Previous Job
Previous
Sr. Information Security Analyst
Ref No.: 18-00142
Location: Manhattan, New York
Position Type:Direct Placement
Experience Level: 5 Years
Start Date: 02/12/2016
Pay Rate : $ 120,000.00 - 125,000.00 /Year
Sr. Information Security Analyst (Risk Management)
Location: Manhattan, NY
Salary: 115-125K+ 7-8%


Skills:
  • Preferably within a financial services environment, knowledge and experience with documenting and formalizing the security risks and controls surrounding enterprise data centers, network technologies, virtualization, unified communication, and mobility.
  • Knowledge of enterprise control structure architecture and aligning security architecture controls, processes, and tools within that enterprise framework.
  • Ability to lead and provide project oversight.
  • Strong communication skills to support the development of deliverables to the Board of Directors and for all levels of Bank management and staff.

Experience:
  • Five plus years experience in security policy development or broad security operations management, and in developing and managing a security governance program. Security policy and architectural project management or security auditing background may be considered.
  • Five plus years experience in successful security incident monitoring and breach response management.

Function:
  • Oversee the efforts of information security professionals in all aspects of information security and physical security for the Bank. This covers policy, strategy, administration, governance, monitoring, compliance, guidelines, and standards.
  • Develop and maintain a comprehensive enterprise wide Information Security Program for the Bank.
  • Proactively promote the enhancement of information protection through the identification of risk themes by working collaboratively with all areas of the Bank.

Essential Duties:
  • Ensure information is protected across the Bank and that effective information security programs, strategies, practices, processes and systems are in place and functioning as required.
  • Independently verify and observe operational performance in a broad oversight perspective for information security, physical security, and all matters of cyber risk across the Bank and carry out any special investigative requirements.
    • Monitor industry threat feeds and news. Document an appropriate analysis. Cover applicability, prior actions to address, response planned, threat environment, and escalate as needed.
    • Perform periodic department tasks, documenting the activity and results. Such items may include the review of significant applications' password settings, protection of privacy information, and third-party security assessment reviews.
    • Review the vulnerability scan results for aging patch application. Analyze and escalate as needed.
    • Assist with the security risk assessment. Perform focused risk assessments as assigned.
  • Assist in other departmental duties as necessary:
    • As assigned, guide business unit staff to ensure that their performance is within current exposure tolerances.
    • When assigned, provide security perspective on Bank projects during Project Gate Reviews when required and upon request. Be able to draft the ISO assessment of the project with assistance.
    • As assigned, guide IT operational security unit staff to ensure that their performance is within current exposure tolerances.
    • Assist in the security incident response management process at the Bank: help manage the oversight of incident response, and the control of information events.
    • Help prepare reports for the CEO and senior management on information security, information protection, and information risk matters.
    • Help define the Bank's information security program, policy, and standards. As assigned, guide operational areas across the Bank on procedures, guidelines, and instructions to support the Bank's policy and standards.
  • Guide the planning of information security projects and annual budget.
    • Monitor security systems for intrusion events. This is to be done with the goal of identifying themes in the events observed, ensuring the escalation of incidents, and answering questions that arise through oversight of how the Bank's security efforts are functioning.
    • .Assist, in the review of security related software and hardware, recommend solutions, and review contracts.
  • Assist in developing specific modules, documents, white papers, and other artifacts that help:
    • Articulate the choices of the Bank relative to information protection.
    • Document what is secured and how we do the protection.
    • Advise and alert all Bank employees on information security matters.
  • Gather the data to support the proper reporting of security measures and metrics. With guidance, draft reports that highlight these metrics.
  • Assist with audits and examinations regarding information security and controls.
  • Help manage the independent security review process: vendor selection, fieldwork
  • Perform special tasks as assigned by the Director of, or a manager in, the Information Security Office.
Other Duties:
  • Participate in scheduled security events when approved.
  • With approval, attend security conferences and industry trade shows.
  • With approval, participate in roundtables, panels, or independent presentations at security industry events in order to obtain feedback on practical application of security.
  • Maintain appropriate professional associations and certifications for the purpose of keeping abreast of security trends, issues, solutions, events, emerging threats, and having a perspective on the relevant industry advances.
  • Serve on Bank committees, teams, and efforts as assigned.
Education:
Bachelor's degree required. Professional experience considered in lieu of education. Strongly preferred: CISSP certification, or other security certification.