Global bank is NYC is seeking an Information Security Officer to join their ISO department. Strong knowledge of Information Security within the banking or financial services industry is preferred.
Information Security Officer Responsibilities:
- Implement and develop the information security standards, procedures, guidelines and objectives
- Successfully engage with management of the lines of business to understand new initiatives, providing information on the inherent information security risk of these activities, and outlining ways to mitigate the risks
- Ability to work with management of the lines of business, to understand the flow of information, the risks to that information, and the best ways to protect the information
- Manage the process or be responsible for defining, assessing and mandating information security requirements for Third Party’s processing, accessing, transmitting, or storing the banks non-public data
- Inform the ISTC, management, and staff of information security and cybersecurity risks and the role of staff in protecting information
- Champion security awareness and training programs
- Participate in industry collaborative efforts to monitor, share, and discuss emerging security threats
- Report significant security events to the ISC and senior management as appropriate
- Review system access rights by user and verify that accounts contain access rights related to job functions and responsibilities
- Monitor and detect any violation of the bank’s security
- Develop and implement an Incident Reporting and Response System to address security and incidents (breaches), respond to alleged policy violations, or complaints from external parties
- Develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation and oversee vulnerability testing and scanning
- Responsible for authorization of user accounts for operating/application systems, ID badge management, and annual user entitlement review
- Assisting to compile various reports as required by Management
- Undertake any other relevant duties assigned by the Department Head from time to time
Qualys (vulnerability Management)
- Using of Qualys vulnerability scanner tool to collaborate on and provide vulnerability management results and metrics for consistent reporting for governance purposes; collaborate and coordinate remediation plans and activities
- Facilitate and coordinate vulnerability assessment and scanning, reviews of assessment results, patching, and remediation activities related to workstations, servers, storage, databases, appliances, web applications and network devices
- Analyze assessment results and threat feeds to properly react to security weaknesses or vulnerabilities
- Maintain configuration control of Vulnerability Management hardware, systems, and application software, Coordinate upgrades and other maintenance activities on VM tools
- Provide status reports to CISO Vulnerability Management metrics, key risk indicators, trending, and compliance reports to the CISO
Splunk – Security information and event management (SIEM)
- Manage and maintain log aggregation and Security information and event management (SIEM) using Splunk, technologies to ensure all systems and applications are accurately logging and examined for signs of abuse or IOCs
- Research open-source intelligence sources for additional IOCs to integrate into SIEM technologies
- Investigate potential security incidents and serve as initial incident responders
- Create dashboards and custom queries to search for suspicious activity or research known incidents
- Maintain Monitoring and Incident Response policies, procedures and documentation of investigations
- Manage internal communications and escalations for any ongoing investigations
Symantec / Gmail – Data Loss Prevention (DLP)
- Day to day management and monitoring of Data Loss Prevention solution using Symantec DLP and Gmail DLP
- Stabilize and optimize DLP system performance, including rules and reports
- Assist with DLP component upgrades, installs, testing and configuration
- Conducts technical security reviews and assessments of current data handling practices
- Monitors and tracks remediation activities to address weaknesses and issues discovered through security reviews
- Provides periodic reporting including assessment findings and recommendations for improvement
- Assist in the hands-on implementation of multiple DLP solutions
- Stabilize and optimize DLP system performance, including rules and reports
- Provide single point of contact and hands-on escalation and remediation for critical issues
- Provide regular status reports for critical incidents, projects and proactive services
Threat Intelligence Analysis
- Performing cyber intelligence collection and analysis
- Consume and evaluate threat Intelligence to understand the evolving threat landscape, and possible areas of concern/targeting that could potentially impact to our environment
- Respond to requests for ad-hoc reporting and research topics from management as required
- Proactively hunt for currently undetected abuse by leveraging internal data, open-source intelligence and third party private intelligence
Additional Tasks
- Suspicious Email Investigation
- Internal Penetrating Testing
- Application Security Testing
- Leverages Symantec Bluecoat (Web content filtering), to protect network security
- Utilized Symantec Endpoint Protect, Carbon Black EDR, and office Scan TrendMicro to protect company data
- Conducting third party risk assessment
- Perform IS third party onboarding and termination
Information Security Officer Requirements:
- Bachelor’s degree; Advanced degree or IT background is preferred
- 5+ years relevant experience
- Strong knowledge of computer-based risk management systems relevant to the types of business activities to be conducted by the Branch
- Strong knowledge of information security related topics such as FFIEC, NYS DFS, ISO 270XX and etc.
- Financial industry experience is plus
Salary range: $100,000-$160,000, based on experience. Bonus eligible
SUBMIT YOUR RESUME0 Likes