Information Security Specialist

ABOUT USG AND OUR DIGITAL CUSTOMER EXPERIENCE JOURNEY

Capability transformation

USG is evolving its digital customer experience and translating the objective of being easiest to do business with into a sustainable technology roadmap. The digital transformation includes upgrading our technology stack and augmenting our teams, developing new digital platforms, and integrating a best-in-class eCommerce operating model to deliver exceptional customer experience from design planning to order delivery. The digital services are based on to be improved data and process models and will be provided for all our customers in the US, Canada, and LATAM.

ROLE SUMMARY

The Information Security Specialist will be a key role in the USG IT information security team, fully supporting USG’s digital transformation effort and is responsible for supporting the business transformation roadmap while ensuring USG’s IT security standards for safeguarding the environment, data, ensuring compliance with regulations, and protecting against security threats. They must ensure security controls are maintained and respond to cybersecurity risks or incidents.

USG offers a hybrid workplace. The office location is Chicago, IL. Minimal travel may be required.

DEFINITION OF THE TEAM

USG’s IT Security team is responsible for safeguarding the company's digital assets and ensuring the confidentiality, integrity, and availability of information. The team's primary responsibility is to develop and implement comprehensive security policies, procedures, and controls that align with the overall enterprise security strategy and standards to protect our assets and operations.

This team fosters a secure digital environment that supports the organization's operations, enhances trust with stakeholders, and drives business continuity through effective risk management and incident response. The IT Security team collaborates closely with various departments to understand their business needs and design security solutions that meet those requirements effectively while protecting USG. The team's work is critical to the success of the organization, as it enables secure business operations and supports the overall business strategy.

This IT security role will be dedicated to supporting our Customer Experience organization and our digital platforms. USG is evolving its digital customer experience and translating the objective of being easiest to do business with into a sustainable technology roadmap. The digital transformation includes upgrading our technology stack and augmenting our teams, developing new digital platforms, and integrating a best-in-class eCommerce operating model to deliver exceptional customer experience from design planning to order delivery. The digital services are based on to be

improved data and process models and will be provided for all our customers in the US, Canada, and LATAM.

KEY ACCOUNTABILITIES AND RESPONSIBILITIES

· Assessing application security: Responsible for reviewing proposed new systems, networks, and software designs for potential security risks, recommending mitigation or countermeasures, and resolving integration issues related to the implementation of new systems within the existing infrastructure

· Support security strategy: Develop and manage an enterprise-wide security strategy, and communicate performance to key stakeholders

· Ensuring compliance and security: Ensure data systems comply with relevant regulations and security standards. Develop measures to protect data privacy and ensure the security of data pipelines and analytics infrastructure

· Risk assessment: Lead cybersecurity risk assessments and mitigation efforts, and oversee incident management and response planning

· Collaboration and communication: Collaborate with cross-functional teams, especially within customer experience teams of USG, including IT, data science, and business units of customer experience teams, to mitigate risk. Guide engineering teams in making informed security decisions on infrastructure, systems, and applications design

*Midpoint may be adjusted based on the skills and qualifications of the selected candidate.

KEY QUALIFICATIONS

Education

Bachelor’s degree in Computer Science, Information Technology, Cyber Security, or a related field

Relevant certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)

Required Skills

· 7+ years experience in information security and risk management

· In-depth knowledge of IT security frameworks and regulations such as ISO 27001, NIST, and GDPR

· Understanding CASB, CSPM and CWPP tools; knowledge of cloud security frameworks, standards and best practices; and working with cloud IAM and IaaS, PaaS and SaaS native security capabilities. Understand how business architecture affects cloud security, and manage relationships with business teams using cloud so that you can plan for upcoming requirements.

· Deep understanding of API security principles, technologies, and best practices. (e.g. OAuth, OpenID, REST, SOAP, GraphQL) Define and execute the product vision and strategy for API security, aligning with our business goals and customer needs. Document and evangelize secure API design patterns.

· Must be proficient in one or more scripting languages such as Python, PowerShell, Bash, etc.

· Proficiency in security tools and products, including firewalls, IDS/IPS, SIEM, and vulnerability scanning

· Ability to translate technical security risks into clear, concise, nontechnical terms

· Excellent problem-solving skills to address security challenges

· Strong collaboration skills with the ability to work effectively with cross-functional teams, including IT, data science, and business units of customer experience teams

· Excellent technical documentation and reporting skills

· Strong ethical standards and integrity

Preferred Skills

· Knowledge of machine learning in anomaly identification and user behavior analytics

· Experience with security standards for cloud applications including in the implementation of digital solutions

· Experience with network security design and implementation, penetration testing, and vulnerability assessment tools

· Experience in overseeing or implementing automation in security engineering

Rate of pay may be adjusted based on the qualifications and experience of the candidate.

USG employees enjoy a number of benefit options for themselves and their families. These include two medical insurance options, as well as vision and dental coverage. The cost of these optional programs varies based on coverage level - employees generally pay 25% of the monthly premium cost, USG pays the rest. These coverage options are offered on the first day of employment with no waiting period.

Additionally, USG employees enjoy both a 401(k) Investment Plan with company match and a pension plan. Beyond these main features, employees may also choose from a number of additional programs like life insurance, accident insurance, legal insurance, even pet insurance, just to name a few. USG also offers Quarterly (hourly) / Annual (salary) bonus potential for all employees based on performance metrics tied to safety, quality, and productivity.  USG also provides employees with paid time off and paid holidays.

Since 1902, Chicago-based USG has been a leader in producing innovative, award-winning products and systems to build everything from major commercial developments and residential housing to home improvements. USG's employees are committed to the highest levels of customer satisfaction and quality in everything we do. Our steadfast commitment to the company's core business values – innovation, quality, integrity, service, diversity, efficiency and safety – have helped us become the company we are today.

 EOE including disability/veteran