23 Jan
Senior Information Security Risk Analyst
Vacancy expired!
- Provides oversight and governance of the organization’s Information Security/Cyber Security Program and communicates progress and issues to the Sr. Management;
- Initiates and develops innovative concepts to solve complex challenges with little or no precedent; creates new opportunities to enable the use of new solutions. Serves as a consultant to disseminate specialist information security knowledge and provide conceptual guidance to other senior and high-level technical experts.
- Develop and implement effective Threat and Vulnerability Management program;
- Research and investigate new and emerging vulnerabilities, to include 0 Day events, and participate in external security communities;
- Develop an externally focused view of the evolving threats facing organization;
- Promote awareness of applicable regulatory standards, upstream risks and industry best practices across the organization.
- Responsible to integrate & manage feeds from application security tools, vulnerability scans & penetration testing tools into the company's Governance, Risk and Compliance platform.
- Assist in all internal and external audits, and regulatory examinations.
- Assist in development and implementation of policies, procedures, standards that meet existing and newly developed policies and regulatory mandates including privacy regulations such as GDPR, CCPA etc.
- Serve as project manager/lead within IT security projects.
- Examine systems and procedures to identify potential adverse events, including but not limited to hardware and software crashes, physical disasters, malicious intruders, malware, denial of service attacks and employee misconduct.
- Identify risks which might occur;
- Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks;
- Continuously evaluate communication security, data vulnerability, business continuity and compliance risks;
- Identify vulnerabilities or weaknesses in systems;
- Examine employee compliance with security controls and deficiencies;
- Evaluate security policy, processes and procedures for completeness;
- Ensure that controls are adequate to protect sensitive information systems;
- Report to management on IT system vulnerability and protection against malware and hackers;
- Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk;
- Provide mitigation/ damage reduction proposals with cost justification.
- Assist in identifying breaches in organization’s security or tracking the source of an unauthorized intrusion.
- Identify defensive steps to take, including necessary firewalls, security software and data encryption;
- Recommend all infrastructure and applications patching and remediation be done;
- Recommend improvements in network security, identity management and logging.
- Monitor and advise on information security issues related to the systems to ensure the security controls are appropriate and operating as intended.
- Conduct organization wide data classification assessment & security audits and manage remediation plans.
- Create, manage and maintain user security awareness.
- Develop and maintain security operating procedures and associated documentation.
- Identify inefficiencies and make suggestions for process improvements.
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Enhances department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.
- Perform semi-annual user access and entitlement reviews.
- Perform quarterly reviews and recertification’s of Privileged Accounts.
- Manage enterprise asset management initiative
- Should have proven experience in: project & program related communication & tasks, managing multiple projects & tasks at once, being productive while balancing a task list that can vary from highly interactive to very little interaction.
- Ability to work efficiently, making sound decisions while meeting time sensitive deadlines
- Superior organizational and time management skills
- Self-motivated and able to prioritize tasks based on business requirements
- Strong analytical and problem solving skills.
- Strong leadership and teambuilding skills.
- Self-motivated and detail-oriented.
- Creative thinking and troubleshooting.
- Excellent communication (oral and written), interpersonal, organizational, and presentation and listening skills.
- Strong deductive reasoning, critical thinking, problem solving, and prioritization skills
- Ability to work in a fast-paced, support team environment
- Ability to follow detailed process and procedure documentation
- Ability to present complex solutions and methods to general community
- Strong team player who collaborates well with others to solve problems
- 10+ years of progressive experience in Information Security with a proven ability to engage with Senior Management and Regulators
- 7+ years working in IT Risk Management
- Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
- Preferred: Knowledge of well-known standards and frameworks (e.g. ISO 27002, NIST Cybersecurity Framework, COBIT, COSO), rules and regulations related to information/cybersecurity (e.g. SOX, DFS, FRB, and FFIEC etc.)
- Preferred: 7+ years’ experience in conducting IT Compliance Assessments (e.g. SOX, DFS, FFIEC, DFS, ISO)
- Preferred: 7+ years’ experience in administrating IT Security Controls in an organization
- Preferred: 7+ years’ experience in performing security reviews and risk assessments
- Solid understanding of networking concepts
- Solid understanding of operating system security concepts
- Understanding of malware, emerging threats, attacks, and vulnerability management
- Experience assisting the development and maintenance of tools, procedure, and documentation
- Prior experience working within a financial service organization preferred.
- Required: Bachelor’s Degree from a four-year college or university in Engineering, Business Administration, Computer Science, Management Information Systems, Information Security.
- Required: CISSP, CISA, CRISC
- Optional: CSSLP, CISM, CEH
Vacancy expired!