Job Description The Senior Information Security Engineer will play a critical role in developing and implementing comprehensive information security strategies, policies, and procedures to safeguard our organization’s digital assets. This role requires a combination of technical expertise, strategic vision, and leadership capabilities to ensure the effective management of information security risks. The role requires strong leadership, technical expertise, and the ability to collaborate with cross-functional teams to safeguard the organization’s information assets. Responsibilities Information Security Strategy and Governance: Help develop and maintain the organization’s information security strategy, including short-term and long-term goals. Conduct regular reviews of information security policies, standards, and procedures in alignment with regulatory requirements and industry best practices. Make updates to reflect changes in the threat landscape. Help define and maintain information security governance frameworks to ensure consistent and effective management of information security risks. Security Architecture and Risk Management: Conduct regular risk assessments to identify potential vulnerabilities and threats and develop mitigation strategies. Integrate risk management practices into the organization’s security architecture and lifecycle. Ensure security solutions are designed and implemented with risk considerations in mind. Collaborate with architects and engineers to embed risk management into system and application design. Collaborate with relevant stakeholders to ensure the organization’s risk appetite is understood and reflected in security measures. Security Operations : Oversee the implementation and operation of security technologies, including firewalls, intrusion detection/prevention systems, encryption mechanisms, and vulnerability management systems. Monitor security events and incidents, conduct investigations, and coordinate response activities to minimize the impact of security breaches or unauthorized access. Develop and implement security incident response plans and conduct regular drills to ensure readiness and effectiveness. Evaluate, deploy, and manage security tools and technologies to enhance security operations. Stay informed about the latest security tools and technologies and recommend improvements to the security stack. Security Awareness and Training: Develop and deliver information security awareness and training programs for employees, contractors, and third-party vendors. Promote a culture of security awareness and ensure that security policies and procedures are clearly communicated and understood across the organization. Stay abreast of the latest security trends, threats, and technologies, and provide timely updates and training to relevant stakeholders. Compliance and Audit: Ensure compliance with applicable regulatory requirements, industry standards, and contractual obligations related to information security. Coordinate and participate in internal and external security audits and assessments. Collaborate with legal and compliance teams to address security-related legal and regulatory obligations. Incident Response and Forensics: Support the organization’s incident response program, including the identification, containment, and recovery from security incidents. Coordinate with internal teams and external experts for forensic investigations, ensuring proper documentation and reporting of findings. Track and report security incidents, lessons learned, and recommended improvements to prevent future incidents. Qualifications Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field. Advanced degree preferred. 6+ years of Computer Science, Information Security, Cybersecurity experience. Relevant certifications such as CISSP, CISM, CEH, GIAC, or equivalent are highly desirable. Specialized certifications in cloud security (e.g., AWS Certified Security – Specialty, CCSK, CCSP) are a plus. Extensive experience in information security leadership, including risk assessment, incident response, and security operations. In-depth knowledge of information security frameworks, regulations (e.g., GDPR, HIPAA), and industry best practices. Strong understanding of network and system security principles, technologies, and protocols. Excellent leadership, communication, and interpersonal skills. Ability to collaborate effectively with cross-functional teams and influence stakeholders at all levels. Strong analytical and problem-solving skills, with the ability to think strategically and adapt to evolving threats and technologies. Experience in managing security incidents and conducting forensic investigations. Commitment to continuous learning and professional development to stay current with emerging security trends, threats, and technologies. Familiarity with Azure cloud security is a plus. Must be flexible with working hours to accommodate various time zones. Minimal travel, no greater than 10% About Us Duracell is the world’s leading manufacturer and marketer of high-performance alkaline batteries, complemented by a portfolio of high quality, market leading specialty, rechargeable and professional batteries. Duracell’s products power numerous critical professional devices across the globe such as heart rate monitors, defibrillators, telemetry devices, smoke detectors, fire alarms, automated valves and security systems. As the leader in the professional power category, Duracell has a rich history of innovation, continuously introducing batteries that are smaller, thinner, with more energy and longer lasting than competitive brands. Since March 2016, Duracell has found its permanent home within Berkshire Hathaway (ranked #4 World’s Most Admired Companies by Fortune Magazine and #3 in the Fortune 500), and will continue to focus on sustainable growth, industry-leading innovation while creating long-term value for our customers and consumers. At Duracell, integrity, end-to-end accountability across all levels, fast decision-making and a “can do” attitude is highly valued. In January 2018, a new B2B Sector was created which among other duties, will assume responsibilities of the Professional Aftermarket businesses globally under the PROCELL brand. #J-18808-Ljbffr
Establishing interpersonal relationships Analytical skills Problem-solving network-security Incident response HIPAA Certified Information Security Manager (CISM) Certified Ethical Hacker (CEH) Certified Information Systems Security Professional (CISSP) Information security Communication risk management Training Auditing GIAC Leadership Firewalls GDPR Security Architecture