Job Searchi - jobSearchi.com

Job Details

ID #15445944
State Colorado
City Denver
Job type Permanent
Salary USD TBD TBD
Source Bank Of America
Showed 2021-06-14
Date 2021-06-13
Deadline 2021-08-12
Category Software/QA/DBA/etc
Create resume

Senior Control Evaluation Analyst

Colorado, Denver, 80201 Denver USA

Vacancy expired!

Job Description:

The Senior Control Evaluation Analyst is responsible for and/or coordinates Control Evaluation team work to review and understanding triaged, prioritized cybersecurity threat information received from the Cyber Threat Defense Framework's Intake Function in order to:
  • Ensure alignment of threats to existing Risk IDs
  • Identify and prioritize all in-scope controls
  • Determine an Inherent Risk Rating
  • Evaluate the identified in-scope controls (for coverage, effectiveness, resiliency and health) in order to identify gaps/weaknesses/opportunities for improvement
  • Determine a Control Evaluation Rating and a Residual Risk rating
  • Transmit completed control evaluations to the Cyber Threat defense Operations (CTDO) Quality Assurance (QA) or Resolution Team
  • Update the CTDO Resolution or QA team on any process updates received from control owners
  • Maintain a running list of open issues, SIAIs, JDIs that may align to the threat and/or aligned controls
  • Assist the Control Evaluation Team lead and CTDO leaders in identifying and pursuing/implementing opportunities for improvement in the Control Evaluation function as well as the larger Cyber Threat defense Framework

The senior analyst will be responsible for and/or directly provide guidance to and review other Control Evaluation analysts' review of submissions and synthesis of threat intelligence, control information from various sources (to include control owners, assessments, tests, dashboards, the PRC/SPI) with a knowledge of risks in order to appropriately characterize the bank's controls in light of a specific threat.

This role will directly assist in the identification, design and delivery of improvements to defense capabilities based on threat intelligence, risk processes, control evaluations and incidents and issues throughout the Bank. They will work in an environment that is fast-paced and requires superior organizational and time-management skills but is also open, collaborative and possesses a global presence.

Typical job duties include:

  • Reviewing Threat Intake forms to ensure full comprehension and obtaining the clarification and/or additional information required for the proper and timely execution control evaluation function
  • Working with Cyber Threat Defense Operations teammates, GIS control owners, various subject matter experts, and other partners to understand the bank's current defensive posture against specific threats and identify opportunities for improvement
  • Reviewing existing process and control information as it relates to the threat from cyber assessments.
  • Producing written documentation (e.g. a completed Control Evaluation form) of in-scope controls for a given threat. This would include summarizing the control evaluation takeaways as it relates to the threat for consumption by other GIS partners.
  • Presenting findings to senior leaders and peers across and external to GIS on the threat scenario
  • Ensuring the Control Evaluation function maintains an accurate, up-to-date and accessible report on the status of its work
  • Ensuring the Control Evaluation function meets all SLAs/timelines
  • Ensuring the Control Evaluation function effectively captures and warehouses all relevant control information for re-use and application in broader GIS/CSD efforts
  • Assisting with the development and maturation of the Control Evaluation function, to include the establishment and development of relationships with assessment and testing teams and the development of technology solutions
  • Representing the Control Evaluation function as proxy for team lead
  • Demonstrating exceptional organizational and cross-functional communication skills to work closely with other elements of GIS and elsewhere to integrate analysis from across the Enterprise

Desired Skills/Experience:
  • Direct experience with cybersecurity/GIS processes and controls, particularly technical/CSD processes and controls, is required
  • Direct experience with or strong familiarity with cybersecurity assessments and testing is highly desired

Working knowledge of:
  • The MITRE ATT&CK Framework is highly desired
  • PRC and Single Process Inventory (SPI) Framework is desired
  • Information security frameworks such as NIST CSF (cybersecurity framework), FFIEC CAT is desired
  • Risk Analysis, risk models, risk quantification, risk score development is desired
  • Previous team leadership is desired

The application of existing and developed knowledge and experience of information security controls, infrastructure, problem management, risk identification and remediation is key to this role. An ability to operate independently and consistently exercise sound judgment is required, as are writing and presentation skills. The candidate should also possess an understanding of the cyber threat and controls landscape. The role requires extraordinary data analysis and communication and superior organizational abilities (documentation, attention to detail) together with a passion for working in a dynamic, fast-paced environment. This is a new function within the Cyber Security Defense unit and as such offers an outstanding opportunity for the right candidate to demonstrate and further develop their skills.

Enterprise position overview: Leads the development of tools and processes that provide cybersecurity defense. Use technical expertise to provide systems disruption protection (DDoS), systems intrusion protection (IDS/IPS, WAF, Log Monitoring), network boundary protection (NAC, Firewalls), detects/prevents malware threats for applications and infrastructure and protects data leakage. Utilizes experience and deep knowledge of IT platforms, tools, and concepts to ensure cybersecurity protection is integrated into all layers of defense. Provides leadership team with info security threat recommendations and updates. Typically has 5+ years of relevant experience across multiple disciplines.

