Work location : San Francisco CA
Duration : 3+ Months
• Bachelor's degree in Computer Science, Information Systems, Computer Engineering, Cybersecurity, Systems Analysis or a related field or equivalent work experience • Typically has 2+ years of information security related experience in areas such as: security operations, testing, and/or system or security administration • Requires knowledge of security issues, techniques and implications across all existing computer platforms • Requires ability to analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach • Knowledge of critical security controls • Knowledge of secure coding practices, ethical hacking and threat modeling • Security certifications required (one or more): – GIAC Information Security Fundamentals (GISF) – CompTIA Security+ (CS+) – EC-Council Certified Security Analyst (ESCA)
1. Privacy Analyst/Manager—Analyst / manager position with working knowledge of U.S. laws. Privacy Analyst/Manager will work with cross-functional team to complete assessment of personally identifiable information collected, processed, and stored in the Bank's environment. Position will also assist Privacy Officer in preparing meeting materials, management reports, position papers, and policies and procedures. Familiarity with RSA Archer strongly preferred. Position reports directly to Privacy Officer.
2. ESPRA Analyst—seeking an analyst with experience leading teams of contractors (or employees) to help supervise a backward looking assessment of 150 vendor relationships. Ideal candidate will have experience working with legal contracts, assessing third party risk, preparing detailed management reports, experience with MS Project, PowerPoint, and Excel. Position reports directly to the Privacy Officer. General Characteristics & Roles Responsible for the development, implementation, and management of the Bank's program to protect information assets. Delivers effective and efficient national information security products and services to defend the Client Reserve System (FRS) against cyber security attacks, cyber threats, and unauthorized use by both internal and external adversaries. Defines security policies, processes and standards. Works with the IT department to identify security requirements, define security-related processes and standards, and select and deploy technical controls. Evaluates and assesses management compliance with privacy and security regulations. Performs technical and administrative analyses for security and privacy including system access and compliance audits to identify ways to reduce risk. Oversees and evaluates the effectiveness of security controls, perform periodic testing Provides expertise and assistance to ensure the Bank's information assets are protected. Performs security assessments and works with appropriate teams to remediate information security threats. Updates, maintains and documents security controls and provides direct support to the Bank and internal IT groups. Communicates and educates IT and the Bank about security policies and industry standards, and provides solutions for security issues. The following roles will encompass the Information and Cyber Security job family: Focuses on the needs of information security service. Brings security expertise and solutions to development efforts and makes the IT environment more secure. Determines what data can be shared, assures compliance, quantifies IT security risk and supports remediation activities. Responsibilities from Associate Information Security Analyst plus: • Handles more technically complex security scenarios • Contributes to best practices and procedures for protecting information, assets and security in conjunction with department managers • Collaborates on projects to ensure that security requirements and issues are addressed throughout the project life cycle • Analyze information security control metrics to demonstrate effectiveness or need for control improvement • Consults with business service owners and application development teams, providing information security expertise and solutions • Monitors security SLAs • Manages project documentation, such as compliance documentation, security plans, corrective action plans, etc. • Provides security briefings to advise on critical issues that may affect the Bank • Conducts knowledge transfer training sessions to NIRT and other security teams upon new technology implementation • Evaluate vulnerabilities to determine the appropriate risk level based on potential business impact, application/data criticality and existing mitigating controls • Prioritize vulnerability risks and work with technology and business owners to develop remediation and mitigation plans within SLAs • Receives audit findings, and manages the collection of responses and remediation plans with owners • Provides oversight and management of audit finding remediation, including generating requirements for full remediation, providing feedback and suggestions on managerial responses to findings, as well as tracking progress and providing status updates to the compliance team for reporting purposes • Identifies and uses tools to monitor data transmissions and analyze data streams • Reviews data breach notifications and assists in investigations • Examines source codes of websites and applications on multiple devices such as laptops, phones and tablets, to identify potential vulnerabilities and security flaws • Compiles, summarizes, and presents research on relevant issues • Maintains an awareness of existing and proposed security-standard-setting groups, state and Client legislation and regulations pertaining to information security • Participates in security alerts, communications, training and education • Review privacy risks to prioritize remediation and risk mitigation plans • Lead privacy incident investigations to determine impact and root-cause • Works on one or more IT security area • Works as a team member, sometimes as a team lead for low to moderately complex tasks
Intelliswift Software Inc.
Email : firstname.lastname@example.org
Work : +1-510 370 4565