Who is BGRS?

At BGRS, we create customized mobility solutions that transform mobility into a driver of recruitment, development and retention. We are proud to be the partner of choice for many of the world’s most recognizable brands, including 35% of the Fortune 100 as well as the governments of the United States and Canada. Our diverse client portfolio represents a variety of industry segments.

BGRS is all about mobility. Come join one of the leading companies in global talent mobility, partnering with some of the largest organizations in the world to keep their employees on the move. We are committed to keeping our own talent on a career growth trajectory by fostering an engaging environment with development opportunities that create success for our clients and you. We support our employees by offering a flexible, innovative environment that allows them to focus on their clients and careers. We look forward to you joining our team and experiencing the power of what talent mobility can achieve.

What You'll Be Doing

The Security Engineer will be responsible for the implementation, maintenance and monitoring of business-critical IT security systems and processes in multiple, global locations. The Engineer will also be responsible for consulting with other global teams on security-related issues, working individually and cooperatively to resolve security risks and incidents, as well as participating in client & internal audit/RFP activities.

The successful candidate will have direct involvement in, and be accountable for, the creation and continued improvement of their area of control.

Primary Responsibilities:

1. Leading core security process and ensuring processes are continuously improving as the Security Program matures.

• Security Vulnerability Management
• Security Event Management
• Data Loss Prevention Controls
• Security Standards & Principles
• Security Incident Handling Processes
• Security Patching Processes
• Maturity Models and Metrics for continuous process improvements

2. Design, maintain and implement a vulnerability management program (i.e., maintaining processes for vulnerability scanning & remediation).

• Conduct or coordinated security assessments, penetration test and vulnerability scans.
• Analyze the results of assessments, tests, scans and determine course of action
• Work with cross functional teams to develop and implement remediation plans to resolve security issues discovered.
• Track remediation items through implementation and retest to ensure vulnerabilities that have been remediated have been resolved.

3. Work with our third provider to maintain our Security Event Management solution.

• Ensure all the appropriate log sources are being managed.
• Ensure procedures are developed and maintained to respond to alerts
• Integrate alert response plans to follow our incident processes when required.

4. Lead the security incident response technical team activities including internal investigations.

• Analyze security issues to determine which members of the team need to be engaged.
• Lead the investigation to determine root cause and determine the appropriate course of action.
• Implement resolution and recovery plan.
• Complete Incident Report and conduct a post- mortem analysis to recommend changes to ensure the issue does not re-occur.
• Conduct a lessons learned sessions with all other appropriate teams involved.

5. Develop, maintain and implement an IT Control Framework.

• Create a control framework that will add structure to ensure controls required for audits are being completed when required.
• Define common controls that will be repeatedly tested (i.e., ISO, SSAE16, and Financial audits, Client audits)
• Establish, maintain and implement a process to ensure control testing is completed when required and evidence is stored in a centralized system.
• Review evidence to ensure the data provided is appropriate will pass an audit rigor.
• Work with appropriate IT teams to develop and implement remediation plans for controls that are not functioning properly.
• Document and track the progress of the remediation plans through completion and retest to the control is functioning properly.

6. Lead IT related audit initiatives

• Lead IT related audits for ISO, SSAE16, US and Canada Financials, and Client driven audits.
• Coordinate audit activities and meetings with appropriate personnel.
• Gather evidence requested by each auditor and store in a centralized system.
• Build evidence repository that can be leveraged for future audits or client inquiries.
• Analyze the evidence for appropriateness.
• Analyze audit reports to evaluate to determine the appropriate course of action.
• Work with appropriate IT teams to develop and implement remediation plans when gaps exist.
• Document and track the progress of the remediation plans through completion and retest to the control is functioning properly.

7. Provide management oversight for security projects, remediation efforts and metric dashboards

• Assists with team projects, reporting, metrics and analysis as required
• Design, improve and implement processes to ensure security issues discovered are remediated in a timely manner. Consolidate and prioritize all IT remediation activities into one dashboard for management review
• Design, improve and implement security metric dashboards for various audiences (i.e., Internal Management and Clients).

8. Established and maintains security metric dashboards; anomaly report and security incident reviews; initiates remediation activities when required and tracks progress through completion.

9. Coordinates security standards development and defines enforcement practices.

• Evaluate current standards and update when required
• Develop process to ensure standards are being followed

10. Lead or assist with design, procurement and maintenance of security systems and tools.

• Evaluate current tool suite
• Create roadmap for future tools

11. Acts as a subject matter expert of security related issues, including participation in audits and client RFP responses.

12. Provide mentorship for other individuals across the enterprise in security related areas.

What You Bring to BGRS

• BA/BS Degree Computer Sciences, Computer Information Systems or related technical degree or 5 years’ experience in a Medium/Large enterprise IT Security Required.
• 3 years’ leadership experience in managing large scale audits.
• 3 years’ experience in implementing and/or maintaining industry-standard security program such as NIST 800-53, ISO 27001/27002, PCI or similar require
• Experience managing one or more of the following: RSA SecurID, Log Rhythm, Qualys, Veracode, Sailpoint, Proofpoint, HP Web Inspect, Nessus, Kaspersky Endpoint or other security systems – required
• Experience using Group Policies and System Center Configuration Manager to audit and control Microsoft Windows workstations and servers required.
• Experience administering Cisco networks & servers, NetApp storage, Palo Alto firewalls, Microsoft Operating System, Management and database technologies an asset.
• Must have vulnerability testing experience – evaluating, testing, and reporting
• CISSP or equivalent qualification strongly preferred.
• In depth knowledge of NIST 800-53 revision 3 and awareness of upcoming revision 4 strongly
• Strong understanding of network and web application protocols such as TCP/IP, IPSEC, SSL etc.
• Strong analytical and troubleshooting skills.
• Excellent planning and organizational skills.
• Strong communication skills, both written and verbal.
• Self-motivated with the ability to work independently, with minimal supervision in a fast-paced, rapidly changing environment.
• Availability for flexible/extended hours and weekend work as well as occasional business travel.

Other Information:

• Reliability status security clearance granted by CISD, PSPC; the security clearance application will be facilitated via the BGRS Company Security Officer (CSO).

What BGRS Offers

• Competitive salary and incentive plans
• Comprehensive benefits packages and wellness program
• Generous company-paid vacation days and holiday time
• Challenging, collaborative, diverse corporate culture
• Ongoing opportunities for learning and career development