IT Security analyst

Story Behind the Need: Business Group: The US Information Security Team is sourcing one (1) IT Security Analyst to assist with the completion of security Threat Risk Assessments (TRAs) for the US application technology landscape. An additional resource is necessary due to increased workload, competing regulatory projects, and the need to keep all BAU work and upcoming projects on track. We are seeking self-starters who can immediately contribute to the threat risk assessment process, security advisory services including support for regulatory requirements and projects. Candidate Value Proposition: In addition to gaining experience with a top global bank, successful candidate(s) with outstanding performance and skills will have the opportunity to be converted to full time employment, assuming the budget allows. Typical Day in the Role: - Conduct threat risk assessments on technology assets, specifically applications. Verify security controls, provide suggestion on compensating controls, and advise stakeholders on security best practices - Work with third and fourth parties to capture data inputs to the assessments, including the review of testing reports and summaries - Experience with architecture documentation – ability to recognize and identify risks based upon application design or implementation plan - Review and evaluate responses to security assessments, collect and validate supporting evidence -Review security and technical design documentation -Understand compensating and mitigating controls - Identify risks and understand their impact - Clearly and intelligently communicate findings to stakeholders -Provide guidance to stakeholders regarding risks and corresponding actions necessary to remediate said risks -Prepare and report results to stakeholders and management -Understand regulatory requirements and how they apply to the evaluation/assessment of tooling or solution -Understand the financial regulations that legislate and impact technology and security controls - Work closely with stakeholders, including application owners and business lines to ensure risk remediation or acceptance is addressed - Conduct security risk assessments for 3rd and 4th party applications, components, services -Understand cloud infrastructure and cloud security controls -Work closely with third party relationship managers to define security expectations and hold vendor accountable for risk mitigation or remediation plans -Collaborate with IT business partners and team leads Must Have Skills/Requirements: 1. IT Security Analyst or related cybersecurity background (2+ years of experience, but will consider recent university graduates with a degree in Cyber or Information Security) 2. Recent experience working directly on Cyber Risk Assessments ( 2+ years, or 1 recent project) 3. Experienced with GCP or related Cloud Platforms 4. Prior knowledge of security engineering/architecture 5. Proficiency in MS Office with extended knowledge in MS Excel – 3+ years Nice to have Skills: - CISA OR CISSP Certification - An understanding and experience with security controls/mechanisms and risk assessment techniques pertaining to complex data, application, infrastructure and networking environments proven through recent experience or last project - Recent relevant Financial Industry Experience - Extensive knowledge of Financial regulations and regulatory requirements (NYDFS, FIECC, Federal Reserve, Treasury, CFTC, etc.) -Experience with vulnerability management tools such as Tripwire or Tenable -Ability to read and interpret vulnerability, host audit/configuration and code scanning (DAST/SAST) reports and Soft Skills: - Excellent grammar and communications skills to coordinate with senior leadership (Director, VP level and up), as well as C-Suite of some of the third party vendors - Comfortable putting together and presenting risk assessments to a wide range of individuals - Candidate must have a natural curiosity and the ability to assess each situation separately - Fast, adaptable learner who can hit the ground running -Strong organizational skills - Ability to manage assigned tasks and expectations without direct instruction or oversight - Ability to work well under pressure while demonstrating strong professionalism - Must be able to collaborate closely with teams and independently -Must be accountable to meet individual deadlines without hand holding Education : -Bachelors/ Masters degree in cyber security, computer science, or related IT field Interview Process: 1-step process – Panel Video Interview with Sr. Manager (hiring manager) and 3 other team members -Interviews to take place ASAP Job 70766