Information Security Analyst - W2

Required Skills

• Describe Project Background and Details? o Oversee risk issue – control structure, what are we going to do to fix it ? o Inherent risk of what the team is doing? o Need to understand GRC cyber controls ? IAM, vulnerability, info sec operations
• What are the Day to Day Responsibilities? o Oversee risk issue – control structure, what are we going to do to fix it ? o Inherent risk of what the team is doing? o Will work on Discoverable records, supporting Cyber – ? identify the problem – ? open it as open risk item, ? and evaluate o
• 3-5 Must Haves Skills & Technologies (Break down each skill or tech stack/ flexibility levels): o Need to understand and oversee GRC cyber controls ? IAM, vulnerability, info sec operations o Creating plan and major milestones and be able to document o Create presentations and present to SR Leadership/internal stakeholders
• Familiarity with ServiceNow in a control environment is a high preference
• o Exports from service now and manipulate data o Entering – familiar and using the tool
• Microsoft Suite – can use V look ups
• Jr., Mid, or Sr. level and how many years of experience on each skill? o SR – MID 5 – 8 years
• Drill down on how they will use the skill: Governance risk and compliance.
  
  

Job DescriptionSenior Specialist Info Sec Analyst

The Bank has established baseline standard for controls, including resolution of security vulnerabilities, which serve to minimize residual cyber risk. Utilizing a risk prioritized approach based upon industry standards (NIST Domains; Identify, Detect, Protect, Respond, and Recover,) the IS Cyber Problem Mgt team provides a cohesive global process for identification, notification, awareness, problem resolution, and mitigation of cybersecurity control breaks and vulnerabilities. Leveraging a framework built upon the principles of ITIL, ISD Cyber Problem Mgt helps BNYM in maintaining normal service availability and prevention of system/data corruption and/or compromise while proactively reducing the residual risk and technical debt of control breaks.

Responsibilities

• Reviews and analyzes complex data and information to provide insights, conclusions and actionable recommendations provides direction and guidance on reports and analyses and ensures recommendations are aligned with customer/business needs and capabilities.
• Contributes to the achievement of area objectives.
• Consults with other IT areas and the businesses and provides professional support for major components of the company's information security infrastructure.
• Recommends course of action to mitigate risk and ensures that appropriate standards are established and met.
• Identify operational roadblocks to ensure timely remediation and countermeasures.
• Assist others in interpreting, understanding, and applying information security policies and standards.
• Works closely with other members of the Information Security and various other organizations in a collaborative and goal-oriented manner.
  
  

Qualifications

• Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred
• 8-10 years of experience in information security or related technology experience required, experience in the securities or financial services industry is a plus.
• Knowledge and conceptual understanding of security controls (Identity and Access Management, IT General controls, etc.) as well as System Development Life Cycle (SDLC)
• ServiceNow - working with exports from SN, entering data, working with the SN tool
• Relentless in the pursuit of continuous cyber hygiene, control completeness, and effectiveness.
• Strong analytical and troubleshooting skills
• Self-motivated individual and a team player
• Excellent analytical and troubleshooting skills
• Clear, concise and effective written and verbal communication skills
• Exhibit good time management skills, independent thinking and decision-making capabilities
  
  

Skills: information security,cybersecurity,vulnerability