This is a hybrid role with 2 days in office a week in our headquarters located
in Granville, OH.
Security Governance Engineer - Hybrid (Granville, OH)
Security Governance Engineer Job Responsibilities:
Coordinates and performs security assessment functions and control testing
reporting and activities in accordance with internal controls compliance,
regulatory and departmental policy and procedures. The Security Governance
Engineer updates and maintains control matrices and provides recommendations
for management's consideration. This position ensures compliance with internal
controls, regulatory and information security policies and procedures. The
incumbent works with internal audit, external audit firms, and others to
provide supportive documentation as applicable. The Security Governance
Engineer takes a lead role in ensuring the security of all protected
information collected, used, maintained, or released by RevLocal.
Security Governance Engineer Job Duties:
Protects systems by defining access privileges, control structures, and
Recognizes problems by identifying abnormalities, reporting violations.
Implements security improvements by assessing current situation;
evaluating trends; anticipating requirements.
Determines security violations and inefficiencies by conducting periodic
Upgrades systems by implementing and maintaining security controls.
Keeps users informed by preparing performance reports, communicating
Maintains quality service by following organization standards.
Maintains technical knowledge by attending educational workshops,
Contributes to team effort by accomplishing related results as needed.
Implements security controls, risk assessment framework, and programs that
align to regulatory requirements and best practices, ensuring documented
and sustainable compliance that aligns and advances business objectives.
Evaluates risks and develops security standards, procedures, and controls
to manage risks. Improves company's security positioning through process
improvement, policy, automation, and the continuous evolution of
Implements processes, such as GRC (governance, risk and compliance), to
automate and continuously monitor information security controls,
exceptions, risks, and testing. Develops reporting metrics, dashboards,
and evidence artifacts.
Defines and documents business process responsibilities and ownership of
the controls. Schedules regular assessments and testing of effectiveness
and efficiency of controls and creates reports.
Updates security controls and provides support to all stakeholders on
security controls covering internal assessments, regulations, protecting
Personally Identifying Information (PII) data, and Payment Card Industry
Data Security Standards (PCI DSS).
Performs and investigates internal and external information security risk
and exceptions assessments. Assess incidents, vulnerability management,
scans, patching status, secure baselines, penetration test result,
phishing, and social engineering tests and attacks.
Documents and reports control failures and gaps to stakeholders. Provides
remediation guidance and prepares management reports to track remediation
Assists other staff in the management and oversight of security program
Trains, guides, and acts as a resource on security assessment functions to
Remains current on best practices and technological advancements and acts
as a technical resource for security assessments and regulatory
Will participate in on-call rotation for security-related incidents.
May require various shifts and/or weekends to provide incident response
operations, business continuity plans, or disaster recovery operations.
Performs other related duties as assigned.
Knowledge, Skills, and Abilities
Applicable information security management, governance, and compliance
principles, practices, laws, rules and regulations.
Information technology systems and processes, network infrastructure, data
architecture, data processes, and protocols.
Firewalls, network routing, server system administration.
Active Directory, access control, identity management, and related
Cyber and cloud security standard frameworks, architecture, design,
operations, controls, technology, solutions, and service orchestration.
Information systems auditing, monitoring, controlling, and assessment
Incident response management.
Risk assessment and management methodology.
Developing and implementing enterprise governance, risk, and compliance
strategy and solutions.
Researching and locating information related to internal and external
organizations using online and other sources.
Security project management and planning.
Troubleshooting and operating a computer and various software packages.
Defining problems, collecting and analyzing data, establishing facts and
drawing valid conclusions.
Using judgment and ingenuity in maintaining objectives and technical
Effectively communicate technical issues to diverse audiences, both in
writing and verbally.
Apply a risk-based approach to planning, executing, and reporting on audit
engagements and auditing process.
Evaluate and update and/or revise program materials.
Learn quickly and apply knowledge to new situations.
Handle sensitive and confidential matters, situations, and data.
Understand and follow broad and complex instructions.
Interact positively with peers, executives, and external resources in
order to enhance effectiveness and to promote quality service.
Comprehend technical language and to confer, analyze and write in an
objective, lucid manner.
Work independently and prioritize multiple tasks and adapt to needed
Remain calm under high pressure/difficult situations.