Sr. GRC Specialist
Position Summary
As a GRC Specialist focused on Product and Application Security, you will be responsible for
ensuring that Neptune Technology Group's products and applications adhere to the highest
security standards.
You will engage with stakeholders throughout the organization and the
product lifecycle to ensure that security practices are followed, and risk mitigations are
implemented where required
Key Responsibilities:
* Application Security: Develop and maintain application security policies and
procedures.
Ensure secure coding practices are followed and conduct regular security
assessments of applications to identify and mitigate vulnerabilities.
* Product Security: Integrate security requirements into the product design phase and
maintain a Software Bill of Materials (SBOM) for each product.
Conduct security reviews
and audits to ensure compliance with industry standards.
* Security Standards: Develop, implement, and maintain security standards and best
practices for product and application security.
* Security Reviews: Conduct security reviews and assessments of products and
applications to identify potential vulnerabilities and ensure compliance with security
standards.
* Security Tools & Processes: Implement and manage security tools and processes,
including Static Application Security Testing (SAST), Dynamic Application Security
Testing (DAST), and penetration testing.
* Threat Modeling: Perform threat modeling to identify and mitigate potential security
risks in products and applications.
* Incident Response: Lead incident response efforts for product and application security
incidents, including investigation, remediation, and reporting.
* Training & Awareness: Develop and deliver training and awareness programs to
educate stakeholders on product and application security best practices.
* Risk Assessments: Conduct risk assessments and develop mitigation strategies for
identified security risks.
* Collaboration: Collaborate with cross-functional teams, including development,
operations, and legal, to ensure security requirements are integrated into the product
development lifecycle.
* Documentation: Maintain comprehensive documentation of security assessments,
reviews, and incident response activities.
Qualifications:
Bachelor’s degree in information systems, Cybersecurity, or a related field.
Minimum of 5+ years of relevant experience in governance, risk, and compliance roles.
Strong understanding of regulatory requirements and industry standards.
Preferred Qualifications:
* Certifications such as ISO 27001, CISA, CISM, or CISSP.
* Experience with third-party risk management and vendor assessments.
* Knowledge of security frameworks such as ISO 27001, NIST, SOX or SOC 2.
Skills:
* Analytical & Problem-...
- Rate: Not Specified
- Location: Duluth, US-GA
- Type: Permanent
- Industry: Other
- Recruiter: Neptune
- Contact: Not Specified
- Email: to view click here
- Reference: SRGRC017800
- Posted: 2024-12-05 07:42:35 -
- View all Jobs from Neptune
More Jobs from Neptune
- Postbote für Pakete und Briefe (m/w/d)
- Specialist, Talent Acquisition Advisor (Mid-Senior Level)
- Specialist, Talent Acquisition (Temporary)
- Specialist, Talent Acquisition (Temporary)
- Managing Consultant, Health & Safety Project Manager (Senior Level)
- Consultant, Health & Safety (Mid-Level)
- Managing Technical Consultant, Compliance Engineer/Scientist (Senior Level)
- Senior Consultant, Environmental Design Engineer (Mid-Level)
- Summer Analyst – Coho Climate Advisors (Internship)
- Ausbildung Fachkraft Kurier-, Express- u. Postdienstleistungen (m/w/d) in 2025
- Machine Operator
- Production Operator
- Production Operator
- Electrical Designer
- Quality Engineer
- Coater Technician
- Manufacturing Engineer - Paper Mill
- Pricing Manager
- North America Business Development Manager
- Manufacturing Engineer