • Manage and support the 3rd Party Security Vendor Risk Management program and life cycle.
  • Document and perform Risk Assessments for third-parties (eg, vendors and service providers). Respond to security assessments, questionnaires and audits from clients and third-party business partners.
  • Create and maintain security policies, standards, processes and guidelines for approval by Firm management. Evaluate exception requests and make approval recommendations to management.


  • Preferred candidate will have one or more of the following certifications:
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications
  • Solid experience with Anti-Malware and AEP technologies, Encryption, Incident and Event Management, Web Filtering, IDS/IPS, Firewalls, Vulnerability Management, Privileged Access Management.
  • GRC tool management: Administration, Engineering or both
  • Ability to perform as primary Security SME.
  • Ability to facilitate project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
  • Knowledge of data encryption technologies.
  • Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
  • Knowledge of web filtering and email SPAM prevention techniques.
  • Knowledge of vulnerability assessment and forensic investigations tools.
  • Knowledge of mobile device security and Mobile Device Management solutions
  • Knowledge of Privileged Access Management technologies
  • Windows Authentication and Active Directory integration
  • Ability to complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls.
  • Ability to communicate an effective security awareness message throughout the organization.
  • Demonstrate ability to create and maintain security policy, standard, guideline and procedure documents.
  • Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users
  • Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG
  • Experience (Administration or Engineering) in GRC platforms
  • Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options.
  • Strong knowledge of risk management principles and practices.
  • Strong knowledge of security administration and role-based security controls.
  • Strong knowledge and use of GRC platforms.
  • Knowledge of host and network-based anti-malware technologies.
  • Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote.
  • Knowledge of client and server Firewalling technologies, including configuration and administration.
  • Knowledge of Intrusion Detection and Prevention solutions, including configuration and administration.
  • Knowledge of security event management (SIEM), event correlation and analysis technologies.
Company Info
Request Technology - Kyle Honn