Job Details

Info Sec Audit and Risk Officer

SANDY-84090, UT, US
08/22/2020

-


Required Skills

    security compliance frameworks
Company

Infinity Consulting Solutions, Inc

Experience

3 to 5 Year(s)

Job Description

Info Sec Audit and Risk Officer

SUMMARY

The Info Sec Manager is responsible for planning and implementing security measures to protect computer systems, networks and data.

This role is expected to stay up-to-date on the latest intelligence, including hackers' methodologies, in order to anticipate security breaches and help act upon those.

This role will also proactively plan for Business Continuity in the event of a disaster and conduct regular Disaster recovery tests to ensure compliance with legal/ compliance/ risk/ regulatory/ audit requirements

ESSENTIAL DUTIES AND RESPONSIBILITIES

Proactively monitor, identify, and analyze security risks to determine their impact on and relevance to the bank and accordingly plan to mitigate/ address those risks

Create and maintain a strategic roadmap of all Security enhancements needed for the bank to be in alignment with the NIST framework

Conduct research, analyze data, reach conclusions, provide options, weigh pros/ cons of options and make recommendations with any associated risks

Implement CyberSecurity tools firewalls, IDS/ IPS, SIEM Monitoring etc.

Evaluate related vendors and form strong working partnerships (both with vendors and internal stakeholders/ team members)

Conduct Social Engineering tests and prepare reports

Partner closely with other IT leaders and team members to support an environment which is safe for our
customer's and company's non-public data

In the event of a CyberSecurity breach, take charge and help lead the Incident Response plan per IR policy

Make compelling CyberSecurity presentations at the IT Steering Committee and at other leadership meetings

Partner with Vendor Management, Legal, Compliance, HR and all other internal departments as needed

Help conduct CyberSecurity tests (such as Penetration test, DR test) and help assess the overall
CyberSecurity posture of the bank on a regular basis

Train other team members on CyberSecurity tasks/ activities/ processes as needed

Assess validity and capability of risks and triage based on solid prioritization skills
Stay up to speed on the latest threats, risks, vulnerabilities as related to the bank and help act on the same

Synthesize data and findings with general trend research to provide threat/risk context for stakeholders

Research, quantify, categorize and communicate assessments of a variety of risks affecting the bank to
include but not limited to: 1) physical security and safety; 2) economic and business risk; 3) risk
associated with cyber related and information security threats

Draft and disseminate professionally written products to internal and external stakeholders

Maintain and Update Bank's Business Continuity/ DR Plan and related policies and procedures

Update and maintain all relevant Security policies and procedures

Support Internal and External Audits by providing any artifacts, data or activities needed for the same

Coordinate and document the bank's Business Continuity Plan testing process and tracking of any follow-up action items and documentation updates as required

Maintain, perform and update the bank's Cyber Security and IT Risk Assessment process and reporting to include tracking and management of any follow-up action items or process updates as required

Communicate effectively and tactfully with diverse groups of individuals at all levels of the company

MINIMUM QUALIFICATIONS

Bachelors Degree in Computer Science or Information Systems or 3-7 years equivalent experience is desired.

3-5 years of experience in a information security role, preferably with a financial services company or bank.

Understanding of FFIEC Data Security Standards and information security frameworks such as NIST.

Experience in performing information security risk assessments

Strong foundation in and in-depth technical knowledge of security engineering, computer and network security, authentication, and security controls.

Strong understanding of most of the following common security compliance frameworks, controls, and
best practices: (SSAE 16 - SOC 2 and 3), OWASP Top 10, SANS, NIST.

Critical Security Controls, regulations governing personally identifiable information (PII).

In-depth understanding of network and system security technology and practices across all major-computing areas.

Experience creating and updating relevant security policies and risk assessment documentation.


Risk Analyst
Information Technology

No Preference
FullTime Job
Other
1

Candidate Requirements
-
Bachelors

Walkin Information
-
8/18/2020
-

Recruiter Details
Doug Klares
1350 Broadway, Suite 2205, NEW YORK-10018, NY
-