AVP, Technology Risk Management and Information Governance (Midtown NY City)
The Firm’s Information Security/Technology Risk team works to identify security risks, threats and vulnerabilities of our networks, systems, applications and new technology initiatives. The Information Security/Risk Analyst will provide support to ISO/Tech Risk functional areas.
• Investigate Technology Risk incidents through interviews and conduct targeted Technology Risk Assessments. Identifies best practices within Technology
• Performs root cause analysis of all technological incidents
• Monitor action plans for all identified risks and any audit action plans
• Oversee the Technology Risk Matrices for incidents and follow-up on outstanding action plans resultant from these incidents and identified risks from the firm’s annual Technology Risk Assessment. Provides periodic reports to senior management with tending analysis
• Oversee the documentation of all Information Security and Technology Risk procedures and processes
• Directs the SOX year-end assessments and sub-certifications for the firm.
• Conduct weekly email surveillance reviews for Compliance and HR and investigate any subsequent findings
• Review and analyze security logs to identify any anomalies within our environment and activities within the network as well as any devices accessing the network
• Establish and monitor compliance with the firm’s security requirements for all applications.
• Conduct information security assessments to identify potential technology risks and assist key stakeholders in identifying and certifying relevant technology risks within each department
• Assist in the coordination and performance of vulnerability assessments and penetration testing on an annual basis
• Research and identify applicable security safeguards for the firm based on the threat landscape
• Manage the quarterly re-certification process for all applications and shared access elements within our environment
• Monitor and investigate anomalies resultant from scans by the Security Incident Event Monitoring application to ensure all activities are in compliance with the firm’s policies and procedures
• Oversee the user access process and ensure operational integrity of the application security application
• Oversee the daily operations of the following Information Security applications including training on these applications: RSA’s DLP, CyberArk, Varonis, VCM, BlockMaster and Netezza Mantra for database compliance monitoring
• Evaluate and test the security features for all new applications and perform any ad hoc projects as assigned.
• Bachelor Degree preferably in Information Security or IT related field
• 5-10 years of relevant experience in Information Security
• Familiarity with Federal Regulations and Industry standards related to Information Security (FISMA, ISO 27001/27002, NIST, etc.)
• Strong knowledge of intermediate/advanced excel functions
• Strong interest in Information Security field
• CISSP certification is preferred
• Excellent verbal and written communications skills required; Ability to interact with employees at all levels of the organization
• Strong attention to detail with the ability to prioritize and meet deadlines
• Ability to recognize and deal appropriately with confidential and sensitive information
• Proven ability to work independently
• This is a permanent, full time position (NOT a contract). Please do not apply (or refer) unless authorized to work in the US.
• All candidates must be either US Citizens or US Permanent Residents
• All candidates MUST be local to NY City.
• Please do not apply if you are not local, even if you would pay your own relocation.
• Relocation is NOT offered.
Monday, August 13, 2012
- Rich Murphy, BryceNet, Inc. (516) 665-3595
- Merrick, NY, United States
- Executive Recruiter with over 30 year's of experience. Currently I'm the Managing Director of BryceNet, Inc., a boutique Executive Search Firm based in Long Island, NY. The firm specializes in Information Technology, primarily in the New York Metropolitan area. I had previously been with CompuSearch/Management Recruiters (Aug 1984 - Mar 2010). While at MRI,I had been the number one Account Executive in the nation numerous times, and I wasconsistently among the top 5 Account Executives nationwide. I was the first and only Account Executive to reach 6 million dollars of production; I had also been named the #2 Account Manager for the Decade of the '90's. I had consistently lead the Woodbury office to its position as the #1 Office in the nation. Prior to that, I served 9 years in the U.S. Marine Corps. While in the Military, I received a full scholarship to college through the Marine Enlisted Commissioning Education Program. Philosophy: I will always do what is in the best interest of everyone involved. I will never try to force a situation if it not a win-win for both the employer and candidate.