Job Band:

Shift:1st shift (United States of America)

Hours Per Week:40

Weekly Schedule:

Referral Bonus Amount:0 >

Job Description:

The Senior Control Evaluation Analyst is responsible for and/or coordinates Control Evaluation team work to review and understanding triaged, prioritized cybersecurity threat information received from the Cyber Threat Defense Framework's Intake Function in order to:
  • Ensure alignment of threats to existing Risk IDs
  • Identify and prioritize all in-scope controls
  • Determine an Inherent Risk Rating
  • Evaluate the identified in-scope controls (for coverage, effectiveness, resiliency and health) in order to identify gaps/weaknesses/opportunities for improvement
  • Determine a Control Evaluation Rating and a Residual Risk rating
  • Transmit completed control evaluations to the Cyber Threat defense Operations (CTDO) Quality Assurance (QA) or Resolution Team
  • Update the CTDO Resolution or QA team on any process updates received from control owners
  • Maintain a running list of open issues, SIAIs, JDIs that may align to the threat and/or aligned controls
  • Assist the Control Evaluation Team lead and CTDO leaders in identifying and pursuing/implementing opportunities for improvement in the Control Evaluation function as well as the larger Cyber Threat defense Framework

The senior analyst will be responsible for and/or directly provide guidance to and review other Control Evaluation analysts' review of submissions and synthesis of threat intelligence, control information from various sources (to include control owners, assessments, tests, dashboards, the PRC/SPI) with a knowledge of risks in order to appropriately characterize the bank's controls in light of a specific threat.

This role will directly assist in the identification, design and delivery of improvements to defense capabilities based on threat intelligence, risk processes, control evaluations and incidents and issues throughout the Bank. They will work in an environment that is fast-paced and requires superior organizational and time-management skills but is also open, collaborative and possesses a global presence.

Typical job duties include:

  • Reviewing Threat Intake forms to ensure full comprehension and obtaining the clarification and/or additional information required for the proper and timely execution control evaluation function
  • Working with Cyber Threat Defense Operations teammates, GIS control owners, various subject matter experts, and other partners to understand the bank's current defensive posture against specific threats and identify opportunities for improvement
  • Reviewing existing process and control information as it relates to the threat from cyber assessments.
  • Producing written documentation (e.g. a completed Control Evaluation form) of in-scope controls for a given threat. This would include summarizing the control evaluation takeaways as it relates to the threat for consumption by other GIS partners.
  • Presenting findings to senior leaders and peers across and external to GIS on the threat scenario
  • Ensuring the Control Evaluation function maintains an accurate, up-to-date and accessible report on the status of its work
  • Ensuring the Control Evaluation function meets all SLAs/timelines
  • Ensuring the Control Evaluation function effectively captures and warehouses all relevant control information for re-use and application in broader GIS/CSD efforts
  • Assisting with the development and maturation of the Control Evaluation function, to include the establishment and development of relationships with assessment and testing teams and the development of technology solutions
  • Representing the Control Evaluation function as proxy for team lead
  • Demonstrating exceptional organizational and cross-functional communication skills to work closely with other elements of GIS and elsewhere to integrate analysis from across the Enterprise

Desired Skills/Experience:
  • Direct experience with cybersecurity/GIS processes and controls, particularly technical/CSD processes and controls, is required
  • Direct experience with or strong familiarity with cybersecurity assessments and testing is highly desired

Working knowledge of:
  • The MITRE ATT&CK Framework is highly desired
  • PRC and Single Process Inventory (SPI) Framework is desired
  • Information security frameworks such as NIST CSF (cybersecurity framework), FFIEC CAT is desired
  • Risk Analysis, risk models, risk quantification, risk score development is desired
  • Previous team leadership is desired

The application of existing and developed knowledge and experience of information security controls, infrastructure, problem management, risk identification and remediation is key to this role. An ability to operate independently and consistently exercise sound judgment is required, as are writing and presentation skills. The candidate should also possess an understanding of the cyber threat and controls landscape. The role requires extraordinary data analysis and communication and superior organizational abilities (documentation, attention to detail) together with a passion for working in a dynamic, fast-paced environment. This is a new function within the Cyber Security Defense unit and as such offers an outstanding opportunity for the right candidate to demonstrate and further develop their skills.

Enterprise position overview: Leads the development of tools and processes that provide cybersecurity defense. Use technical expertise to provide systems disruption protection (DDoS), systems intrusion protection (IDS/IPS, WAF, Log Monitoring), network boundary protection (NAC, Firewalls), detects/prevents malware threats for applications and infrastructure and protects data leakage. Utilizes experience and deep knowledge of IT platforms, tools, and concepts to ensure cybersecurity protection is integrated into all layers of defense. Provides leadership team with info security threat recommendations and updates. Typically has 5+ years of relevant experience across multiple disciplines.

