About the Opportunity
Our client is looking for a Information Security Analyst to join their office located in Manhattan, New York. This role is essential in supporting their mission to create better-informed and more efficient financial markets by organizing securities into three distinct markets based on the quality and quantity of information. This position is primarily remote, but requires the ability to commute for in-person meetings when necessary.
The base pay for this position is $70 to $95 per hour. Actual compensation offered to the successful candidate may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level, among other things. Details about eligibility for bonus compensation (if applicable) will be finalized at the time of offer.
Responsibilities
- Review and update policies and procedures: Ensure alignment with SEC Regulation SCI and ISO 27001, making necessary enhancements for compliance
- Support external risk assessments: Assist in organizing and conducting external risk assessments, and develop continuous monitoring strategies with regular reports to senior management
- Strengthen privileged access controls: Enhance measures around privileged system accounts and administrative access to improve security
- Conduct regular access control audits: Perform ongoing audits to ensure that access controls are both effective and compliant with regulatory requirements
- Refine incident response plans: Improve and formalize incident response plans, ensuring they are regularly tested and integrated with other organizational strategies
- Implement data protection measures: Deploy data loss prevention controls and encryption protocols to safeguard sensitive information
- Maintain security awareness training: Continue to provide comprehensive security awareness training, focusing on insider threats and incident response
- Report to senior management: Deliver consistent updates to senior management on the organization’s security posture, incident trends, and opportunities for improvement
- Assist in incident response: Provide support during security incidents, including investigation, containment, eradication, and recovery efforts
- Keep detailed incident records: Maintain thorough logs of incidents and conduct post-incident reviews to enhance response processes
- Analyze threat intelligence: Continuously gather and assess threat intelligence to stay ahead of new and emerging threats
- Support daily security operations: Assist in maintaining the firm’s security tools and processes, such as security reviews, application approvals, and change management
- Enhance the GRC framework: Develop and implement a comprehensive governance, risk management, and compliance (GRC) framework that aligns with industry standards and regulatory requirements
- Conduct GRC audits and assessments: Regularly audit and assess GRC activities to identify and address any potential gaps in compliance.
- Evaluate vendor compliance: Periodically assess vendor relationships and review applicable Complimentary User Entity Controls (CUICs) to ensure compliance
Requirements
- Bachelor’s degree in Information Security, Cybersecurity, or a related
- Relevant certifications (CISSP, CISM, CISA, or ISO 27001)
- 5+ years of experience in cybersecurity, information security, information technology, engineering, risk management, compliance or a related field, preferably within the financial services industry
- Regulatory compliance experience
- Experience with incident response, continuity planning, capacity planning and stress testing
