Senior Information Security Analyst
Location: Onsite in NYC Midtown, 5 days a week
As a Senior Information Security Analyst, you will serve as a key risk manager responsible for identifying, assessing, and escalating security risks. You will collaborate closely with the Security and IT Infrastructure teams to support various security administration tasks and initiatives, ensuring the organization's infrastructure and data remain protected.
Key Responsibilities:
- Develop and maintain comprehensive security manuals.
- Oversee daily monitoring of Data Loss Prevention tools such as Trellix EPO and TMS.
- Use Spirion to create and run scans for detecting files containing Personally Identifiable Information (PII) and ensure compliance with the data retention policy.
- Manage Privileged Access Management (PAM) and generate reports.
- Lead weekly IT meetings to discuss vulnerabilities, patches, and alarms triggered by security tools.
- Stay updated on potential threats by monitoring sources like the Qualys Threat Protection Feed and CISA alerts, and ensure appropriate actions are taken to protect the network.
- Collaborate with control owners to remediate identified deficiencies and track their progress.
- Contribute to the enhancement of the Information Security program, focusing on increasing its maturity through strategy development and process improvements.
- Support efforts in assessing, managing, and remediating information security risks related to IT infrastructure, applications, platforms, and suppliers, ensuring clear requirements and timelines are established.
- Regularly report on remediation progress to the Chief Information Security Officer (CISO) or Chief Risk Officer (CRO).
- Conduct vulnerability scans using Qualys and monitor for new and existing threats, collaborating with IT and users to address them.
- Prepare and present daily, weekly, and monthly security reports to identify issues and ensure timely remediation.
- Lead risk assessments, audits, governance efforts, and policy reporting, preferably in a financial institution context.
- Assist in aligning security controls with organizational policies, procedures, and processes, and ensure their proper testing for adequate coverage.
- Monitor system events daily to detect and respond to potential malicious activities.
- Review and approve firewall rules using Tufin.
- Analyze system events through the AlienVault SIEM and follow up on detected issues.
- Monitor the network for malicious activity or exploitation using Tipping Point IPS.
- Liaise with vendors for troubleshooting and maintaining security tools.
Qualifications:
- 5+ years of experience in managing information security governance, risk, and compliance.
- Bachelor’s degree in a relevant field.
- Security certifications (e.g., CISSP, CISA, CISM, CEH) are advantageous but not mandatory.
- Solid knowledge of security frameworks such as NIST, SOC2, ISO, FFIEC, and NYDFS-Part500.
- Strong communication, presentation, and writing skills, with fluency in English.
- Experience with Governance, Risk, and Compliance (GRC) tools like RSA Archer.
- Proficient in Microsoft Office applications.
This role offers the opportunity to shape and elevate the organization's information security landscape, driving risk management and enhancing security processes.