New York City
about 2 months ago
You will be expected to:
Assist / Lead the risk assessment, scoping and planning of a review.
Assist / Lead in executing the review. Specifically focusing on the following:
o Design and execute tests to validate identified application system controls, which may require data analysis, code inspection and re-performance of system processes.
o Analyse the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on business-aligned technology groups.
o Analyse the business and technology processes to evaluate the effectiveness of the relevant technology controls.
o Validate that system features meet business, technology and regulatory requirements.
o Validate the quality of internal SOX assessments.
Document the results of the test steps executed within the IA automated document project repository.
Assist/Lead in the report preparation
Assist/Lead in presenting the scope, progress and results of the review to internal, technology and business stakeholders.
Possess a degree in Computer Science, Information Security, Engineering or equivalent
Technology skills including:
Deep understanding of Linux and Windows operating systems, experience of batch scripting and executing standard commands
Internet infrastructure design and installation and support of network devices and firewalls
Cloud computing concepts, technologies, risks and mitigating controls
Systems and security administration and configuration of servers and desktops (UNIX, Windows, directory services etc.)
Security risks related to web, mobile, web services, and client/server architectures
Encryption schemes (symmetric, asymmetric, and hashing) and how they may be applied in an application architecture
Vulnerability assessment and penetration testing methodologies and processes for web, thick client and mobile applications
Experience with Splunk and/or other SIEM platforms would be useful but not required
Threat modelling, intelligence and incident response
Management, monitoring and operations of technology (backups, change management, system monitoring, incident/problem Management)
Business continuity planning and disaster recovery design and implementation
Security within the software development lifecycle
Relevant technology standards and regulations – NIST Cyber Security Framework, FFIEC CAT, ISO 27001, GDPR, NYSDFS, data privacy rules, FFIEC IT handbooks etc.
Data and log analysis (using SQL and Splunk) and visualisation (using Spotfire, Tableau, QlikView or other) would be useful but not required
Relevant certification or industry accreditation (CISA, CISSP, CISM, etc.) useful but not required