Information Security Engineer III
Company: Conduent
Location: Schiller Park
Posted on: June 24, 2025
|
|
|
Job Description:
Through our dedicated associates, Conduent delivers
mission-critical services and solutions on behalf of Fortune 100
companies and over 500 governments - creating exceptional outcomes
for our clients and the millions of people who count on them. You
have an opportunity to personally thrive, make a difference and be
part of a culture where individuality is noticed and valued every
day. About the Role The ISO Auditor is a member of the CISO
Regulatory & Compliance Team and will assist in the performance of
internal audits, ensuring they comply with applicable Conduent and
ISO security standards, regulations, and policies. The internal
auditor will be professional, independent, impartial, and fair in
all interactions. Responsibilities • The NIST security resource is
accountable for procedures and processes that ensure the integrity,
confidentiality, and availability of assigned Business units’
information, applications, and infrastructure. • Resource will
perform routine risk assessments, security audits, and
vulnerability scans to identify, evaluate, document, and remediate
organization risk, control gaps and vulnerabilities. • This
position will be responsible for developing security reports,
security recommendations, and security policies and procedures that
are meaningful, defensible, and actionable for a variety of
audiences as pertained to assigned business units. • Perform log
collection, correlation, reviews, archival, retention, and
monitoring of automated alerts for items such as, and not limited
to: • IPS/IDS alerts; change detection (FIM) alerts • application
firewall alerts; malware alerts • rogue wireless network alerts •
security system health alerts; exploit attempt alerts • Participate
and be an integral component of audit, compliance, and regulatory
functions, including and not limited to: • audits of system
security to ensure compliance with Corporate security framework •
NIST 800-53, ISO 27001/2, PCI-DSS • emerging country, state, and
Federal privacy laws • Primary POC in a vulnerability management
program of the account that includes: • external and internal
vulnerability scans of applications and systems • external and
internal penetration tests of applications and systems •
documentation and remediation of identified vulnerabilities and
exploits • routinely monitoring various communication avenues for
security vulnerabilities and security patches • taking a risk-based
approach comparing those security vulnerabilities and security
patches across the operating environments • making recommendations
to various IT teams on the mitigation process for those identified
security vulnerabilities • Coordinate with business units,
operations, and technology teams for incident response,
remediation, and improvement • Acts as the initial point of contact
to facilitate the handling of security audits and client requests •
Supports the creation of business continuity/disaster recovery
plans, to include conducting disaster recovery tests, publishing
test results, and making changes necessary to address deficiencies
• Maintain documentation that supports the annual Security
compliance attestation as it is relevant to the assigned Business
units Requirements • CIPP, CRISC, CISA, CISSP, CISM, ISO or any
security/IT audit certification is a plus. • Minimum of Five (4 to
5) Years of experience in IT Security, or Security Auditing is
required. • Knowledge and understanding of security controls across
all security domains, such as access management, encryption,
vulnerability management, authentication, authorization, network
security, physical security, etc. • Ability to identify security
risks in application, system, and network architecture, data flow,
and processes or procedures • Ability to assess the organizational
impact of identified security risks and recommend solutions or
mitigating controls. • Knowledge of security technologies, devices,
and countermeasures, as well as the threats they are designed to
counter. • Experience with developing security reports,
recommendations, policies, and procedures that are meaningful,
defensible, and actionable for a variety of audiences. •
Familiarity with more than one framework (NIST 800-series, ISO
27000-series, PCI DSS and ISO, HIPAA, HITRUST, FISMA, FedRAMP other
common security control frameworks). • Experience in PowerPoint,
Word, Excel; experience with Visio and MS Project. • Communication
skills (interpersonal, verbal, presentation written, email).
Experience to write report segments and to participate in
presentations. • Familiarity with security, workflow, and
collaboration tools such Nessus Tenable, Splunk, SharePoint and
ServiceNow (Snow) is a plus • Positive attitude, team player,
self-starter; takes initiative, ability to work independently and
effectively with all levels of staff and management both internally
and externally Preferred Skills • Creating and Maintaining NIST
800-53-rev5 based SSP and POAM • Familiarity with more than one
framework (NIST 800-series, ISO 27000-series, PCI DSS and ISO,
HIPAA, HITRUST, FISMA, FedRAMP other common security control
frameworks).
Keywords: Conduent, Oak Park , Information Security Engineer III, IT / Software / Systems , Schiller Park, Illinois
