|Published||January 25, 2023|
SC Cybersecurity Risk Management and Compliance Engineer
This role has been designated as 'Edge', which means you will primarily work outside of an HPE office.
Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today's complex world. Our culture thrives on finding new and better ways to accelerate what's next. We know diverse backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE.
Global Operations prioritizes putting customers and partners first by developing the workforce of the future. This involves strategic, inclusive, and collaborative working culture. At our core, we strive to uphold HPE's values - to partner, innovate and act - we are an organization that plan, source, and provide quality customer and partner experiences.
Job Family Definition:
Identifies, tracks, monitors, and manages cybersecurity risks within our supply chain. Evaluates and guides vendors and supply chain teams in the development and implementation of controls to address systems vulnerabilities.. Researches threat intelligence, vulnerabilities, campaigns and indicators of compromise.
In a typical day as a SC Cybersecurity Risk Management and Compliance Engineer, you would:
* Manages and proactively monitors supply chain cybersecurity system issues and threats, runs complex analyses on security incidents and threats, and uses in-depth research to inform company's resolution process.
* Develop cybersecurity audit scopes, content with accuracy and timeliness.
* Coordinates and perform cybersecurity audit activities, assess controls in place, document and communicate findings.
* Evaluate risks and controls in place to determine priorities and provide recommendations on mitigation strategies.
* Ensure compliance with company cybersecurity standards, policies and government regulations
* Create detailed cybersecurity reports with findings and gaps. Monitor actions to address findings until closure.
* Owns resolution of client and company security issues related to supply chain security incidents and threats and guides others in the resolution process when necessary.
* Combines industry expertise with a thorough understanding of information and security technology to direct vendor design of software patches.
* Recommends and coordinates the development, enhancement, organization, and maintenance of a client's or company's security solutions, including research and security system analysis.
* Evaluates internal systems, define or update supply chain cybersecurity standards, policies and processes.
* Developing and tracking audit related Plan & Milestones and associated performance metrics
Education and Experience Required:
* Bachelors degree (or equivalent work experience) required, preferably in computer science, engineering or related area of study.
* Typically 6+ years of relevant experience
* Certifications: Preferred CISA or CISSP or other cybersecurity and risk related certification
If you are…
* Ease to communicate at all levels, including management level presentations and summaries.
* In-depth Cyber and IT security knowledge.
* Strong understanding of Cyber and IT security risks, threats and prevention measures.
* Solid security system analysis, risk assessment and management skills.
* In-depth understanding of cybersecurity standards and best practices.
* Knowledge of networking and network security.
* Understanding of network monitoring and protocols.
* Knowledge of relevant .Net development, programming and scripting languages.
* Understanding of SQL and relevant scripting languages.
* Excellent communication skills both English and Spanish
* Writing technical reports that analyze and interpret results.
* Understanding of modern software development methodologies.
* Understanding of relevant industry security standards and protocols including DFARS, NIST, ISO.
* Travel required.
Join us and make your mark!
* A competitive salary and extensive social benefits
* Diverse and dynamic work environment
* Work-life balance and support for career development
* An amazing life inside the element! Want to know more about it?
Then let's stay connected!
HPE is an Equal Employment Opportunity/ Veterans/Disabled/LGBT and Affirmative Action employer. We are committed to diversity and building a team that represents a variety of backgrounds, perspectives, and skills. We do not discriminate and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global diverse team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together.
Hewlett Packard Enterprise is EEO F/M/Protected Veteran/ Individual with Disabilities.
HPE will comply with all applicable laws related to the use of arrest and conviction records, including the San Francisco Fair Chance Ordinance and similar laws and will consider for employment qualified applicants with criminal histories.