A Technical Security Officer is an internal resource focused on providing security advice, guidance, and direction to both Voya IT and business users under the authority of Technology Risk and Security Management (TRSM). This is a high level technical resource for dealing with the most important, complex, or risky situations related to the implementation, communication, monitoring, and maintenance of policies and procedures to protect technology information, environments and systems.
- Provides state-of-the-art technical expertise and support to client and IT management and staff in the area of security controls and risk assessments.
- Provides expertise on Voya's security architecture, standards, policies, and procedures (across all platforms and infrastructures).
- Acting as security consultant or liaison between Security, IT, and business as both subject matter experts for advisory support and security points of contact. Examples include:
- Providing guidance on information security policy requirements
- Providing security and compliance evaluations for specific topics or questions
- Providing support during any security incident
- Interpretation of security risk related to findings or issues for IT areas
- Provide security awareness and training with appropriate information to IT and business professionals within Voya
- Executing processes designed to identify and mitigate risk in the Voya environment. Examples of these processes include:
- Risk Assessments
- Vendor Risk Assessments and Vendor Selection Process
- External Connection Reviews
- Privilege Access and Service ID Ticket Approvals
- Client Information Security Questionnaires
- Technical Security Standards (TSS) / Security Hardening Guidelines Reviews
- Maintains contact with industry security standard setting groups and an awareness of State/Federal legislation and regulation pertaining to information security.
- Other duties as assigned.
Knowledge & Experience:
- Bachelor's degree in Computer Science, Engineering or a directly related field; Master's Degree preferred.
- Six to eight years of professional IT experience.
- Experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols. Cloud security experience preferred.
- Requires excellent analytical ability, consultative and communication skills, and strong judgment.