Information Security Consultant II

Information Security Consultant II

This role is part of NCR’s Global Information Security team. This team is responsible for developing and implementing NCR’s corporate information security program. The primary goal of the program is to protect the confidentiality, integrity, and availability of information resources. Key information security functions and activities include architecture and design for NCR information security controls, developing and enforcing policies and standards, security awareness training, risk management, assessment, and testing, monitoring and metrics, incident management, and threat and vulnerability management.

The Information Security Consultant shall be responsible for the day-to-day activities required to respond for both routine and high severity vulnerabilities and security incidents. The Information Security Consultant shall work in a collaborative manner with vulnerability coordinators, incident responders, key incident management team members, management, and other stakeholders to ensure vulnerabilities and security incidents are contained, eradicated, remediated and after-action review is held according to corporate policy. The Information Security Consultant is expected to contribute to weekly status calls and respond to ad-hoc requests as part of this position. The Information Security Consultant will work with stakeholders and team members to assist with improving incident response processes that are aligned with the mission of the office of the CISO. The individual should be highly skilled, motivated and detail-oriented security professional to join our dynamic team. The ideal candidate will be responsible for leading and managing our Vulnerability Management program along with Incident Management, ensuring the protection of our organization's digital assets.

Key Responsibilities:

Vulnerability Management:

• Lead the design, implementation, and continuous improvement of the enterprise-wide vulnerability management program.
• External attack surface management and technical remediation
• Run Vulnerability red team exercises and simulation for risk prioritization
• Oversee vulnerability assessments, scanning, and remediation efforts across all systems, networks, and applications.
• Collaborate with IT, GTM and product SRE teams to prioritize and remediate vulnerabilities based on risk and business impact.
• Develop and maintain metrics and dashboards to track vulnerability trends and remediation progress.
• Ensure compliance with internal policies, industry standards, and regulatory requirements (e.g., ISO 27001, NIST, CIS).

Incident Management:

• Assist in the development and execution of the incident response plan and playbooks.
• Act as a key responder and advisor during cybersecurity incidents, ensuring timely containment, investigation, and recovery.
• Conduct post-incident reviews and root cause analyses to improve future response efforts.
• Provide guidance and training to internal teams on incident response best practices.

Skills and Qualifications

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• 10+ years of experience in cybersecurity, with a strong focus on vulnerability and incident management.
• Proven experience with vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7) and SIEM/SOAR platforms.
• Deep understanding of threat landscapes, attack vectors, and mitigation strategies.
• Strong knowledge of security frameworks and standards (e.g., NIST, MITRE ATT&CK, OWASP).
• Excellent analytical, communication, and leadership skills.

Preferred Certifications:

• CISSP, CISM, OSCP, CEH, or equivalent.
• GIAC certifications (e.g., GCIH, GCIA, GPEN) are a plus.

Offers of employment are conditional upon passage of screening criteria applicable to the job