Typical Day in the Role:
– Conduct threat risk assessments on technology assets, specifically applications. Verify security controls, provide suggestion on compensating controls, and advise stakeholders on security best practices
– Work with third and fourth parties to capture data inputs to the assessments, including the review of testing reports and summaries
– Experience with architecture documentation – ability to recognize and identify risks based upon application design or implementation plan
– Review and evaluate responses to security assessments, collect and validate supporting evidence
-Review security and technical design documentation
-Understand compensating and mitigating controls
– Identify risks and understand their impact
– Clearly and intelligently communicate findings to stakeholders
-Provide guidance to stakeholders regarding risks and corresponding actions necessary to remediate said risks
-Prepare and report results to stakeholders and management
-Understand regulatory requirements and how they apply to the evaluation/assessment of tooling or solution
-Understand the financial regulations that legislate and impact technology and security controls
– Work closely with stakeholders, including application owners and business lines to ensure risk remediation or acceptance is addressed
– Conduct security risk assessments for 3rd and 4th party applications, components, services
-Understand cloud infrastructure and cloud security controls
-Work closely with third party relationship managers to define security expectations and hold vendor accountable for risk mitigation or remediation plans
-Collaborate with IT business partners and team leads
Must Have Skills/Requirements:
1. IT Security Analyst or related cybersecurity background (2+ years of experience, but will consider recent university graduates with a degree in Cyber or Information Security)
2. Recent experience working directly on Cyber Risk Assessments ( 2+ years, or 1 recent project)
3. Experienced with GCP or related Cloud Platforms
4. Prior knowledge of security engineering/architecture
5. Proficiency in MS Office with extended knowledge in MS Excel – 3+ years
Nice to have Skills:
– CISA OR CISSP Certification
– An understanding and experience with security controls/mechanisms and risk assessment techniques pertaining to complex data, application, infrastructure and networking environments proven through recent experience or last project
– Recent relevant Financial Industry Experience
– Extensive knowledge of Financial regulations and regulatory requirements (NYDFS, FIECC, Federal Reserve, Treasury, CFTC, etc.)
-Experience with vulnerability management tools such as Tripwire or Tenable
-Ability to read and interpret vulnerability, host audit/configuration and code scanning (DAST/SAST) reports
Soft Skills:
– Excellent grammar and communications skills to coordinate with senior leadership (Director, VP level and up), as well as C-Suite of some of the third party vendors
– Comfortable putting together and presenting risk assessments to a wide range of individuals
– Candidate must have a natural curiosity and the ability to assess each situation separately
– Fast, adaptable learner who can hit the ground running
-Strong organizational skills
– Ability to manage assigned tasks and expectations without direct instruction or oversight
– Ability to work well under pressure while demonstrating strong professionalism
– Must be able to collaborate closely with teams and independently
-Must be accountable to meet individual deadlines without hand holding
Education : -Bachelors/ Masters degree in cyber security, computer science, or related IT field