Senior IS Controls Specialist
Typical Day in Role:
• Reporting to the Senior Manager, Cyber Technology Assessment & Effectiveness, the Senior IS Controls Specialist will work as part of Cyber Automation & Defense (CAD) team
• Analyze security exposures and identify the remedial and compensating factors in the organization’s network.
• Advise on appropriate implementation of compensating controls including priority and success criteria.
• Work with other technology and security teams to implement controls needed to close exposures.
Candidate Requirements/Must-Have skills:
1. 5+ years of technical working experience in management of threats and industry
2. 5+ years of technical working experience with security controls/mechanisms (or equivalent knowledge)
3. You have used industry leading productivity tools to produce quantitative/qualitative reports, data flow diagrams & visual presentations.
4. You have understanding of and can apply framework methodology for pattern and behavior-based content development (MITRE ATT&CK, Pyramid of Pain)
5. You have built custom reporting of mitigation status against threats
6. You have experience involving red team (Vulnerability Assessments, Web app assessments), consulting (Compliance, policy creation), SOC and Device Management
• Spanish speaking is an asset
• Previous exposure to the banking industry/financial services
• Certifications (CISSP, CISM, CCSP, CRISC)
• You have built a security program to defend against APT
• You have sized, deployed, maintained, and hardened SIEM and NGFW solutions
• Excellent written, presentation, and verbal communication skills to be able to work well with technical peers and business stakeholders at different levels within the organization.
• Strong decision making, forward thinking and creative problem-solving skills to anticipate and respond quickly to technological/market influences.
• Ability to work as part of a team, as well as work independently or with minimal direction.
• Post-secondary degree in a technical field such as computer science, computer engineering or related IT field required