IT Security Analyst
Description
- The US Information Security Team is sourcing one (1) IT Security Analyst to assist with the completion of security Threat Risk Assessments (TRAs) for the US application technology landscape.
- An additional resource is necessary due to increased workload, competing regulatory projects, and the need to keep all BAU work and upcoming projects on track.
- We are seeking self-starters who can immediately contribute to the threat risk assessment process, security advisory services including support for regulatory requirements and projects.
- Conduct threat risk assessments on technology assets, specifically applications. Verify security controls, provide suggestion on compensating controls, and advise stakeholders on security best practices
- Work with third and fourth parties to capture data inputs to the assessments, including the review of testing reports and summaries
- Experience with architecture documentation – ability to recognize and identify risks based upon application design or implementation plan
- Review and evaluate responses to security assessments, collect and validate supporting evidence
- Review security and technical design documentation
- Understand compensating and mitigating controls
- Identify risks and understand their impact
- Clearly and intelligently communicate findings to stakeholders
- Provide guidance to stakeholders regarding risks and corresponding actions necessary to remediate said risks
- Prepare and report results to stakeholders and management
- Understand regulatory requirements and how they apply to the evaluation/assessment of tooling or solution
- Understand the financial regulations that legislate and impact technology and security controls
- Work closely with stakeholders, including application owners and business lines to ensure risk remediation or acceptance is addressed
- Conduct security risk assessments for 3rd and 4th party applications, components, services
- Understand cloud infrastructure and cloud security controls
- Work closely with third party relationship managers to define security expectations and hold vendor accountable for risk mitigation or remediation plans
- Collaborate with IT business partners and team leads
- IT Security Analyst or related cybersecurity background (2+ years of experience, but will consider recent university graduates with a degree in Cyber or Information Security)
- Recent experience working directly on Cyber Risk Assessments ( 2+ years, or 1 recent project)
- An understanding and experience with security controls/mechanisms and risk assessment techniques pertaining to complex data, application, infrastructure and networking environments proven through recent experience or last project
- Proficiency in MS Office with extended knowledge in MS Excel ed) – 3+ years
- CISA OR CISSP Certification
- Recent relevant Financial Industry Experience
- Extensive knowledge of Financial regulations and regulatory requirements (NYDFS, FIECC, Client, Treasury, CFTC, etc.)
- Experience with vulnerability management tools such as Tripwire or Tenable
- Ability to read and interpret vulnerability, host audit/configuration and code scanning (DAST/SAST) reports and
- Bachelors/ Masters degree in cyber security, computer science, or related IT field
-
Seniority level
Entry level -
Employment type
Full-time -
Job function
Information Technology -
Industries
IT Services and IT Consulting
Referrals increase your chances of interviewing at LanceSoft, Inc. by 2x
See who you knowGet notified about new Information Technology Security Analyst jobs in Toronto, Ontario, Canada.
Sign in to create job alertSimilar Searches
Looking for a job?
Visit the Career Advice Hub to see tips on interviewing and resume writing.
View Career Advice Hub