Information Security Analyst III (2506)Posted: 3 months ago
Title : Information Security Analyst III (2506)
Location : NYC, NY
Duration : 8 months
Interview Type : Phone + Onsite interview
PN: Please source local candidates only as there will be an onsite interview and the client will not reimburse travel expense.
New York Client Bank is part of Client System that implements monetary policy, supervises and regulates financial institutions and helps maintain the nations' payment systems. Information Security New York (ISNY) is responsible for developing, executing and maintaining a superior information security program that promotes resiliency by identifying and mitigating cyber risks and threats through risk-based consultation, advice, and direction for controls, designs, and investments for the entire Bank.
"Provide information security subject matter expertise and consultations to business areas. "Perform cyber cloud security testing and assessments that assess the security posture of information system boundaries.
"Contextualize findings generated from vulnerability assessments, penetration tests, threat modeling, and secure code reviews.
"Write technical reports based on assessment activities and results.
"Assist in cyber security assessments program development, execution and maintenance. "Perform security risk assessments using FedRAMP for the Cloud a plus.
"Experienced in conducting technical assessments on SaaS, IaaS, and PaaS solutions. "Strong knowledge of secure software development life cycle (SSDLC), microservices architecture, application containerization, DevSecOps, and experienced in security testing tools/methods such as, SAST, IAST, and RASP.
"Strong understanding of industry standard information security control frameworks, particularly with respect to Cloud assessments
. "Demonstrate experience in the area of risk and controls across various IT platforms including web, Cloud, applications, database, operating systems, infrastructure, and network security.
"Ability to understand, and clearly articulate complex technology risks or control deficiencies to technical and non-technical business representatives, and translate into business risks. Be able to recommend security solutions and remediation.
"Ability to manage multiple complex projects and tasks simultaneously, and prioritize risk assessments and complete within defined time frames.
"Exceptional communication, analytical, critical thinking and decision making skills. "Must be organized, self-motivated, and able to work independently with minimal supervision.
"Experienced in conducting vulnerability analysis including penetration testing, threat modeling, secure code reviews, and red teaming is a plus.
"Strong knowledge of information security landscape, security solutions, and current and emerging security threats.
"Candidate must have a minimal 5 years of experience in an information security role.
"Relevant industry accepted security certifications (AWS, CISSP, CISA, CRISC, SANS, etc.) a plus
Degree Type Major/Certification Required Preferred