Receive alerts when this company posts new jobs.
Senior Security Risk and Compliance Specialist
at LENNAR HOMES
The Senior Security Risk and Compliance Specialist is a critical member of the Information Security Governance, Risk and Compliance team. The role is responsible for translating industry, government and contractual compliance requirements (SOX, FFIEC, SSAE16, etc.) into IT Security and Risk Management frameworks, policies, standards and best practices. This position will coordinate the remediation of non-compliant areas of across all of Lennar’s lines of business and support internal and external audits for the areas of Information Security, Risk Management and Compliance.
The Senior Security Risk and Compliance Specialist will be accountable for defining a comprehensive risk and compliance management framework and associated policies and processes, managing the audit and compliance process, managing the risk and compliance response process, developing metrics and championing risk and compliance initiatives across Lennar’s business units.
This role is also responsible for all tasks related to application certification and third party risk, to include ensuring security controls are implemented appropriately, validating security configurations and integrations, and assuring the security components of the System Development Life Cycle are implemented according to best practices. In this role, this Security Specialist role will be a key contributor to the secure design and implementation of new technologies, applications and services.
The Senior Security Risk and Compliance Specialist will collaborate closely with members of the Lennar’s corporate functions such as Human Resources, Legal, Procurement and other business stakeholders to ensure compliance requirements are understood. This role will also coordinate efforts with Enterprise Security Office teams, Security Steering Committees, internal and external auditors, Security Architecture and IT Operations teams to ensure that compliance requirements are appropriately addressed, tracked and reported to business stakeholders. This is to achieve and maintain a security posture commensurate with the risk tolerance of the organization, meet business objectives and regulatory requirements.
Principal Duties and Responsibilities:
- Responsible for analyzing and implementing risk and compliance management frameworks, policies, standards and best practices in support of the Information Security Governance, Risk Management and Compliance Programs.
- Responsible for assisting in the identification, analysis and assessment of information risk scenarios.
- Provide security expertise and guidance around security issues and recommend solutions to mitigate and eliminate compliance risks to Lennar information assets.
- Measure and assure that controls are in place and managed properly to meet legal and regulatory compliance for the protection of all of Lennar’s information and physical assets.
- Support technology in the evaluation of risks and controls, particularly when evaluating the risk and controls of high-risk systems and applications.
- Provide education and advisory services to applications/systems/data owners and help them understand control objectives, control design, and how to evaluate control operational effectiveness.
- Assist in the acquisition and vendor compliance assessment, procurement and evaluation of vendors and products.
- Develop and manage the Lennar’s third party risk and compliance management process.
- Maintains relationships with internal and external audit and compliance agencies to facilitate execution of audits.
- Assist with remediation efforts and recommendations as it relates to external and internal security audits.
- Review risk and control self-assessment results, and communicate with the application/systems/data owners key concerns and questions.
- Promotes and facilitates effective communication between the internal/external audit and information security team, IT operations and other departments and/or business units.
- Subject Matter expert on the security component of the Systems Development Life Cycle.
- Verify and document security controls in order for the systems to be certified and accredited.
- Advise system owners regarding security considerations in applications systems procurement or development, implementation, operation and maintenance, and disposal activities (i.e., system development life cycle management)
- Assist in the development and maintenance of system security plans and contingency plans for all systems within scope.
- Participate in risk assessments to periodically re-evaluate sensitivity of the system, risks, and mitigation strategies.
- Conduct research and analysis on the impacts on system modifications, technological advances, and malicious code.
Education and Experience Requirements:
- A minimum of 4 years of IT experience, 2 of which are in information security role
- Bachelor's degree preferred in information technology or computer science or equivalent work experience considered. M.B.A. or M.S. in technology related field is a plus
This is primarily a sedentary office position which requires the incumbent to have the ability to operate computer equipment, speak, hear, bend, stoop, reach, lift, and move and carry up to 25 lbs. Finger dexterity is necessary.
- CISSP, CEH, SANS Security and other industry and vendor specific security certifications highly preferred.
- Advanced knowledge of SIEM platforms (Splunk preferred).
- Experience with event escalation, security incident analysis, and utilizing formal Security Incident Response procedures
- Familiar with malware, ransomware and phishing techniques.
- Understanding of reconnaissance, attacks, exploitations and system compromise techniques; knowledge of modern network vulnerabilities and exploits.
- Extensive knowledge of Windows OS file systems, registry functions, and desktop.
- Experience with a variety of core security systems and platforms such as firewalls, intrusion detection systems, next-generation endpoint protection solutions, content filtering, and secure email gateways.
- Experience with the integration of end-point controls with Security Information and Event Management Systems (SIEM) and log management systems.
- Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, and logic; solution-oriented with ability to learn and adapt quickly.
- Experience with threat and vulnerability management (Rapid7-InsightVM preferred).
- Experience with end-point security management (Cylance preferred).
- Ability to learn and operate in a dynamic environment.
- Good understanding of baselines security standards and configurations for end-points and servers to include Windows and Mac systems.
- Experience identifying system critical and single points of failure. Work with other teams and third party vendors to resolve security issues.
- Experience identifying and analyzing emerging and advanced threats (such as APT, OWASP top-20 and others).
- Experience with responding to security incidents and reporting on incident handling and resolution.
- Experience with participating in post-mortem investigation of security incidents and preparation of security incident reports documenting the findings.
- Considerable writing proficiency and visual design skills, oral presentation skills, problem solving and decision-making skills.
- Excellent verbal and written communication skills, including executive-level presentations.
- Ability to facilitate productive meetings and work successfully in a team-oriented environment.
- Ability to exercise sound judgment in complex situations.
- Ability to confidently and simply explain technical security issues without hype or buzzwords.
- Have the ability to work with technical and non-technical business owners to develop solutions.
- Have the ability to handle multiple competing priorities in a fast-paced environment.
- Strong commitment to customer service.
- Results oriented, high energy, self-motivated.
- Ability to work well under minimal supervision.
- Some travel may be required for internal, conference, customer, partner and vendor meetings.
- This position requires the ability to work a regularly scheduled shift or rotating shifts depending on need.
This description outlines the basic responsibilities and requirements for the position noted. This is not a comprehensive listing of all job duties of the Associates. Duties, responsibilities and activities may change at any time with or without notice.
Lennar Corporation, founded in 1954, is headquartered in Miami, Florida and is one of the nation’s leading builders of quality homes for all generations. Lennar builds homes in 18 different states in some of the finest markets in the nation.
Opportunity awaits at Lennar! As one of America’s leading homebuilders, we make it easy to map out your future success with a wide variety of opportunities for career growth in the most desirable real estate markets. We seek spirited, passionate and energetic Team players with an eagerness to learn, a fiery determination to succeed and a burning desire to excel. Throughout the nation, our Company is focused on making every aspect of the home buying experience a true celebration for our Customers, and on giving back to the Community by helping those who cannot help themselves. And it all starts with you.
Lennar is proud to provide our Associates a comprehensive and competitive benefits program. We also provide an environment full of spirit, enthusiasm, passion and vitality – an environment that makes our Company a very special place to work.
You can make a difference. Join the Lennar Talent Network today!
What is a Talent Network?
Joining our Talent Network will enhance your job search and application process. Whether you choose to apply or just leave your information, we look forward to staying connected with you.