Senior Cyber Security Specialist

Position:          Senior Cyber Security Specialist

Locations:       NYC, NY

Duration:          3 mos (with very likely extensions)

Rate:                Open

Interview:         Phone + F2F or Direct F2F

Purpose of Position:

Works closely with the CISO to manage security policies, evaluate new security solutions. The position requires a deep understanding of security products such as SIEM products, Firewalls, VPNs, intrusion prevention, web proxies, vulnerability management and email filtering, and a working knowledge of standard anti-virus and advance anti-malware technologies.

Essential Job Functions:

• Provide thorough knowledge and understanding in: computer networks, cloud and mobile devices, application architectures, databases and security products.
• Create and review security metrics with the CISO to measure security effectiveness of the Bank's security program.
• Engage with IT to ensure non-compliant items are addressed in timely matter.
• Work with the relevant internal IT Infrastructure, Help Desk Support and Development teams to ensure that security controls are implemented at all significant and relevant phases of all IT processes.
• Ensure that the IT systems are compliant with applicable regulations, policies, and industry guidance such as SANS Top 20, OWASP Top 10, ISO 27001, NIST 800-53 and CIS Security Benchmarks. Where gaps are identified, assist in planning and implementation of controls.
• Review security event log data and investigate anomalies.
• Perform testing to evaluate new products system security controls.
• Manage security related events and tracking of remediation process.
• Respond to, and where appropriate, resolve or escalate reported security incidents.
• Participate in IT projects and champion Information Security throughout the organization.
• Design, implement and support information security solutions including security architectures, change/configuration management, and the integration of security products as needed.
• Design, manage, and troubleshoot security monitoring agents on information systems.
• Design, manage, support, report and track the Vulnerability and Penetration Management program.
• Develop security guidelines for technology solutions for e.g.: NAC (Network access controls platforms, Data Loss Prevention (DLP), Endpoint Security platforms, etc.
• Support and manage Cyber resiliency program in order to assess critical business processes against the known cyber threats and vulnerabilities.
• Manage formal risk assessments for Information and Cyber security processes within the Bank.
• Conduct information security risk assessments for the Third-party vendor risk processes.
• Strong fluency in using communication tools (Excel, PowerPoint, Visio, Word) to develop storyboards for frequent reporting purposes.

Knowledge, Skills and Experience Requirements:

• Bachelor's degree in Computer Science or related discipline or equivalent work experience
• Minimum 8 years in Information Technology with 3 years of Information and Cybersecurity relevant experience
• Strong knowledge of Information Security concepts including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Secure SDLC, Incident Management, Vulnerability Assessment, Third Party IS Assessment, Secure Configurations, Patch Management, etc.
• Employ influencing skills to obtain buy-in and participation from various groups and stakeholders without direct control.
• Build and maintain collaborative relationships with partners, clients and peers.
• Ability to communicate effectively at different levels of the organization, and with various technical and business audiences.
• Excellent problem solving abilities and analytical skills. Ability to see the big picture with high attention to critical details.
• Results oriented, is able to achieve desired outcomes independently and at appropriate priority levels
• Knowledge of relevant financial industry regulations and standards, with an emphasis on information security and privacy requirements surrounding GLBA, SOX, FDIC, FFIEC, NYSDFS, ISO27001, and NIST is a must
• Highly motivated, energetic, detail-oriented with ability to multi-task effectively
• Ability to complete projects and perform daily tasks with minimal supervision
• Excellent oral, written, and presentation skills
• Ability to set and meet deadlines
• Strong interpersonal skills

Technical Skills:

• Expert level knowledge of Network and Security Architectures
• Good understanding of security constructs like encryption, DLP, Anti-Malware, IAM, mobile technologies, networking protocols and infrastructures design
• Direct experience with network and security technologies including switches, routers, firewalls, proxies, certificate authorities, cloud access security brokers, network access control, identity and access management technologies, etc.
• Knowledge of Cloud deployment models and associated security risks.
• Security monitoring tools (SIEM, auditing and log collection tools, network IDS/IPS, malware detection)
• Data analysis including normalization and anomaly recognition
• Encryption technologies and PKI infrastructure
• Networking technologies (TCP/IP/etc.) and protocols (SSL, SSH, LDAP, SMTP, DNS, etc.)
• Unix, Linux, and Windows Operating Systems and Microsoft Active Directory