Sr. GRC Audit Specialist

Neptune Technology Group Inc.

is a technology company serving water utilities across North America.  Since 1892, we have continually focused on the evolving needs of water utilities – revenue optimization, operational efficiencies, and improved customer service.  With our portfolio of smart water meters, data collection systems and software, we make data actionable for our customers – so they can remain focused on the business of water.

For additional information, please visit the company website at www.neptunetg.com.

Sr.

GRC Specialist - Application and Product Security

 

Position Summary

As a Sr.

GRC Specialist focused on Product and Application Security, you will be responsible for ensuring that Neptune Technology Group's products and applications adhere to the highest security standards.

You will engage with stakeholders throughout the organization and the product lifecycle to ensure that security practices are followed, and risk mitigations are implemented where required.

 

Key Responsibilities

 


* Application and Product Security: Integrate security requirements into the product design phase for software, and IoT/IIOT products.  Ensure secure coding practices are followed and conduct regular security assessments of applications to identify and mitigate vulnerabilities.  Conduct security reviews and audits to ensure compliance with industry standards.


* Security Standards: Develop and maintain application and product security policies and procedures.

Develop, implement, and maintain security standards and best practices for product and application security.


* Security Reviews: Conduct security reviews and assessments of products and applications to identify potential vulnerabilities and ensure compliance with security standards.


* Security Tools & Processes: Implement and manage security tools and processes, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and penetration testing.


* Threat Modeling: Perform threat modeling to identify and mitigate potential security risks in products and applications.


* Incident Response: Lead incident response efforts for product and application security incidents, including investigation, remediation, and reporting.


* Training & Awareness: Develop and deliver training and awareness programs to educate stakeholders on product and application security best practices.


* Risk Assessments: Conduct risk assessments and develop mitigation strategies for identified security risks.


* Collaboration: Collaborate with cross-functional teams, including development, operations, and legal, to ensure security requirements are integrated into the product development lifecycle.


* Documentation: Maintain comprehensive documentation of security assessments, reviews, and incident response activities.

 

 

Qualifications:


* Bachelor’s degree in information systems, Cybersecurity, or a related field...