This posting has been closed |
Job Overview:
The cyber security program includes assessing the development, deployment, and sustainment of all IT systems that support our client delivery. The successful candidate will use industry standard frameworks to ensure systems are secure throughout their life cycle. The position calls for a strategic individual who understands business operations, information technology and security and will utilize that knowledge to assist with the implementation of an effective security campaign that ensures the overall security position is aligned with business needs and the evolving threat landscape.
Roles and Responsibilities Overview:
-
Management of the global team Cyber Hygiene team, development and deployment, to include:
-
Vulnerability Management & Core Build – Support the identification of configurations, at the end-point, source code, application, database, and network level.
-
Source Code Analysis – Develop security standards for testing of source code and oversee testing through security code scanning platform
-
Vulnerability and Compliance Remediation – Remediation of all violations of CSO IS controls and all CSO IS services, addressing gaps in IS controls and sustainably preventing the emergence of new information security gaps.
-
Rogue Asset Discovery – Use industry leading tools to validate the enterprise has updated inventory for internal and cloud based capabilities.
-
Code Security – Ensure the bank is using appropriate security for source codes, internal and external, protecting the client’s enterprise both in network and cloud.
-
-
Create and implement a pre-deployment testing capability to ensure information systems are accurate across the enterprise.
-
Perform reoccurring cyber hygiene activities to ensure system security controls are operating and monitoring mission integrity.
-
Stay current on the latest security threats and vulnerabilities and educate staff to take informed proactive actions to the enterprise environment and collaborate with enterprise architecture teams to evaluate new or improved technologies with regard to replacing or upgrading existing infrastructure.
-
Development of an operational roadmap for the sustained success of the team - includes measuring the team's performance against Service Level Objectives (SLOs) and continuous improvement.
-
Participate in infrastructure and security incident management processes to derive root cause and after action reports.
-
Support against compliance violations for new and legacy applications.
-
Responsible for the implementation and maintenance of the Technical Information Security Officer (TISO) target model, as well as the training of the TISO population.
-
Promote services and guidance with business and application owners to help them understand the service value proposition for consumption in their area(s).
-
Continuously provide service and process improvement feedback from assessments through service delivery to improve efficiency and value.
-
Assessing known systems vulnerabilities and verifying system hardening and patching activities to ensure compliance.
-
Defining of cyber requirements and design solutions, providing guidance and direction related to security technologies.
Requirements:
Technical Experience:
-
10+ years of experience working in an information security or IT operations related field in an enterprise environment with experience in comprehensive vulnerability management programs.
-
5+ years of “hands-on” experience in a managerial role within IT security or IT operations.
-
Experience utilizing two or more open-source and enterprise vulnerability assessment tools such as, NMAP, WebInspect, Veracode, MetaSploit, Nessus, Tanium.
-
Long-term experience in information security / cyber security in a global IT environment.
-
Knowledge of all important aspects of cyber security threats and defenses (such as exploits, Trojans, Virus, malware, etc.).
-
Found understanding of the security solution architecture, market trends and standards, and platform-specific vulnerabilities.
-
Good knowledge of and experience with regulatory requirements and relevant standards; e.g. COBIT, ITIL, CMMI, NIST or ISO 27002. Appropriate certification would be an advantage.
Non-Technical Experience:
-
Ability to operate in a global and highly complex organization with multiple stakeholders with sometimes conflicting and overlapping goals.
-
Proven leadership skills including: effective oral and written communication, performance management, issue resolution, negotiation, motivating others, forecasting, and planning.
-
Self-motivated with ability to work with minimal supervision.
-
Strong technical leadership working with vulnerability and configuration assessment tools such as network vulnerability scanning tools, dynamic, and static code scanning tools.
-
Experience in leading global teams of experts within a complex technical environment.
-
Experience in communication with different business and IT departments on a global level. This includes the ability to process and present complex topics in a target group-oriented manner in order to make necessary decision-making processes advance.
-
Team leadership capability and ability to work solution-oriented in virtual global teams in a matrix organization.
-
Creates an environment in which employee leadership and development have high priority.
-
Professional demeanor, good interpersonal skills, and ability to excel in a high-paced multi-tasked environment
Education and Certifications:
Desired Education:
-
Master in business administration, computer science or comparable professional experience
Desired Certifications:
-
One of the following certifications: CISSP, SANS GIAC Certified Penetration Tester (GPEN), SANS GIAC Certified Web Application Penetration Tester (GWAPT), Offensive Security, Certified Ethical Hacker (CEH).
Skill | Proficiency | Years Experience | Percent Used |
---|---|---|---|
Cyber Security | Any | 100% | |
CISSP | Any | 75% | |
Information Security | Any | 75% | |
Performance Management | Any | 75% | |
Compliance | Any | 50% | |
Infrastructure Security | Any | 50% | |
Solutions Architecture | Any | 50% | |
Agile Methodology | Any | 25% | |
Analysis | Any | 25% | |
CMMI | Any | 25% | |
Microsoft Excel | Any | 25% | |
Nessus | Any | 25% | |
NIST | Any | 25% | |
Process Improvement | Any | 25% | |
Security Monitoring | Any | 25% | |
Vulnerability Assessments | Any | 25% | |
Vulnerability Managment | Any | 25% |