Vacancy expired!
- Leads the design, engineering, implementation and operation of information security processes, policies, standards, systems, and controls based on business and technical requirements.
- Analyzes and correlates data from multiple security tools, such as endpoint protection, intrusion detection systems, security event monitors, web application firewalls and SaaS based platforms (e.g. Microsoft Cloud App Security, zScaler, Entreda, Cloudflare, MAM, MECM, etc).
- Protects M Financial information and information systems by analyzing public and private information sources to develop effective defensive techniques, policies, procedures, and standards.
- Develops security roadmaps, diagrams, and documentation for increased adoption of cloud platforms (AWS, Azure).
- Responsible for the annual compliance of the Member Firm Information Security Policy program for all Member Firms.
- Responsible for the remediation of findings in the annual MFH penetration test.
- Effectively communicates technical issues and investigative findings to technical and non-technical audiences in written and verbal form.
- Leads information sharing and integration procedures across the Core Technology and Data Team through the exchange of threat intelligence and vulnerability assessment data.
- Develop annual goals and metrics for patch and vulnerability management program.
- Coordinate and develop appropriate third-party risk management goals in coordination with Internal Audit.
- Serves as an advisor and subject matter expert on identified projects or any other M Financial initiative that may have an information security implication.
- Develops and leads user access reviews in coordination with the Internal Audit team.
- Develops and generates reports and metrics (e.g. system/control metrics, status updates, risk assessments reports, remediation reports) to support information security measurement and reporting objectives.
- Provides support and assistance across the organization related to information security related technology and programs.
- Triage, investigate, respond to, and escalate security anomalies and alerts.
- Investigates and verifies potential phishing emails for MFH.
- Investigates and provides leadership on Member Firm security incidents. Reports to the compliance and Wealth Solutions department.
- Provides on-call after-hours support as assigned, including evenings, weekends, and holidays.
- Performs other duties as assigned.
- Bachelor’s degree in Computer Science, Information Technology, or relevant field or equivalent knowledge and skills obtained through a combination of education, training, and experience required.
- Minimum of five (5) years of experience in IT, of which at least 1 years of experience in information security is required.
- Two or more relevant security related certifications preferred (e.g. CISSP, CISM, GSEC, Security+, CEH, GPEN, GSEC, or equivalent).
- Knowledge of regulatory and compliance standards is required (GDPR, CCPA, HIPAA, GLBA, NIST, ISO27001).
- Expertise with networking protocols and basics of TCP/IP.
- Strong knowledge with Metasploit.
- Expertise with Rapid7 and InsightVM platform.
- Familiar with DAST and SAST concepts for web application security testing.
- Excellent project management, written and verbal communication skills.
- Ability to collect and analyze data to guide decision making while under potentially intense pressure to address security incidents.
- Ability to identify and correlate cyber threats and vulnerabilities.
- Strong understanding of adversarial tactics and techniques.
Vacancy expired!