Location/Other Details - On Site - Juno Beach, FL- Local Resource Only
- Duration = 12 months
Qualifications
- 5 years of experience in Cybersecurity Controls Auditing
- Must have a solid IT and Cybersecurity background
- Good understanding of Cybersecurity frameworks and compliance requirements
- Possess excellent verbal and written communication skills
- Able to work with minimal supervision
- Detail oriented with good time management skills
- Outgoing and able to foster collaborative relationships
Responsibilities
- Review and become familiar with internal security policies
- Interact with key stakeholders to identify changing/evolving cybersecurity controls requirements
- Review cybersecurity controls in place for critical systems including but not limited to:
- Password and authentication
- Identity Lifecycle Management
- Access Control
- Vulnerability Management and Software Updates
- Endpoint Detection and Response (EDR)
- Antivirus/Antimalware Software
- Monitoring & Alerting
- Document gaps identified
- Develop and document remediation recommendations
- Communicate findings & recommendations to key stakeholders in the form of presentation
- Work with business stakeholders to resolve compliance issues
Assist FPL with the support and enhancement of the cyber security controls aimed at protecting the confidentiality, integrity, and availability of company information and computing networks. Assist with managing a framework for communications, reporting, scheduling, and coordinating the required activities.
- Develop an understanding of, and familiarity with, the Cyber Security controls currently in place at FPL.
- Lead the Exception Management Process (ongoing monthly task).
- Lead the Issues Management Process (on going monthly task).
- Manage the Risk Register (on going monthly task).
- Evaluate the evidence of compliance provided by "crown jewel applications" owners against controls in place.
- Identify and documents any gaps and exposures in the evidence of compliance.
- Review identified gaps and exposures with "crown jewel applications" owners.
- Develop Remediation Recommendations for identified gaps and exposures.
- Track and report on remediation implementation.
- Document the completion and validation of implemented remediation.
- Review current controls in place with GRC team and validate against new/emerging regulatory or other compliance requirements.
- Work with crown jewel applications owners to identify changing/evolving cybersecurity controls requirements.