An ideal candidate for this role will be engaging, possess a strong balance between technical expertise and business acumen, and embrace opportunities to become a difference maker in a constantly evolving global organization. The successful candidate selected for this highly visible role will work closely with a cross-functional group of risk stakeholders to deliver information security, IT risk management, and data privacy protection solutions and advisory services to stakeholders and Operating Companies located throughout the USA. This role will also be called upon to participate and provide input to help execute the agenda of the organization's global Data Privacy and Information Security (DPIS) Community. This position will report to the Director, Enterprise Risk and Security.What you get to do:Execute tasks and help mature threat monitoring and vulnerability management capabilities and processes, including, but not limited to the following:Endpoint Protection and Data Loss Prevention (DLP) alert monitoring and risk mitigation planningPatch management process planning and task execution oversightPenetration Testing and Application Vulnerability Scanning remediation planningReview results from internal and external vulnerability scans and drive risk remediation planningAnalyze security-related incident tickets submitted by IT, business, and field stakeholders and propose appropriate risk mitigation solutionsAssist with the execution of the Security Incident Response Process and recurring incident response training exercisesParticipate in the IT change management meetings and provide subject matter expertise on security-related IT change requests Risk and Compliance ManagementExecute the Information Security Risk Assessment Process to ensure appropriate risk treatment and risk mitigation decisions are made to address identified risks.Act as customer-facing liaison and information security subject matter expert to help IT functional teams, internal project teams, business stakeholders, and external partners understand policies and control requirements and effectively implement and manage their risk mitigation safeguards.Plan and execute the tasks necessary to ensure the services provided by key third party vendors, suppliers and business partners do not pose a risk to Randstad's business operations, including:Administer the Third Party Vendor Security Questionnaire ProcessParticipate in vendor risk remediation discussions and executionAssist with the review of contract agreements, Statement of Works, and other product or service agreement documentationAssist with onsite assessments at vendor sites, as neededFacilitate internal and external audits and assessments. Participate in audit interviews, review findings, lead remediation planning, and document and communicate lessons learned with business and IT stakeholders.Assist with executing the Security Waiver and Exception Process to ensure all authorized deviations from acceptable information protection practices are managed and trackedAssist with the planning and execution of Business Continuity, Disaster Recovery, and other contingency planning activities. As the candidate settles into this role and becomes acclimated to the Randstad business, this responsibility will evolve into full task ownership and accountability to mature Randstad's contingency planning capabilitiesAdminister the IT crisis communications alert notification solution Policy and Awareness ManagementDevelop and maintain the implementation life-cycle of information security policies and supporting documentation (i.e. standards, guidelines, etc.) Perform recurring policy refresh to ensure control requirements and policy guidance remains current and applicableAssist in the continuous development, implementation, and ongoing maintenance of the security training and awareness education program. Help create and deliver security and data protection awareness training content to end usersAssist with the planning and execution of the employee phishing defense training campaignsWhat you need to bring:Bachelor's Degree5 - 7 Years Information Security Risk Management5 Years Security Threat & Vulnerability Management3 - 5 Years Vendor Security Risk Management Knowledge, Skills, and AbilitiesCISSP or GIAC Equivalent CertificationISO 27002 Controls FrameworkExcellent Interpersonal Communications SkillsEffective Relationship and Consensus Building SkillsVendor Security Risk ManagementThreat and Vulnerability ManagementEndpoint Protection (McAfee ePO Strongly Preferred)Data Loss Prevention Event Monitoring & AnalysisRisk Assessment MethodologiesEqual Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.At Randstad, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please just let us know.