Let’s be #BrilliantTogether
Overview
This role is responsible for supporting the information security agenda for ISS. The role’s primary focus is protecting the Firm’s information security interests, leveraging ISS’ security tools and applications with a secondary focus on Information Security audit and compliance. As part of the Information Security Office, this role will work closely with technology functions to identify areas of improvement and supporting initiatives to promote information security within the organization.
Responsibilities
Gain/leverage familiarization with, and perform administration for, ISS’ Security Tools and Technologies such as:
Intrusion Prevention Systems – Both Network and Host-based
Internet protection and filtering
Email Protection
Endpoint anti-malware and protection
Security Information and Event Manager
Endpoint/Extended detection and response
Security Reporting and Metrics
Operational Activities
Administer SPAM protection utilities contained within the Email Gateway; configure sender and domain blacklists, maintain tracking for all reported emails.
Administer Web Gateway (Internet protection); manage whitelist modifications, reporting and metrics.
Coordinate and perform reporting and monitoring functions on the Security Information and Event Manager (SIEM) in place within the ISS enterprise.
Create security baselines for workstation, desktops, network devices and database technologies. Audit assets for adherence with the documented baselines.
Monitor security vulnerability repositories and relevant security news websites for relevant bugs and news items.
Coordinate appropriate evaluations of the local business continuity plans from a security and compliance perspective.
Monitor physical security alerts; responding and escalating as appropriate.
Monitor CCTV alerts; responding and escalating as appropriate.
Security audit and compliance
Assisting with the monitoring, maintaining and measuring of compliance with industry standards, certifications and internal controls.
Operational activities including coordinating, reporting, and monitoring functions using ISS security tools and technologies as needed.
Help maintain documentation of work processes and institutional knowledge in a centralized, web-based database.
Flexible working hours: Ability to adapt working hours to accommodate global client ecosystem as required.
Other duties as assigned to improve security posture within the Firm.
Qualifications
Good and relevant IT degree(s).
Must have at least 7-10 years of relevant Information Security/Cybersecurity experience including establishing and monitoring information security controls.
Must have CompTIA+ certification.
Certification(s) such as CISSP, CISA, CISM, Cloud+, CASP+.
Experience with Trellix, SkyHigh & Microsoft security tools.
Required to have knowledge of ISO 27001, SOC, SSAE or other compliance standards.
Desired Skills
Excellent verbal and written communication skills. Must be able to interact and coordinate work efficiently and effectively with clients and ISS personnel in locations around the globe.
Proven, strong Technical Writing capability – be prepared to provide and/or discuss samples.
Strong administrative skills, with effectiveness in developing tasks and managing time and resources to achieve target dates.
Must be a productive (and/or proactive) team player.
Strong general computer skills (Microsoft Word, Excel, PowerPoint, Outlook, etc.).
Fast learner, able to master new concepts, theories, ideas and processes with ease.
Have strong analytical, organizational, and decision-making skills.
Proven process-oriented skills.
Demonstrated troubleshooting, follow-through, and critical-thinking skills.
Have a high-level of risk intelligence and security awareness.
#MIDSENIOR
#INFOSEC
#LI-RG1
#LI-MJ1
What you can expect from us
Our people are the moving force behind ISS. We are dedicated to hiring the best, most talented people in our industry and empowering them with the resources and support to enhance their career, health, financial and personal well-being.
We are committed to fostering, cultivating, and preserving a culture of diversity and inclusion. We are invested in our people and are working every day to ensure a diverse, equitable, and inclusive workplace.
Let’s empower, collaborate, and inspire one another.
Let’s be #BrilliantTogether.
About ISS
ISS empowers investors and companies to build for long-term and sustainable growth by providing high-quality data, analytics, and insight. We are committed to positively impacting the environment and society through our market-leading solutions and leading by example.
Visit our website: https://www.issgovernance.com
View additional open roles: https://www.issgovernance.com/join-the-iss-team/
Institutional Shareholder Services (“ISS”) is committed to fostering, cultivating, and preserving a culture of diversity and inclusion. It is our policy to prohibit discrimination or harassment against any applicant or employee on the basis of race, color, ethnicity, creed, religion, sex, age, height, weight, citizenship status, national origin, social origin, sexual orientation, gender identity or gender expression, pregnancy status, marital status, familial status, mental or physical disability, veteran status, military service or status, genetic information, or any other characteristic protected by law (referred to as “protected status”). All activities including, but not limited to, recruiting and hiring, recruitment advertising, promotions, performance appraisals, training, job assignments, compensation, demotions, transfers, terminations (including layoffs), benefits, and other terms, conditions, and privileges of employment, are and will be administered on a non-discriminatory basis, consistent with all applicable federal, state, and local requirements.