The Information Security & IT Risk Engineer will be responsible for ensuring that IT security systems are configured, deployed, and maintained in accordance with polices and standards. This position requires participation in technical research and development to enable continuing innovation for security and IT risk management. The candidate will be responsible for monitoring regular vulnerability scanning and penetration testing, and will participate in incident response and investigations.
Focus on cybersecurity solutions and ways to protect the firm from virus and malware vulnerabilities
Develop and maintain IT Risk log analysis solutions, including data collection and aggregations, data normalization, and reporting.
Review and analysis of long-term comprehensive security data from a wide variety of sources.
Assist with project management and will be responsible for the devel opment and management of ongoing Information Security and Corporate Governance training programs. They will develop and maintain a secure forum for all Information Security related activities.
Responsible for following established guidelines and identifying and resolving problems.
Contribute to work flow or process change and redesign, and to form a strong basic understanding of the specific product or process; May also be accountable for regular reporting or process administration as owner.
Coordinate and perform security audits and vulnerability assessments to assess internal security procedures and compliance requirements.
Work with relevant internal IT Application, Infrastructure, Network and Support teams to ensure that security controls are implemented at all significant and relevant phases of all IT processes.
Ensure that the IT systems are compliant with applicable regulations, group policies, codes and industry guidance, e.g. performing gap analyses between standards such as SANS Top 20, NIST 800-53, ISO 27001, and the Information Security Framework.
Where gaps are identified, assist in implementation of controls.
Collate and quality assure data provided to other departments such as Risk Management and Internal Audit.
Review security event log data and investigate anomalies.
Perform monitoring activities and risk assessments.
Respond to, and where appropriate, resolve or escalate reported security incidents.
Management of security related events and tracking of remediation process.
Implement and support information security solutions including security architectures, change/configuration management, and the integration of security products as needed.
Strong expertise with the following technologies and solutions at a minimum:
- Cybersecurity solutions and protection
- Identity and Access Management
- Endpoint Security
- Privileged Management
- IT Risk Assessments
- IT Risk and Security Training
- Next Generation Firewalls
- Next Generation End Point Detection
- Vulnerability Scanning
- Threat Hunting
- Web and Email Security
- System vulnerability tools
- Security monitoring tools
- Application security risk assessment tools
Performing gap analyses within different environments coupled with an in depth understanding of regulatory guidelines as well as standards and best practices related to ISO and NIST.
Ability to analyze vulnerabilities within the internal infrastructure and oversee timely remediation.
Strong ability to recognize and remediate issues within the internal infrastructure.
Ability to communicate information security concepts across a broad range of technical & non-technical staff.
Good influencing, relationship and stakeholder management skill
One of the following certifications is a plus - SSCP, CISM, CISA, or CISSP.
Weekend and night work may be needed at times based on project, support, and business needs.