Info Sec Audit and Risk Officer
SANDY-84090, UT, US
08/22/2020
-
Required Skills
security compliance frameworks
Company
Infinity Consulting Solutions, Inc
Experience
3 to 5 Year(s)
Job Description
Info Sec Audit and Risk Officer
SUMMARY
The Info Sec Manager is responsible for planning and implementing security measures to protect computer systems, networks and data.
This role is expected to stay up-to-date on the latest intelligence, including hackers' methodologies, in order to anticipate security breaches and help act upon those.
This role will also proactively plan for Business Continuity in the event of a disaster and conduct regular Disaster recovery tests to ensure compliance with legal/ compliance/ risk/ regulatory/ audit requirements
ESSENTIAL DUTIES AND RESPONSIBILITIES
Proactively monitor, identify, and analyze security risks to determine their impact on and relevance to the bank and accordingly plan to mitigate/ address those risks
Create and maintain a strategic roadmap of all Security enhancements needed for the bank to be in alignment with the NIST framework
Conduct research, analyze data, reach conclusions, provide options, weigh pros/ cons of options and make recommendations with any associated risks
Implement CyberSecurity tools firewalls, IDS/ IPS, SIEM Monitoring etc.
Evaluate related vendors and form strong working partnerships (both with vendors and internal stakeholders/ team members)
Conduct Social Engineering tests and prepare reports
Partner closely with other IT leaders and team members to support an environment which is safe for our
customer's and company's non-public data
In the event of a CyberSecurity breach, take charge and help lead the Incident Response plan per IR policy
Make compelling CyberSecurity presentations at the IT Steering Committee and at other leadership meetings
Partner with Vendor Management, Legal, Compliance, HR and all other internal departments as needed
Help conduct CyberSecurity tests (such as Penetration test, DR test) and help assess the overall
CyberSecurity posture of the bank on a regular basis
Train other team members on CyberSecurity tasks/ activities/ processes as needed
Assess validity and capability of risks and triage based on solid prioritization skills
Stay up to speed on the latest threats, risks, vulnerabilities as related to the bank and help act on the same
Synthesize data and findings with general trend research to provide threat/risk context for stakeholders
Research, quantify, categorize and communicate assessments of a variety of risks affecting the bank to
include but not limited to: 1) physical security and safety; 2) economic and business risk; 3) risk
associated with cyber related and information security threats
Draft and disseminate professionally written products to internal and external stakeholders
Maintain and Update Bank's Business Continuity/ DR Plan and related policies and procedures
Update and maintain all relevant Security policies and procedures
Support Internal and External Audits by providing any artifacts, data or activities needed for the same
Coordinate and document the bank's Business Continuity Plan testing process and tracking of any follow-up action items and documentation updates as required
Maintain, perform and update the bank's Cyber Security and IT Risk Assessment process and reporting to include tracking and management of any follow-up action items or process updates as required
Communicate effectively and tactfully with diverse groups of individuals at all levels of the company
MINIMUM QUALIFICATIONS
Bachelors Degree in Computer Science or Information Systems or 3-7 years equivalent experience is desired.
3-5 years of experience in a information security role, preferably with a financial services company or bank.
Understanding of FFIEC Data Security Standards and information security frameworks such as NIST.
Experience in performing information security risk assessments
Strong foundation in and in-depth technical knowledge of security engineering, computer and network security, authentication, and security controls.
Strong understanding of most of the following common security compliance frameworks, controls, and
best practices: (SSAE 16 - SOC 2 and 3), OWASP Top 10, SANS, NIST.
Critical Security Controls, regulations governing personally identifiable information (PII).
In-depth understanding of network and system security technology and practices across all major-computing areas.
Experience creating and updating relevant security policies and risk assessment documentation.
Risk Analyst
Information Technology
No Preference
FullTime Job
Other
1
Candidate Requirements
-
Bachelors
Walkin Information
-
8/18/2020
-
Recruiter Details
Doug Klares
1350 Broadway, Suite 2205,
NEW YORK-10018, NY
-