Information Security Principal

GENERAL SUMMARY: The Information Security role is responsible for monitoring and managing the security posture of the Center for Research in Security Prices (CRSP), LLC. This security professional is tasked with identifying, responding to, and mitigating security threats; as well as participating as a member of a team in CRSP Project efforts.
ESSENTIAL DUTIES AND RESPONSIBILITIES

• Monitor and manage the organization's security posture:
• Establishing security measures to detect, prevent, and mitigate cyber-attacks.
• Assist with monitor and analysis of logs, network traffic, and other data sources to identify potential threats and vulnerabilities.
• Review patching updates by working with the appropriate teams.
• Oversee cybersecurity incident response activities as needed.
• Ensure accurate and detailed documentation of incident response activities, including analysis, actions taken, and lessons learned.

• Recovery and Remediation
• Plan, review and confirm annual Disaster Recovery tests.
• Review and document Rapid Recovery requirements.
• Craft disaster recovery plans for compromised data.

• Serve as the primary point of contact for auditors, clients, and internal teams regarding information security issues.
• Ensure adherence to security best practices, frameworks, and standards.
• Function as a trusted advisor to senior leadership on emerging threats, compliance requirements, and operational risks.
• Lead the support of third-party penetration testing, scheduling, and remediation efforts.
• Stay current with emerging cybersecurity threats, vulnerabilities, and best practices.

• Establish and verify security incident responses and playbooks.
• Ensure accurate and detailed documentation of incident response activities, including analysis, actions taken, and lessons learned.

• Assist with technical expertise for confirming required compliances.
• Deliver regular information security reports and assessments to management, oversight committees, and other stakeholders as needed.
• Meet with technology owners regularly to ensure full visibility and understanding of open security vulnerabilities and the risks inherent with those vulnerabilities.
• Research, design, and conduct ongoing training for staff on information security related areas.
• Other duties as assigned.

REQUIRED QUALIFICATIONS:

• Minimum Required Education/Experience:
• Bachelor's degree and a minimum of five years' experience OR Associate degree with at least six years of relevant experience OR Experience with Linux, Windows and Windows server administration.
• Experience in root cause analysis.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
• Excellent verbal and written English communication and interpersonal skills, including active listening skills.
• Demonstrated ability to communicate and document technical concepts.
• Demonstrated critical thinking and problem-solving skills required, including the ability to analyze and evaluate information objectively.
• Demonstrated ability to be reliable, accountable, and exhibit organization and time management skills, with the ability to coordinate multiple activities simultaneously.
• This position may require work outside of normal work hours for maintenance and upgrades.
• A strong attention to detail is required to be successful in this role.

PREFERRED QUALIFICATIONS:

• CISA, CISM, GSEC, or other security certifications.
• Working knowledge of Microsoft SQL Server.
• Working knowledge of appliance and software-based firewalls.
• Working knowledge of enterprise server and / storage systems.
• Working knowledge of PowerShell and BASH scripting.

TRAVEL REQUIRED:

• Minimal travel required; however, candidates should be open to occasional travel as needed to support business objectives.

WORK ENVIRONMENT:

• The noise level in the work environment is usually moderate. 

PHYSICAL DEMANDS:
While performing the duties of this job, the employee is regularly required to communicate with others. The employee is frequently required to stand, walk, sit, demonstrate hand and finger dexterity in the course of their work, handle or feel, and reach with hands and arms. The employee is occasionally required to climb, balance, stoop, kneel, crouch or crawl.   
The expected physical workload is classified as: 
Light Work : Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly to move objects. If the use of arm and/or leg controls requires exertion of forces greater than that for Sedentary Work and the worker sits most of the time, the job is rated for Light Work. walking and standing are required only occasionally, and all other sedentary criteria are met.  
LOCATION: 105 West Adams Street, Suite 1700, Chicago, IL
HOURS: Full Time 8:30 a.m. - 5:00 p.m. normal working hours, Monday through Friday. Some flexibility may be required. Some overnight and weekend and overtime may be required.
Salary Range = $166,335.00-$216,236 USD Annually + Benefits
The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as work experience, market conditions, education/training and skill level.
Center for Research in Security Prices, LLC is an Equal Opportunity / Affirmative Action Employer