Job Qualifications
The ideal candidate should have the following qualifications:
· Bachelor of Science in Computer Science/Engineering or equivalent work experience and certifications
· Three to five years of experience working as a security analyst performing:
Security Assessments
o Application Security Assessments, Supplier Reviews (Information Security and Business Continuity adequacy), and General Controls Assessments
Security Service Delivery Review/Approval
o Firewall Policy Changes, Internet Access, Secure Data Transfer, Workstation Administrative Rights and Windows File Share Lockdowns
Incident Management
o Response and active management of information security incidents
Vulnerability Management
o Vulnerability identification & analysis via research, internal technology owner interviews, identification of insecure configurations and the use of vulnerability scanning tools. Participation in an Enterprise level Security Patch Management Program
Suspicious Activity Monitoring
Intrusion Detection/Prevention and Data Loss Prevention
· Working knowledge of common security tools and concepts such as anti-virus, proxies (e.g. web and file transfer), endpoint management, encryption (at rest/in-motion), L3/L7 firewalls, patch management/software deployment.
· Knowledge of generally accepted Information Security controls (e.g. ISO 27001/27002)
· Technical knowledge of Information Technology systems and the ability to analyze them for vulnerabilities:
TCP/IP (IP addressing and commonly used port assignments)
Windows/UNIX/Linux Operating Systems
Client-Server applications
Web based applications
Remote Access technologies
Mobile devices
· Strong analytical skills to determine the key pieces of information required to make informed decisions. The ability to utilize data analysis tools such as MS Excel (e.g. pivot tables, etc.)
· Strong verbal and written communication skills. Ability to adjust communication style/content to interact with IT and business professionals.
· Knowledge of law and regulations surrounding the financial services sector is a plus
· Knowledge of Business Continuity and Disaster Recovery is a plus
· Information Security certification a plus: CISSP, CISM, SANS, etc.
Job Description
This position is part of a team that provides security services and information risk management support for our global offices. Specifically, this team acts as a control group to ensure that security operations procedures are performed and all risks are mitigated or remediated. Responsibilities of this position include, but are not limited to:
· Security Assessments– review applications, business processes and suppliers for adequacy of security controls.
· Disposition daily requests from the business that require security review such as firewall access, remote access, external file transfer, local administrative access to workstations, etc.
· Vulnerability Management – review current environment for vulnerability exposure and emerging threats. Participation in the Patch Management Program to identify new patches, rate patch severity, manage monthly meetings, produce metrics, and follow up with responsible parties.
· Incident Management – Manage the investigation, containment, and response to information security incidents (e.g. Intrusion Detection System, etc.)
· Suspicious Activity Monitoring – Monitor and investigate potential Information Security breaches from various security systems (e.g. IDS, anti-virus, DLP, logs, etc.). Investigation of repeat logon failures to UNIX/Linux systems.
· Provide guidance as needed to IT and Business partners to ensure secure implementation of processes, systems and services.
· Produce metrics of the firm's security systems and departmental processes
· Project based work as necessary. Introduction or enhancement of security controls.
You received this message because you are subscribed to the Google Groups "ALL JOBS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jobs-room+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment