Location: 150 King St W can be 100% remote
Contract Duration: Through end of December 2024 with potential for conversion to FTE after 6 months
Schedule Hours: 8 hrs
Candidate Value Proposition
In addition to gaining experience with a top global bank, successful candidate(s) with outstanding performance and skills will have the opportunity to be converted to full time employment, assuming the budget allows.
Typical Day In The Role
- Conduct threat risk assessments on technology assets, specifically applications. Verify security controls, provide suggestion on compensating controls, and advise stakeholders on security best practices
- Work with third and fourth parties to capture data inputs to the assessments, including the review of testing reports and summaries
- Experience with architecture documentation – ability to recognize and identify risks based upon application design or implementation plan
- Review and evaluate responses to security assessments, collect and validate supporting evidence
- Review security and technical design documentation
- Understand compensating and mitigating controls
- Identify risks and understand their impact
- Clearly and intelligently communicate findings to stakeholders
- Provide guidance to stakeholders regarding risks and corresponding actions necessary to remediate said risks
- Prepare and report results to stakeholders and management
- Understand regulatory requirements and how they apply to the evaluation/assessment of tooling or solution
- Understand the financial regulations that legislate and impact technology and security controls
- Work closely with stakeholders, including application owners and business lines to ensure risk remediation or acceptance is addressed
- Conduct security risk assessments for 3rd and 4th party applications, components, services
- -Understand cloud infrastructure and cloud security controls
- Work closely with third party relationship managers to define security expectations and hold vendor accountable for risk mitigation or remediation plans
- Collaborate with IT business partners and team leads
Must Have Skills/Requirements
- IT Security Analyst or related cybersecurity background (2+ years of experience, but will consider recent university graduates with a degree in Cyber or Information Security)
- Recent experience working directly on Cyber Risk Assessments ( 2+ years, or 1 recent project)
- Experienced with GCP or related Cloud Platforms
- Prior knowledge of security engineering/architecture
- Proficiency in MS Office with extended knowledge in MS Excel – 3+ years
Nice To Have Skills
- CISA OR CISSP Certification
- An understanding and experience with security controls/mechanisms and risk assessment techniques pertaining to complex data, application, infrastructure and networking environments proven through recent experience or last project
- Recent relevant Financial Industry Experience
- Extensive knowledge of Financial regulations and regulatory requirements (NYDFS, FIECC, Client, Treasury, CFTC, etc.)
- Experience with vulnerability management tools such as Tripwire or Tenable
- Ability to read and interpret vulnerability, host audit/configuration and code scanning (DAST/SAST) reports and
Soft Skills
- Excellent grammar and communications skills to coordinate with senior leadership (Director, VP level and up), as well as C-Suite of some of the third party vendors
- Comfortable putting together and presenting risk assessments to a wide range of individuals
- Candidate must have a natural curiosity and the ability to assess each situation separately
- Fast, adaptable learner who can hit the ground running
- Strong organizational skills
- Ability to manage assigned tasks and expectations without direct instruction or oversight
- Ability to work well under pressure while demonstrating strong professionalism
- Must be able to collaborate closely with teams and independently
- Must be accountable to meet individual deadlines without hand holding
Education : -Bachelors/ Masters degree in cyber security, computer science, or related IT field