Security Controls Validation Principal
Mr. Cooper
- Dallas, TX
- Permanent
- Full-time
- Plan, and execute control validation assessments to ensure compliance to Sarbanes Oxley, other standards, and internal policies.
- Develop and execute comprehensive tests to validate the effectiveness of technology and process security controls, including but not limited to access controls, encryption, firewalls, intrusion detection/prevention systems, and antivirus solutions.
- Perform comprehensive testing of IT systems, applications, and networks to identify scope of controls validation testing.
- Utilize breach attack simulation (BAS) technology, automation testing tools, and manual techniques to evaluate the effectiveness of security controls.
- Collaborate with stakeholders to develop mitigation strategies and action plans.
- Maintain accurate and up-to-date documentation of control testing procedures, results, and recommendations.
- Prepare detailed reports summarizing assessment results and suggested remediation actions.
- Stay current with relevant industry regulations such as Sarbanes Oxley, compliance frameworks, and security validation testing best practices.
- Work closely with IT teams, security professionals, and other stakeholders to validate security controls.
- Provide guidance and support for remediation efforts to address identified security control validation issues.
- Recommend and implement improvements to security controls based on testing outcomes and emerging threats.
- Stay informed about the latest cybersecurity trends, vulnerabilities, and control validation best practices.
- Communicate effectively with senior management and stakeholders, providing updates on security controls validation activities and recommending improvements.
- Identify opportunities for process improvements and implement strategies to enhance the efficiency and effectiveness of security controls validation efforts.
- Proven 2 to 4 years of experience in Security Controls Validation, IT compliance testing, auditing, and risk assessment.
- Strong understanding of industry standards, regulations, and frameworks (e.g., SOX, SOC1/2).
- Familiarity with security validation technologies (Cymulate, AttackIQ, etc), tools, scripting languages (Python, PHP, Ruby, etc.) and best practices.
- Bachelor's degree or equivalent years of experience in Information Technology, Cybersecurity, or a related field.
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), or Certified Information Systems Auditor (CISA) are preferred.
- Excellent communication skills and the ability to convey complex technical information to non-technical stakeholders.