Information Security Specialist

We are seeking a hands-on Information Security Specialist to serve as the primary individual contributor responsible for protecting the organization's digital assets, infrastructure, and data. This role operates within the Global IT team and reports directly to the Head of Global IT, providing expert guidance on security strategy, risk posture, and compliance initiatives. The ideal candidate is equally comfortable responding to a live security incident, rolling out endpoint protection across the fleet, and preparing documentation for an external audit., To perform this job successfully, an individual must be able to perform essential duties and responsibilities satisfactorily. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

Incident Detection & Response

• Monitor, triage, and respond to security alerts from SIEM, EDR, and cloud-native tools.
• Lead incident response activities including containment, eradication, root-cause analysis, and post-incident reporting.
• Maintain and continuously improve the incident response playbook and escalation procedures.

Threat Hunting & Vulnerability Management

• Proactively scan accounts, endpoints, and network segments for indicators of compromise and emerging threats.
• Conduct regular vulnerability assessments and coordinate remediation with system owners.
• Stay current on threat intelligence feeds and integrate findings into defensive operations.

Endpoint & Network Security

• Evaluate, deploy, and manage antivirus, EDR, and other endpoint threat-detection tools across all company devices.
• Configure and maintain firewalls, VPNs, web proxies, and other perimeter controls.
• Ensure consistent security baselines across Windows, macOS, and Linux endpoints.

Security Awareness & Training

• Design, deliver, and track semi-annual security awareness training for all employees.
• Develop supplemental materials such as phishing simulations, quick-reference guides, and policy refreshers.
• Serve as a go-to resource for security questions from staff at all levels.

Third-Party & Vendor Security

• Evaluate third-party security solutions, SaaS vendors, and cloud service providers against organizational requirements.
• Conduct vendor risk assessments and maintain an approved-vendor security register.
• Negotiate security terms and review vendor SOC reports, penetration test results, and certifications.

Compliance & Audit Support

• Support the organization's pursuit and maintenance of ISO 27001 and/or SOC 2 Type II certifications.
• Draft, review, and maintain information security policies, standards, and procedures.
• Gather evidence, coordinate with auditors, and remediate findings during internal and external audits.

Advisory

• Advise the Head of Global IT on security risks, investments, and strategic priorities.
• Provide security input on architecture reviews, new technology deployments, and change-management processes.
• Produce regular security metrics and executive-level reporting.

• Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience).
• 3-5+ years of progressive experience in information security or cybersecurity operations.
• Demonstrated hands-on experience with SIEM platforms, EDR solutions, and vulnerability scanners.
• Working knowledge of ISO 27001 and/or SOC 2 Type II frameworks and audit processes.
• Strong understanding of networking fundamentals (TCP/IP, DNS, HTTP/S, firewalls, VPN).
• Excellent written and verbal communication skills; able to translate technical risk into business language.
• Industry certifications such as CISSP, CISM, CompTIA Security+, or GIAC (e.g., GSEC, GCIH).
• Experience with cloud security in AWS, Azure, or GCP environments.
• Familiarity with scripting or automation (Python, PowerShell, Bash) for security workflows.
• Prior experience building or significantly contributing to a compliance program from the ground up.
• Experience conducting or managing penetration tests and red-team exercises., * Frequently required to sit, stand, and move within the office environment.
• Regularly required to operate a computer and other office productivity machinery.
• The role may require occasional lifting of objects up to 20 pounds.
• Ability to travel between 5-10% of the time.