Data Security Lead
About NICE and ContactEngine…
NICE Ltd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the 100 largest corporations in the world, to deliver extraordinary customer experiences, fight financial crime and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions. Innovation efforts in cloud-native open platforms, artificial intelligence and analytics is driving rapid growth of our software products with reported revenues of USD 1.7 billion in FY 2020.
ContactEngine has recently become a part of the NICE CXOne suite and is a market leader in proactive conversational AI.
ContactEngine is a cloud-hosted conversation platform. Proactive and omni-channel, ContactEngine leverages artificial intelligence, natural-language processing and machine-learning so that global brands can transform their customer journeys. ContactEngine disrupts the traditional call-centres at just a fraction of the cost to deploy and run, but with three times the customer engagement rate of its manual call-centre predecessors. This means that as well as being lower cost, ContactEngine can drive corporate KPIs harder and faster, as well as improve the customer experience.
This position reports to the VP of Engineering, and would work closely with the Security Manager, Engineering Manager, and DevOps Manager.
The purpose of this role is to help security stakeholders within the business address increasing security and compliance requirements from our customers. These may be in the form of data security questionnaires from existing customers or prospects, or new requirements from certifications we are seeking to acquire.
The role will also take responsibility for ensuring that security measures are applied as per our policies, and that compliance related processes are followed correctly. This could be, for example, configuring integrations with new security tooling, ensuring that security log scanning automation is correctly configured, or preparing and sending regular vulnerability scanning reports.
A good technical understanding of software and infrastructure development will be very beneficial, as the role will likely be engaging on a regular basis with engineers. It will be expected that the role would develop a very good knowledge of the platform infrastructure, SDLC, and security policy framework over time. Hands-on skills configuring various security tools will be important.
English and writing and communication skills will be paramount, as wording concise and accurate replies to security related questions from current and potential clients will form a key part of the role. The ideal candidate will fully appreciate the sensitivity with which internal and external security audits need to be handled, and this is another area where excellent communication skills will be valuable.
This role would suit someone with a software engineering or architecture background, that has moved into the security field.
· Seek to understand the ContactEngine data, infrastructure, and software architecture, especially related to our SDLC and security touch points
· Investigate and make recommendations related to our security posture, as it pertains to data, SDLC and infrastructure
· Work with stakeholders to respond in a timely manner to any questions or questionnaires from clients or prospects
· Ensure the tech security landscape is fully understood, and make stakeholders and decision makers aware of any significant changes or developments
· Hands-on working with integration of security tooling and systems when required
· Perform ad-hoc investigations into security issues as needed
· Develop and track the security metrics and KPIs for the ContactEngine platform, and regularly report on these to managers
· Provide advice and support regarding security concerns to any interested parties within the organisation
· Use our security tooling to prepare and send vulnerability reports on a regular basis
· Work with finance and stakeholders when appropriate on the procurement of any security related software tools
· Work with stakeholders to identify security process or policy gaps that need to be addressed
· Bachelor’s degree or close equivalent, ideally in a computer science related field
· 3+ years in a hands-on security or software engineering related role
· Knowledge of common security and compliance certifications and frameworks, such as ISO 27001, SOC 2 type 2, PCI DSS, FedRAMP, HIPAA etc.
· Experience in responding to data security questionnaires
· Experience investigating or dealing with software or infrastructure security issues
· Good understanding of software development and infrastructure common practices, especially related to SDLC
· Strong hands-on ability with various security software and tooling
· Proven ability to communicate to senior stakeholders in written and oral form
· Understanding of relational databases and typical security approaches to managing these
· Understanding of ETL, data warehouse and reporting systems, and related security
· Pragmatic rather than dogmatic approach
· Knowledge of AWS services and security tools would be an advantage in this role
NICE is committed to provide an environment based on equal opportunity for all qualified applicants and employees. It is the policy of NICE to afford equal employment opportunities to qualified individuals, regardless of age, race, color, creed, religion, citizenship, ancestry, national origin, sex, gender, pregnancy, mental or physical disability, marital status, veteran status, service in the Armed Forces, sexual or affectional orientation, atypical hereditary cellular or blood traits, genetic information, status as a victim of domestic or sexual violence, and/or any other status protected by any applicable federal, state and/or local statute or regulation.