Senior Information Security Analyst
Location: Jersey City
Posted on: March 27, 2020
Direct Hire Role Assist in the ongoing development and
implementation of the Technology Risk Oversight Program as part of
client overall Strategic, Operational Risk Compliance program.
Blend and utilize organizational, technical, business, and cyber
security skill-sets. Education Bachelor s Degree in Information
Systems, Computer Science or related field. Post graduate degree a
plus or equivalent work experience. Related security, technical,
andor risk professional certifications desired (e.g., CRISC, CISA,
CISM, CGEIT, CSX-P, CCSK v4, CISSP, SANS, AWS, etc.). Skills Solid
understanding of IT risk management concepts and practices Solid
understanding of common risk and information security management
frameworks andor programs such as COBIT 2019, NIST, CIS, ISOIEC
27000 standards, FedRAMP, FFIEC Proficient understanding of cyber
security, technology operations (i.e., client server, LAN, UNIX,
Windows, DB2, Oracle, SQL, VMWare, firewalls, cloud computing)
Expert industry and technical awareness to identify technology
opportunities and align these to the business needs Ability to
create partnerships at all levels of the Bank Experience Minimum 6+
years experience which may include a combination of IT security,
infrastructure, cloud, architecture, data, IT riskcompliance, or IT
governance. Past participation in either initial certification
andor renewal of ISOIEC 27001, SOC 2SSAE18, etc. Experience
operatingsecuringassessing one of the following areas such as
network security, identity access management, vulnerability
management, cloud security, penetration testing, or encryption
management. Experience working with results generated from
vulnerability assessments, penetration tests, threat modeling, and
secure code reviews. Experience with various IT focused security
risk assessments or technical assessments (e.g. related to cloud,
network, systems, infrastructure, mobile, and web
projectsinitiatives). Experience analyzing complex technical
systems and the business processes they support synthesize the
corresponding risks and controls and recommending security
solutions and remediation. Experience analyzing data from various
sources to identify trends, emerging risks and key insights.
Experience in defining, developing, implementing, and monitoring
KRIs and KPIs. Experience coordinating with risk or audit on IT
focused audits or risk assurance projects. Experience with the
financial services industry and banking a plus Experience with
technology risk management a plus. Essential Duties Participate in
projects and initiatives to bring a pro-active technology risk
management focus by utilizing industry best practices. Develop a
technology risk methodology for risk ranking the Bank s assets
according to business impact (i.e., hardware, software, associated
data and supporting capabilities). Maintain an up-to-date
understanding of internal and external emerging risks identify
potential threats and vulnerabilities to the Bank s assets to
assist in the evaluation of technology risk. Provide advice on how
to meet technology focused regulatory obligations and assess the
impact of proposed regulations through the evaluation of regulatory
developments as well as implementation of required controls.
Collaborate with IT to perform Maturity Assessments for the Bank s
technology risk drivers (e.g., Information Security, IT Strategy,
Project Management, etc.) and identify improvement opportunities.
Investigate and evaluate technology related operational incidents.
This includes assessing the breakdowns and identifying
opportunities for internal control improvement. Build and analyze
the IT Risk Register, Controls Inventory, and Response Register.
Work on special and or ad-hoc projects as assigned via the
Technology Risk Working Group of the Operational Risk Committee
(e.g., Governance standards on Asset Management, etc.).
Keywords: Comrise, Jersey City , Senior Information Security Analyst, IT / Software / Systems , Jersey City, New Jersey
Didn't find what you're looking for? Search again!