AVP, Technology Risk Management and Information Governance (Midtown NY City)

AVP, Technology Risk Management and Information Governance (Midtown NY City)

Overview:
The Firm’s Information Security/Technology Risk team works to identify security risks, threats and vulnerabilities of our networks, systems, applications and new technology initiatives. The Information Security/Risk Analyst will provide support to ISO/Tech Risk functional areas.


Responsibilities:
• Investigate Technology Risk incidents through interviews and conduct targeted Technology Risk Assessments. Identifies best practices within Technology
• Performs root cause analysis of all technological incidents
• Monitor action plans for all identified risks and any audit action plans
• Oversee the Technology Risk Matrices for incidents and follow-up on outstanding action plans resultant from these incidents and identified risks from the firm’s annual Technology Risk Assessment. Provides periodic reports to senior management with tending analysis
• Oversee the documentation of all Information Security and Technology Risk procedures and processes
• Directs the SOX year-end assessments and sub-certifications for the firm.
• Conduct weekly email surveillance reviews for Compliance and HR and investigate any subsequent findings
• Review and analyze security logs to identify any anomalies within our environment and activities within the network as well as any devices accessing the network
• Establish and monitor compliance with the firm’s security requirements for all applications.
• Conduct information security assessments to identify potential technology risks and assist key stakeholders in identifying and certifying relevant technology risks within each department
• Assist in the coordination and performance of vulnerability assessments and penetration testing on an annual basis
• Research and identify applicable security safeguards for the firm based on the threat landscape
• Manage the quarterly re-certification process for all applications and shared access elements within our environment
• Monitor and investigate anomalies resultant from scans by the Security Incident Event Monitoring application to ensure all activities are in compliance with the firm’s policies and procedures
• Oversee the user access process and ensure operational integrity of the application security application
• Oversee the daily operations of the following Information Security applications including training on these applications: RSA’s DLP, CyberArk, Varonis, VCM, BlockMaster and Netezza Mantra for database compliance monitoring
• Evaluate and test the security features for all new applications and perform any ad hoc projects as assigned.

Requirements:
• Bachelor Degree preferably in Information Security or IT related field
• 5-10 years of relevant experience in Information Security
• Familiarity with Federal Regulations and Industry standards related to Information Security (FISMA, ISO 27001/27002, NIST, etc.)
• Strong knowledge of intermediate/advanced excel functions
• Strong interest in Information Security field
• CISSP certification is preferred
• Excellent verbal and written communications skills required; Ability to interact with employees at all levels of the organization
• Strong attention to detail with the ability to prioritize and meet deadlines
• Ability to recognize and deal appropriately with confidential and sensitive information
• Proven ability to work independently

• This is a permanent, full time position (NOT a contract). Please do not apply (or refer) unless authorized to work in the US.
• All candidates must be either US Citizens or US Permanent Residents
• All candidates MUST be local to NY City.
• Please do not apply if you are not local, even if you would pay your own relocation.
• Relocation is NOT offered.