Typical Day in the Role:
– Conduct threat risk assessments on technology assets, specifically applications. Verify security controls, provide suggestion on compensating controls, and advise stakeholders on security best practices
– Work with third and fourth parties to capture data inputs to the assessments, including the review of testing reports and summaries
– Experience with architecture documentation – ability to recognize and identify risks based upon application design or implementation plan
– Review and evaluate responses to security assessments, collect and validate supporting evidence
-Review security and technical design documentation
-Understand compensating and mitigating controls
– Identify risks and understand their impact
– Clearly and intelligently communicate findings to stakeholders
-Provide guidance to stakeholders regarding risks and corresponding actions necessary to remediate said risks
-Prepare and report results to stakeholders and management
-Understand regulatory requirements and how they apply to the evaluation/assessment of tooling or solution
– Understand financial regulations that legislate and impact technology and security controls
– Work closely with stakeholders, including application owners and business lines to ensure risk remediation or acceptance is addressed
– Conduct security risk assessments for 3rd and 4th party applications, components, services
-Understand cloud infrastructure and cloud security controls
-Work closely with third party relationship managers to define security expectations and hold vendor accountable for risk mitigation or remediation plans
-Collaborate with IT business partners and team leads
Must Have Skills/Requirements:
1. IT Security Analyst or related cybersecurity background (2+ years of experience, but will consider recent university graduates with a degree in Cyber or Information Security)
2. Recent experience working directly on Cyber Risk Assessments ( 2+ years, or 1 recent project)
3. An understanding and experience with security controls/mechanisms and risk assessment techniques pertaining to complex data, application, infrastructure and networking environments proven through recent experience or last project
4. Proficiency in MS Office with extended knowledge in MS Excel ed) – 3+ years
Nice to have Skills:
– CISA OR CISSP Certification
– Recent relevant Financial Industry Experience
– Extensive knowledge of Financial regulations and regulatory requirements (NYDFS, FIECC, Federal Reserve, Treasury, CFTC, etc.)
-Experience with vulnerability management tools such as Tripwire or Tenable
-Ability to read and interpret vulnerability, host audit/configuration and code scanning (DAST/SAST) reports
Soft Skills:
– Excellent grammar and communications skills to coordinate with senior leadership (Director, VP level and up), as well as C-Suite of some of the third party vendors
– Comfortable putting together and presenting risk assessments to a wide range of individuals
– Candidate must have a natural curiosity and the ability to assess each situation separately
– Fast, adaptable learner who can hit the ground running
-Strong organizational skills
– Ability to manage assigned tasks and expectations without direct instruction or oversight
– Ability to work well under pressure while demonstrating strong professionalism
– Must be able to collaborate closely with teams and independently
-Must be accountable to meet individual deadlines without hand holding
Education : – Bachelors/ Masters degree in cyber security, computer science, or related IT field