Position Summary

As a GRC Specialist focused on Product and Application Security, you will be responsible for
ensuring that Neptune Technology Group's products and applications adhere to the highest
security standards. You will engage with stakeholders throughout the organization and the
product lifecycle to ensure that security practices are followed, and risk mitigations are
implemented where required
Key Responsibilities:

• Application Security: Develop and maintain application security policies and
  procedures. Ensure secure coding practices are followed and conduct regular security
  assessments of applications to identify and mitigate vulnerabilities.
• Product Security: Integrate security requirements into the product design phase and
  maintain a Software Bill of Materials (SBOM) for each product. Conduct security reviews
  and audits to ensure compliance with industry standards.
• Security Standards: Develop, implement, and maintain security standards and best
  practices for product and application security.
• Security Reviews: Conduct security reviews and assessments of products and
  applications to identify potential vulnerabilities and ensure compliance with security
  standards.
• Security Tools & Processes: Implement and manage security tools and processes,
  including Static Application Security Testing (SAST), Dynamic Application Security
  Testing (DAST), and penetration testing.
• Threat Modeling: Perform threat modeling to identify and mitigate potential security
  risks in products and applications.
• Incident Response: Lead incident response efforts for product and application security
  incidents, including investigation, remediation, and reporting.
• Training & Awareness: Develop and deliver training and awareness programs to
  educate stakeholders on product and application security best practices.
• Risk Assessments: Conduct risk assessments and develop mitigation strategies for
  identified security risks.
• Collaboration: Collaborate with cross-functional teams, including development,
  operations, and legal, to ensure security requirements are integrated into the product
  development lifecycle.
• Documentation: Maintain comprehensive documentation of security assessments,
  reviews, and incident response activities.
  

Qualifications:
 Bachelor’s degree in information systems, Cybersecurity, or a related field.
 Minimum of 5+ years of relevant experience in governance, risk, and compliance roles.
 Strong understanding of regulatory requirements and industry standards.

Preferred Qualifications:

• Certifications such as ISO 27001, CISA, CISM, or CISSP.
• Experience with third-party risk management and vendor assessments.
• Knowledge of security frameworks such as ISO 27001, NIST, SOX or SOC 2.
  

Skills:

• Analytical & Problem-Solving: Strong analytical skills with the ability to identify risks and
  propose effective solutions.
• Communication & Leadership: Excellent communication skills with experience leading
  cross-functional teams and working with senior management.
• Attention to Detail: Meticulous attention to detail in reviewing audit findings, compliance
  risks, and policy documentation.
• Technical Expertise: Proficient in cybersecurity tools, and Microsoft Office Suite.
  Knowledge of GRC platforms is a plus.
• Ability to work independently and make decisions with wide latitude for independent
  judgment.

Travel Requirements: Typically require overnight travel less than 10% of the time.

Location: Duluth, GA or remote.

#HP1

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)