Friday, July 24, 2015

Business Analyst/Product Manager

The Senior Security Assurance Specialist will help shape the Information Security Risk Management program within the Security Assurance group in E*TRADE Corporate Security. The job encompasses leading and participating in various vendor security assessments, application security assessments, technology project security assessments, and E*TRADE/vendor onsite security assessments with a goal to identify, classify, and document security risk in the environment. The candidate will document assessment results, recommend corrective action, track remediation, evaluate policy exceptions, escalate security issues, and regularly report on the information security posture of the organization.
●      Act as a mentor to other Security Assurance Specialists on the team by providing industry and best practice knowledge.
●     Collaborate closely with Third Party Oversight to provide Information Security Risk Assessment support for security assessments of E*TRADE vendors. Complete security risk assessments, determine mitigating controls, conduct closing meetings, document through Security Risk reports, and identify/track the corrective action through Management Action Plans (MAPs) as required.
●     Lead on-site security assessments at various E*TRADE offices, and at selected E*TRADE vendor locations. Perform security assessments, determine mitigating controls, and identify/track the corrective action through Management Action Plans (MAPs) as required.
●     Participate in application security assessments. Review the evidence and results of the application assessments for compliance to security policy and information security best practices. Initiate Exception Forms for policy or control deviations and identify mitigating controls.
●     Research industry trends, identify ongoing security requirements, analyze security risk management tools, and provide recommendations on the need and usefulness of the tools.
●     Refine security process documentation to align with Regulatory requirements and best practices as noted through organizations such as BITS, ISO, and COBIT.
●     5 years of experience in an Information Security position, or two years in an IT Audit role with a background in Information Security best practices.
●     Training in Risk Management, Privacy Impact Analysis, or IT Audit Methodology strongly desired.
●     Knowledge of ISO 27000 frameworks, BITS SIG, or COBIT/SOX IT control testing.
●     Knowledge of security controls for the handling of Personally Identifiable Information (PII) data.
●     Knowledge of regulations and security compliance requirements affecting financial institutions.
●     Working knowledge of Agiliance RiskVision, MetricStream, RSA Archer or other commercial Governance, Risk, & Compliance software.
●     Practical experience with application security and/or database security
●     Excellent organizational, collaborative, written, presentation, and verbal skills.
●     Occasional travel may be required (no more than 25%).
●     Membership and participation in security organizations, such as ISSA, ISC2, or ISACA.

●     Risk and Compliance (GRC) solution, is a plus.
●     Pentration or vulnerability scanning experience is a plus
●     Big 4 or other advisory related experience is a plus.
●     CISSP, CISA, or CISM preferred.

●     4 years Computer Science degree or Business Degree, or an equivalent combination of education and experience required.

Naveen Gummula
Recruiter - Executive
48531 Warm Springs Blvd # 405
Fremont, CA 94539
(408) 767-4171