Job Description :
Sr Security Analyst- Awareness
Jersey City, NJ
Contract to hire
Security Risk Management (SRM) Group, under the leadership of the Chief Information Security Officer (CISO), is tasked to protect information assets in support business objectives and in conformity with policies. The Vulnerability and Threat Management Team is a core function of SRM and is primarily responsible for ensuring that IT systems are engineered and designed in a secure manner. The Vulnerability and Threat Management (VTM) Team is a core function of SRM and is tasked with continually improving the security posture through the analysis of vulnerability and threat data, responding appropriately to the results of such analysis, providing security-related guidance, developing security policies and evangelizing security matters throughout the company. The Security Business Practices Analyst will be focused on the governance, risk and compliance (GRC) aspects of VTM and is primarily responsible for managing the security awareness program as well as policy and exception management processes. The Security Business Practices Analyst will also assist with the management of the corporate enterprise governance, risk and compliance (GRC) platform.
Well qualified candidates for this position will demonstrate the following key traits:
1. Ability to communicate effectively with a variety of internal stakeholders including C-level
2. Ability to partner with and influence peers to ensure security requirements are understood and met
3. Interest in financial services, trading platform processes and technologies, and corporate security
Well qualified candidates will also demonstrate expertise in the following technical areas:
1. Strong writing, organizational, analytical and communications skills
2. Experience with project management or managing a workflow
3. Familiarity with Information Security frameworks and standards (i.e. CIS, NIST, ITIL)
Main Accountability 1: Policy and Exception Management
Examples:
Oversee and track the progression of security policy exceptions and website exceptions in Archer
Assign risk level to Security Policy Exceptions based on likelihood and impact.
Consult with Vulnerability Threat Management, vendor assessments, Software Security Assessment, and Architecture teams to analyze and collect risk data from existing vulnerability, vendor management, project, threat management, and application related processes
Explain the risk related to the organization as well as recommend options to reduce the risk to an acceptable level
Manage workflow in Archer
Develop and deploy new policies and standards and process policy/standard change requests
Create and distribute risk reports relating to exceptions on a weekly basis to Senior Manager and Director outlining the risks introduced based on new exception requests
Create reports relating to SLA performance
Provide reports to the CISO on the areas of policy risk based on categories, and exception type
Perform quarterly ICAP testing
Main Accountability 2: Security Awareness Program
Examples:
Develop annual computer-based security awareness training
Develop and launch communications
Develop and deploy promotion materials
Perform on-going associate training and awareness
Main Accountability 3: Support Team and Influence Key Stakeholders
Examples:
Ability to positively influence the behavior of peers and build relationships with other teams without direct authority over those teams
Assess current practices and identify relevant policies to ensure state of the art development practices as they relate to security
B.A./B.S. degree in related discipline
Minimum of 2 years of experience involving writing, process management, communication, or training
Experience in Information Technology or Security preferred
Ability to perform problem solving in a complex demanding environment
Must be resourceful, creative, innovative, results driven, and adaptable
Solid problem solving and analytical skills
Competent designer of mixed-technology solutions
Ability to perform in a fast-paced multidisciplinary environment
List licensures, certifications, or other designations required (i.e., Series 7, Series 63, CPA, PM, MCSE, etc
Information Security and control certifications preferred (CISSP, CISM, Security Plus, etc
Interview Process (Phone, In-Person, Both):
Phone and In Person
Other Comments to Suppliers:
CTH - No Sponsorship Provided
Local candidates preferred
We can staff this position in Omaha or New Jersey - the preference is Omaha
Candidates MUST have EXCELLENT communication skills - they will be spending a majority of their time on the phone. They must be able to speak clearly.
Experience with Archer is highly preferred
Experience in Financial Services is highly preferred
Experience in a regulated field (if they do not have FS experience) is highly preferred