Candidate will have 5+ years IT experience performing security assessments of both internally developed and hosted systems, as well as third party vendor hosted and supported systems. The security analyst will provide infrastructure and security related scorecards and status reports to senior management. The position will also be responsible for various infrastructure and security related compliance issues, including desktop and server settings and patch management.
Experience should include security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing. CISSP, GIAC, or other security certifications desired. Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis.
SKILLS/EXPERIENCE REQUIRED: :
Technical writing and executive communication skills and the ability to interact with senior IT leaders.
Familiarity with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, GLBA, PCI, FFIEC guidelines.
Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Analytical skills to analyze regulatory requirements and relate them to appropriate IT controls.
Experience in IT risk management processes and applicable IT process/risk/control frameworks (ITIL, COBIT, ISO 27001, etc.)
Project management skills and experience in creating and managing project plans, including budgeting and resource allocation.
Experience in system technology security testing (vulnerability scanning and penetration testing).
Understanding of the threat and risk landscape globally and across the financial services industry
Understanding of the IT risks inherent to a global financial services organization