SUMMARY
Engineers, implements and monitors information security programs and controls. Completes a variety of audit, reporting, information program, policy, procedure, technology and incident mitigation tasks. Translates and designs security requirements in alignment with business and technical requirements including full lifecycle project and program management. Advises information security management of changes to risk profile and solutions.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
- Establishes foundational security capabilities as mature service offerings that allow for a seamless user experience. Initiates, coordinates and monitors progress on approved information security initiatives.
- Establishes and applies risk management principles for consistent tracking and measurement in compliance with industry standards.
- Supports governance, risk and compliance programs and leads maturity efforts including external regulator, auditor, and senior leadership information and materials.
- Assesses and analyzes employee risk due to accidental, incidental, and awareness security issues. Conducts scheduled penetration testing, simulating attacks on systems to find exploitable weaknesses.
- Engineers security solutions efficiently with a minimal technology footprint where possible while ensuring security. Researches, analyzes, and recommends security products, services and tools as needed.
- Audits identity and access methods to ensure a zero-trust framework for both production and development business application systems.
- Works with IT, business teams and vendors on security program initiatives and resolves security related issues through leadership of projects and technical implementations.
- Leads incident response, including steps to minimize impact. Conducts technical and forensic investigations into the source of exploits and the extent of impact.
- Performs forensic collection of evidence including retrieval, handling and chain-of-custody, processing and reporting with discretion and integrity.
- Performs scripting and customization of required reports and dashboards for technical and executive audiences in both IT and business units. Demonstrates a mastery of system and peripheral logs and packet telemetry.
- Provides consistent security guidance that enables new products and solutions to be built securely while validating/measuring the efficiency of our security posture to include technology reviews, vulnerability assessments, and technical business risk assessments.
QUALIFICATIONS (Education, Experience, Knowledge, Skills & Ability):
- Must have at least 6 years information security experience preferably in the financial services industry.
- Must have or be able to obtain within six months of hire one of the following/equivalent certifications:
- Cloud Security Alliance (CSA) Certification of Cloud Security Knowledge (CCSK)
- Offensive Security Certified Professional (OSCP)
- CompTIA PenTest+
- SC-200 Microsoft Security Operations Analyst
- Bachelor’s degree in related field or equivalent experience is required.
- Must have advanced computer skills and a working knowledge of end-point and server operating systems.
- Must also demonstrate conduct consistently with our Corporate Values
PHYSICAL DEMANDS
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
While performing the duties of this job, the employee is frequently required to stand; sit and talk or hear. The employee is occasionally required to walk; use hands to finger, handle, or feel; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl and taste or smell. The employee must occasionally lift and/or move up to 50 pounds. Specific vision abilities required by this job include color vision to identify colored labels, cables, and indicator lights.
Use of computer workstations at desk height and use of server consoles while standing. Installation, removal or termination of cabling, in communications closets and office settings. Occasional use of ladder to reach cables or hardware in ceilings or near top of computer hardware racks. Installation or removal of computer hardware into server racks.
WORK ENVIRONMENT
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Hybrid position.
The noise level in the work environment is usually moderate.
This job description is not designated to cover or contain a comprehensive listing of responsibilities, duties or activities that are required of the employee for this job. Responsibilities, duties and activities may change at any time with or without notice. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
At OnPoint, we believe a workplace that reflects the richness of the world fosters a welcoming and empowering environment for everyone. We're committed to equity and inclusion, and consider all qualified applicants embracing every race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, and your unique background.
We encourage you to apply if you're passionate about this opportunity and have the core qualifications. Your unique experiences and skills are what make you a strong candidate. Don’t let imposter syndrome hold you back! Our recruitment process is designed to be inclusive and accessible to all. If you need any accommodations during the application or interview stage, please let us know. We're dedicated to providing what's necessary to ensure a fair and inclusive experience.
#LI-Hybrid