Story Behind the Need:
Business group: Cyber Security Red Team
Client’s Information Security & Control (S&C’s Cyber Security Red Team has global accountability and is highly supportive of the Bank’s business, enabling execution of the Bank’s strategies, operations, and services, while ensuring that appropriate application and cyber security practices are adhered to. This function provides core competency in proactively detecting application and network vulnerabilities while working with the appropriate teams in instituting appropriate controls to mitigate risks, specifically as it pertains to system vulnerabilities and threats.
Project: The prospective candidate would be coordinating multiple engagements.
Candidate Value Proposition:
The successful candidate will have the opportunity to work within Client. We are technology partners who help the business transform how our employees around the world work. You will get to work with and learn from diverse industry leaders, who have hailed from top technology.
Typical Day in Role:
In this role, you will be expected to work closely with the application development groups from every line of business in the Bank to integrate application and network security processes and procedures into the software development lifecycle. You will manage relationships and program processes with system owners, leadership up to and including executive level stakeholders, vendors and the Bank’s internal penetration testing team to ensure regulatory driven and internal mandated penetration testing and red team programs are executed. Additional duties will include oversight of operations such as process and procedure development and documentation, reporting, financial tracking.
Collaborate with IT management teams, security advisory and IT Risk teams, on a Global Scale to ensure effective execution of mandated assessments.
Develop/enhance and/or execute effective communication models to assist with the management of reported vulnerabilities, control gaps, people and process related gaps issues and their remediation.
Identify opportunities and gaps within internal process and procedures to develop/enhance and/or execute strategies for improvement and maturity within each program, inclusive of but not limited to, execution operations reporting and tracking.
Be responsible for adherence to established process flows that ensure development teams, infrastructure teams and business owners implement control measures that effectively mitigate or eliminate risk.
Be responsible for timely and accurate reporting of all findings to the appropriate teams’ different levels of management and business risk owners.
Be responsible for scheduling oversight of execution, creation and management of deliverables to stakeholders and other Security teams within 15&C.
Spearhead debrief sessions to socialize and action results of assessments with appropriate stakeholders.
Candidate Requirements/Must Have Skills:
You have 5-7 years as a Project/Technical Coordinator or security related experience.
2+ years of hands-on experience managing financial budgets, financial reporting, reviewing invoicing and statements of work.
Strong working experience independently making decisions guided by process and procedures (with limited guidance).
Nice-To-Have Skills:
You have an understanding of the cyber kill chain (such as Mitte ATT&CK) and ability to connect techniques to results.
Database experience, Power BI skills, JIRA Service management at a developer level.
Spanish is considered an asset.
Security certifications such as CISSP, CISM are nice to have.
Soft Skills Required:
Should be able to work with a wide scope of work in an ever-changing environment.
You possess strong communication (verbal/written/presentation) skills in English.
You have strong customer service skills.
You have well-rounded interpersonal skills, with the ability to build relationships cross-functionally, based on client’s values of respect, integrity, passion, and accountability.
Conflict resolution capabilities.
You are detail-oriented.
Education:
Nice to have an industry certification like Security+, Google cyber security certificate, A+, Network+.
#J-18808-Ljbffr