Security Engineer I
Position: Security Engineer I
Number of positions: 1
Location: Marietta, GA
Duration: 8 Months Contract
Information Risk Management (IRM) uses the Application Certification and Authorization (ACA) as the primary information security risk and controls assessment for First Data applications. The ACA assesses the effectiveness of information security controls by evaluating an application’s architecture, if the applicable controls meet Global Cyber Security and Fraud (GCSF) standards, and the results of vulnerability assessments. The ACA identifies the vulnerabilities and gaps in the security controls which can expose sensitive data and IT infrastructure to unacceptable risk. These identified gaps are analyzed, documented, communicated, and monitored through IRM’s Risk Portfolio Management service.
This role will work closely with IRM’s Risk Assessment Methodologies and Tools Director and Cyber Risk Managers to ensure that the ACA process and tool is designed and configured to meet functional and technical requirements. This role will be responsible for creating and maintaining design and configuration documentation. This role will also be responsible for creating and maintaining data integrations between First Data cyber security applications and the ACA tool to source and auto-answer ACA questions. This role will establish and maintain automated dashboards and reports to track an application’s progress through the ACA process. This role will establish and maintain user account roles and groups. This role will be responsible for maintaining the Production and lower environments which may include migrating configuration changes to production, resolving performance or outage problems, supporting patching processes, etc.
- Configuration or Development experience in an eGRC platform (e.g. Rsam, Archer)
- Experience leading projects through SDLC phases (Agile, waterfall)
- Intermediate to advanced experience creating and maintaining data integrations and automated reports using tools / scripting languages such as SQL, Python, Splunk, SSIS, and SSRS
- Effective written, presentation, and meeting facilitation skills
- Intermediate to advanced experience with MS Office
Nice to Haves:
- Experience creating and maintaining role based access management
- Intermediate to advanced knowledge of risk management processes (cyber security risk management preferred)