18 MayWe are seeking a Cyber Software Security Expert for a permanent position with our financial client in NYC. This group is responsible for developing, executing and maintaining a superior information security program that promotes resiliency by identifying and mitigating cyber risks and threats through risk-based consultation, advice, and direction for controls, designs, and investments for the entire Bank. Your role as as Cyber Software Security Expert:
- Design, develop and execute software security practices and strategy by building and maintaining security policies for tooling (SAST, DAST, OSS, IAST) to increase effectiveness and reduce false positive; promote, and build procedures for the security champions in the Agile squads; and, bring IS policy and standard expertise into the Agile Scrum squads.
- Experienced in conducting and reviewing results from software security technical testing tools to identify vulnerabilities and contextualize business impact of cyber risks respectively.
- Design, develop and execute NIST based cyber risk assessments practices and strategy by building and maintaining industry risk-based risk management practices.
- Identify, measure, monitor, report on security risks within the information technology domain, and assess the adequacy of controls including information security, cyber security, software security practices and mitigations practices for technical vulnerabilities.
- Overall, 7 years plus on enterprise cyber risk assessment and management and software security practices or equivalent experiences
- Possession of or the ability to obtain and maintain National Security Clearance, which includes U.S. Citizenship
- Understanding of risk management and control frameworks (NIST 800-53) and industry best practices. Understanding of vulnerability risk impact on key objectives and critical processes; ability to link risk management programs and initiatives to inform critical business strategies and processes
- Knowledge of and experience implementing industry standards, frameworks, and best practices in cyber risk management programs, practices, and processes inclusive of risk identification, analysis, response, communication, monitoring and escalation.