Fortune 500 FinTech giant seeking a seasoned Security Analyst to help provide technical guidance on information security policies, procedures, technologies and compliance related activities as a technical advisor across the enterprise!!
We are seeking a passionate Security Analyst to work with key stakeholders at multiple levels (both internally and externally) in order to identify and align business and Information Security objectives, discover pain points, provide recommendations, and recognize current and future security needs. This Security Analyst provides advice and oversight to ensure that business processes and procedures used to develop and implement new products meet security control requirements, as dictated by company policies.
What Part Will You Play?
- Collaborates with senior leadership to build mutually beneficial relationships.
- Demonstrates knowledge and understanding of information security across the company by identifying and engaging appropriate Infosec subject matter experts to mitigate risk.
- Performs assessments of high and medium risk level third party vendors, as well as software vendors, to identify security risks. Must have knowledge of application security best practices, including the most critical security risks to web applications.
- Supports vendor engagement legal contract reviews, ensuring appropriate infosec clauses are in place, and participates in associated quarterly business reviews of vendors as needed.
- Determines effectiveness of design and implementation of information security controls by leading internal security assessments, and identifies information security risk trends across the organization based on the outcome.
- Provides guidance on internal Infosec policies, procedures, standards and works as a liaison on system solution design.
- Performs analysis of security risks, by interpreting data and other evidence in support of compensating controls or remediation to close such risks.
- Acts as the subject matter expert on information security matters, or acts as a liaison with appropriate subject matter experts when relevant.
- Researches and recommends improvements to existing processes (i.e., vendor assessments, information security assessments, or other information security programs, etc.).
- Researches and stays current on the latest information security and technology trends, best practices, and developments and reports on new and emerging threats through industry knowledge that can affect the organization's information assets.
- Works with subject matter experts and management to develop a skill set for non-routine work.
- Leads the development of long term strategies for conducting information security risk assessments of internal and external controls.
Ideal candidates will have a mix of the following skills, experience, knowledge & industry standards.
- NIST 800-53 Controls (National Institute of Standards and Technology) PCI v3.2.1 (Payment Card Industry)
- FFIEC (Federal Financial Institutions Examination Council)
- ISO 27001 & 27003 (International Organization for Standardization)
- OWASP Top Ten
- SOX (Sarbanes-Oxley)
- GLBA (Gramm Leach Bliley Act)
- Archer, Auditboard, or other GRC tool
- CISSP or CISA