|
Our client, a securitization joint venture of major national large scale mortgage products concerns, is seeking several sharp professionals to join their diverse, high-performing team and make a difference.
JOB INFORMATION
Design and administer procedures in the organization that sustain the security of the organization’s data and access to its technology and communications systems. Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization’s systems and the data contained in them. Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security. May lead or execute simulated attacks or security violations to assess the organization’s data security measures.
KEY JOB FUNCTIONS AND RESPONSIBILITIES:
Act as a trusted advisor and partner in risk-based decision making with Business, IT and Information security stakeholders
Analyze organizational information security policy needs based on stakeholder interactions, develop and publish policy, standards, and procedures for implementation.
Implement Privacy and Data Protection Program and Insider Threat Program
Develop the goals and objectives for cybersecurity training, education, or awareness. Design and execute the program
Lead security aspects of GRC tool requirements, selection and deployment joint with the Enterprise Risk Team
Perform POAM oversight and Audit Remediation initiatives across the infrastructure and information systems to satisfy compliance requirements and manage risks to an acceptable level
Other responsibilities as business dictates
Qualifications
SPECIALIZED KNOWLEDGE & SKILLS
Must have at least 7 years’ experience in Risk Assessments/Audit.
BA degree or higher in an IT related field.
Extensive experience and expertise in security management, auditing methodology, and technology risk assessments.
Experience with web application assessment, network penetration testing, and vulnerability research.
Experience with commercial and/or open source security assessment tools.
Ability to document and explain risks and vulnerabilities to both business and technical stakeholders.
Experience with ISO 27001/2, FISMA, National Institute of Standards and Technology (NIST) guidelines and Risk management frameworks. Candidate should have knowledge of tools such as Nessus and NMap and the use and function of other commonly used security tools.
Candidate should have a working knowledge of common OS and domain structures, servers, services, and associated vulnerabilities.
Candidate should have experience with Windows, Linux, Red Hat, etc. hosts, operating systems and applications.
Candidate should have a working knowledge of network engineering and local and wide area (LAN/WAN) technologies and topologies.
Knowledge of cloud deployments is highly desirable.
Excellent interpersonal skills, presentation skills, and verbal / written communication skills.
Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives.
Ability to manage multiple priorities – projects, deliverables, and stakeholders.
Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives.
Active in the security industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technologies. Industry Certification required, e.g. CISSP, CISA, CISM or equivalent designation.
Demonstrated experience using and managing Risk Management tools is required.
Solid understanding of information security policies, standards, industry best practices, and frameworks. (ISO 27K, NIST 800-53, FISMA, BITS etc.)
Solid understanding of network security, OSI model, and information security architecture.
Secondary mortgage market or equivalent financial services experience.
Experience with project management and/or program management. (SDLC, Agile, etc)
EMPLOYMENT
As a condition of employment, any successful job applicant will be required to pass a pre-employment drug screen and to successfully complete a background investigation, which may also include a credit check for positions in some areas of our business.
For consideration, please send resume to djamai@capitalsearch.com
|
