Senior Information Security Engineer
Provide technical expertise and direction in developing and supporting business and technology applications to ensure they are deployed and operated securely. Effectively plan, design, implement and monitor complex security technologies and projects that support the firms' underlying security policies and procedures. Design, document and implement appropriate security policies and standards that protect the firms' information assets. Provide governance oversight of new and existing policies, standards and practices. Responsibilities
- Serve as a security expert on application development, database design, network and/or platform (operating system) projects, helping project teams comply with enterprise and Technology security policies, industry regulations and best practices. Through an expert understanding of the business requirements, identify the appropriate security requirements for each project. Design, develop and lead the testing approach and execution plan to ensure that new and existing solutions meet security requirements.
- Design, lead and conduct comprehensive risk/vulnerability systems assessments to identify vulnerabilities, including providing reporting on assessment results as well as risk mitigation and remediation recommendations and plans. Keep current with emerging security trends, issues and alerts. Communicate known security risks and solutions to mitigate risks to business and technology partners as needed. Manage audits of vendor security processes, procedures and compliance controls.
- Analyze application security needs based on the sensitivity or proprietary nature of the data and work with the appropriate teams to develop and execute new or existing security technologies or processes to support the business strategy. Design, test, implement, maintain and support current and future complex information security technologies, processes and procedures. Advise technology partners of appropriate security technologies, functionality, benefits and implementation requirements for each project.
- Lead the design and development of security controls that ensure the safety of information assets and protect from unauthorized access or intentional destruction. Lead the development, implementation, maintenance and enforcement of all technology information security policies, procedures and associated plans based on industry standards, best practices and legal compliance requirements. Implement changes to existing security policies and control standards to stay current with the threat landscape.
- Lead complex projects related to information security regulatory compliance and the implementation and maintenance of all information security programs, processes and technologies. Assess and document the need for all security configurations or re-configurations and work with appropriate teams to execute them as required. Research, design and advocate new security technologies, architectures and security products that will support the security requirements of the firm.
- Bachelors degree in Computer Science, MIS, or Technology Forensics, or related field; or equivalent work experience.
- 7-10 years of relevant experience required
- Certifications Required: CISSP, CISA, or CISM (or equivalent)
- 7+ years experience installing, monitoring and maintaining information security solutions - including policy design and implementation.
- 5+ years experience evaluating and designing security solutions for technology projects.
- Demonstrated understanding of security related technologies and practices, including: authentication and authorization systems, endpoint protection, encryption, segmentation strategies, vulnerability management, secure remote access, and fire walls.
- Strong/diverse technical background in enterprise networking, firewall, storage options, server infrastructure, operating systems, database technologies, and desktop operating systems and security.
- Demonstrated experience contributing and collaborating effectively as an informal leader in a high-functioning team.
- Effective organizational, analytical and independent problem solving skills.
- Successful experience coordinating and completing multiple tasks within established and changing deadlines.
- Strong presentation skills with experience addressing and interfacing with executives and technical staff.
- Experience working in the financial services industry or other highly regulated/compliance oriented environments.
- Experience with regulatory compliance issues such as: FFIEC, OFCC, SEC and Federal Reserve plus: SOX, GLBA and PCI.