Job Description :
Provide thorough knowledge and understanding in: computer networks, cloud and mobile devices, application architectures, databases and security products.
Create and review security metrics with the CISO to measure security effectiveness of the Bank''s security program.
Engage with IT to ensure non-compliant items are addressed in timely matter.
Work with the relevant internal IT Infrastructure, Help Desk Support and Development teams to ensure that security controls are implemented at all significant and relevant phases of all IT processes.
Ensure that the IT systems are compliant with applicable regulations, policies, and industry guidance such as SANS Top 20, OWASP Top 10, ISO 27001, NIST 800-53 and CIS Security Benchmarks. Where gaps are identified, assist in planning and implementation of controls.
Review security event log data and investigate anomalies.
Perform testing to evaluate new products system security controls.
Manage security related events and tracking of remediation process.
Respond to, and where appropriate, resolve or escalate reported security incidents.
Participate in IT projects and champion Information Security throughout the organization.
Design, implement and support information security solutions including security architectures, change/configuration management, and the integration of security products as needed.
Design, manage, and troubleshoot security monitoring agents on information systems.
Design, manage, support, report and track the Vulnerability and Penetration Management program.
Develop security guidelines for technology solutions for e.g.: NAC (Network access controls platforms, Data Loss Prevention (DLP), Endpoint Security platforms, etc.
Support and manage Cyber resiliency program in order to assess critical business processes against the known cyber threats and vulnerabilities.
Manage formal risk assessments for Information and Cyber security processes within the Bank.
Conduct information security risk assessments for the Third-party vendor risk processes.
Strong fluency in using communication tools (Excel, PowerPoint, Visio, Word) to develop storyboards for frequent reporting purposes.
Knowledge, Skills and Experience Requirements:
Bachelor''s degree in Computer Science or related discipline or equivalent work experience
Minimum 8 years in Information Technology with 3 years of Information and Cybersecurity relevant experience
Strong knowledge of Information Security concepts including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Secure SDLC, Incident Management, Vulnerability Assessment, Third Party IS Assessment, Secure Configurations, Patch Management, etc.
Employ influencing skills to obtain buy-in and participation from various groups and stakeholders without direct control.
Build and maintain collaborative relationships with partners, clients and peers.
Ability to communicate effectively at different levels of the organization, and with various technical and business audiences.
Excellent problem solving abilities and analytical skills. Ability to see the big picture with high attention to critical details.
Results oriented, is able to achieve desired outcomes independently and at appropriate priority levels
Knowledge of relevant financial industry regulations and standards, with an emphasis on information security and privacy requirements surrounding GLBA, SOX, FDIC, FFIEC, NYSDFS, ISO27001, and NIST is a must
Highly motivated, energetic, detail-oriented with ability to multi-task effectively
Ability to complete projects and perform daily tasks with minimal supervision
Excellent oral, written, and presentation skills
Ability to set and meet deadlines
Strong interpersonal skills
Technical Skills:
Expert level knowledge of Network and Security Architectures
Good understanding of security constructs like encryption, DLP, Anti-Malware, IAM, mobile technologies, networking protocols and infrastructures design
Direct experience with network and security technologies including switches, routers, firewalls, proxies, certificate authorities, cloud access security brokers, network access control, identity and access management technologies, etc.
Knowledge of Cloud deployment models and associated security risks.
Security monitoring tools (SIEM, auditing and log collection tools, network IDS/IPS, malware detection)
Data analysis including normalization and anomaly recognition
Encryption technologies and PKI infrastructure
Networking technologies (TCP/IP/etc and protocols (SSL, SSH, LDAP, SMTP, DNS, etc
Unix, Linux, and Windows Operating Systems and Microsoft Active Directory