Senior Security Governance Analyst
Posted on Sep 13, 2022 by Request Technology - Craig Johnson
*We are unable to sponsor for this permanent Full time role*
*Position is bonus eligible*
Prestigious Financial Institution is currently seeking a Sr. Security Governance Analyst. Candidate is responsible for driving information security initiatives related to regulatory exam and Internal Audit remediation planning, tracking, and mitigation. Additionally, this role will lead the development, review and publication of policy, procedures and controls for the Security Services Department in support of the NIST Cyber Security Framework. Likewise, this role will facilitate the management self-testing efforts for the Security Service Department by identifying, recommending, and driving enhancements to the performance, integrity, and compliance of the organization's processes.
- Responsibilities include the development, review and continuous improvement of the Security Services Department policies, procedures, and controls to enhance risk control environment
- Recommendation of appropriate reporting frameworks, standards and best practices.
- Assist with remediating regulatory and Internal Audit findings, including collecting data to identify root cause of problems, identifying trends, formulating solutions, and escalating potential issues related to the life cycle of remediation activities including, but not limited to:
- Management responses
- Development of appropriate action plans
- Delivery timeline tracking
- Gathering, and review of appropriate evidence artifacts
- Proving feedback to responsible SME's regarding appropriateness of evidence artifacts
- Development of documentation for closure
- Act as supporting point of contact from Security Services to senior management in Compliance, Internal Audit, Enterprise Risk Management, Legal and the Enterprise Project Management Office.
- Lead development, implementation, review and improvement of right sized management self-testing of controls.
- Lead Information Security Cyber Security Working Group Program efforts.
- Act on Security Services behalf related to compliance matters including developing and implementing strategies for strengthening the Security Services compliance posture
- Manage Security Services responses to Third-Party requests and surveys
- Perform ad-hoc duties for Security Governance management as necessary
- Broad knowledge of applicable regulatory, legal rules and requirements (eg, SEC, CFTC, Federal Reserve Board, etc.) as they pertain to Information Security.
- Sound knowledge of and experience working with Security and Technology authoritative industry standards and control framework s (eg NIST CSF, NIST 800-53, CIS 20, COBIT, COSO, ITIL, ISO 27001, CSA CCM, etc.)
- Strong understanding of information technology and risk management concepts
- Strong experience in Information Security related policy, procedure and control writing.
- Basic knowledge of Cloud implementation and Cloud compliance strategies including for data, information, application, platform and network security
- Understanding of Systems Development Life Cycle (SDLC) process (Agile) and Secure Software Development Lifecycle.
- Ability to work independently and as a member of a team, proficient in collaborating with internal business clients from different departments and at various levels of seniority.
- Proficient in gathering, analysing, and evaluating facts and preparing/presenting concise oral and written Compliance related data analysis and reports.
- Excellent organizational, written and oral communication skills.
- Proficiency with Microsoft Office Suite, including Word, Excel, and PowerPoint
- Experience using an integrated risk management system (such as RSA Archer Suite) a plus
- Business Intelligence tool experience (ie Tableau), a plus
- Bachelor Degree - Computer Science, Management Information Systems, or related field or the equivalent combination of education and/or relevant experience.
- 5 or more years hands-on Information Security or EGRC-related work experience.
- Previous work in Compliance, Audit, Risk Management, Project Management or control activities in the financial services industry.
- Professional network and/or security certifications a plus (ie, GIAC, CISSP, CISA, CISM, CRISC)