Job Band:

Shift:1st shift (United States of America)

Hours Per Week:40

Weekly Schedule:

Referral Bonus Amount:0

Job Description:

The Senior Control Evaluation Analyst is responsible for and/or coordinates Control Evaluation team work to review and understanding triaged, prioritized cybersecurity threat information received from the Cyber Threat Defense Framework's Intake Function in order to:
  • Ensure alignment of threats to existing Risk IDs
  • Identify and prioritize all in-scope controls
  • Determine an Inherent Risk Rating
  • Evaluate the identified in-scope controls (for coverage, effectiveness, resiliency and health) in order to identify gaps/weaknesses/opportunities for improvement
  • Determine a Control Evaluation Rating and a Residual Risk rating
  • Transmit completed control evaluations to the Cyber Threat defense Operations (CTDO) Quality Assurance (QA) or Resolution Team
  • Update the CTDO Resolution or QA team on any process updates received from control owners
  • Maintain a running list of open issues, SIAIs, JDIs that may align to the threat and/or aligned controls
  • Assist the Control Evaluation Team lead and CTDO leaders in identifying and pursuing/implementing opportunities for improvement in the Control Evaluation function as well as the larger Cyber Threat defense Framework

The senior analyst will be responsible for and/or directly provide guidance to and review other Control Evaluation analysts' review of submissions and synthesis of threat intelligence, control information from various sources (to include control owners, assessments, tests, dashboards, the PRC/SPI) with a knowledge of risks in order to appropriately characterize the bank's controls in light of a specific threat.

This role will directly assist in the identification, design and delivery of improvements to defense capabilities based on threat intelligence, risk processes, control evaluations and incidents and issues throughout the Bank. They will work in an environment that is fast-paced and requires superior organizational and time-management skills but is also open, collaborative and possesses a global presence.

Typical job duties include:

  • Reviewing Threat Intake forms to ensure full comprehension and obtaining the clarification and/or additional information required for the proper and timely execution control evaluation function
  • Working with Cyber Threat Defense Operations teammates, GIS control owners, various subject matter experts, and other partners to understand the bank's current defensive posture against specific threats and identify opportunities for improvement
  • Reviewing existing process and control information as it relates to the threat from cyber assessments.
  • Producing written documentation (e.g. a completed Control Evaluation form) of in-scope controls for a given threat. This would include summarizing the control evaluation takeaways as it relates to the threat for consumption by other GIS partners.
  • Presenting findings to senior leaders and peers across and external to GIS on the threat scenario
  • Ensuring the Control Evaluation function maintains an accurate, up-to-date and accessible report on the status of its work
  • Ensuring the Control Evaluation function meets all SLAs/timelines
  • Ensuring the Control Evaluation function effectively captures and warehouses all relevant control information for re-use and application in broader GIS/CSD efforts
  • Assisting with the development and maturation of the Control Evaluation function, to include the establishment and development of relationships with assessment and testing teams and the development of technology solutions
  • Representing the Control Evaluation function as proxy for team lead
  • Demonstrating exceptional organizational and cross-functional communication skills to work closely with other elements of GIS and elsewhere to integrate analysis from across the Enterprise

Desired Skills/Experience:
  • Direct experience with cybersecurity/GIS processes and controls, particularly technical/CSD processes and controls, is required
  • Direct experience with or strong familiarity with cybersecurity assessments and testing is highly desired

Working knowledge of:
  • The MITRE ATT&CK Framework is highly desired
  • PRC and Single Process Inventory (SPI) Framework is desired
  • Information security frameworks such as NIST CSF (cybersecurity framework), FFIEC CAT is desired
  • Risk Analysis, risk models, risk quantification, risk score development is desired
  • Previous team leadership is desired

The application of existing and developed knowledge and experience of information security controls, infrastructure, problem management, risk identification and remediation is key to this role. An ability to operate independently and consistently exercise sound judgment is required, as are writing and presentation skills. The candidate should also possess an understanding of the cyber threat and controls landscape. The role requires extraordinary data analysis and communication and superior organizational abilities (documentation, attention to detail) together with a passion for working in a dynamic, fast-paced environment. This is a new function within the Cyber Security Defense unit and as such offers an outstanding opportunity for the right candidate to demonstrate and further develop their skills.

Enterprise position overview: Leads the development of tools and processes that provide cybersecurity defense. Use technical expertise to provide systems disruption protection (DDoS), systems intrusion protection (IDS/IPS, WAF, Log Monitoring), network boundary protection (NAC, Firewalls), detects/prevents malware threats for applications and infrastructure and protects data leakage. Utilizes experience and deep knowledge of IT platforms, tools, and concepts to ensure cybersecurity protection is integrated into all layers of defense. Provides leadership team with info security threat recommendations and updates. Typically has 5+ years of relevant experience across multiple disciplines.

Shift:1st shift (United States of America)

Hours Per Week:40

Learn more about this role

Vacancy expired!

Subscribe Report job