1. Investigations and Digital Forensics: Under the direction of Information Security management performs digitalforensics acquisition and examination of evidence to support corporate investigation needs. Applies corporate methodology, leading practices and experience to maintain evidence integrity and ensure accurate fact-based examination results are reported. Formally attests (e.g. deposition, affidavit and testimony) to law enforcement and/or court of law regarding procedures performed and accuracy of examination results. Responds in a timely manner to digitalforensics requests and maintains forensic lab technology, software and evidence. Identifies and recommends improved methods and procedures for digitalforensics acquisition, examination and reporting. Partners and collaborates with Office of General Counsel, Human Resources, Fraud Examiners, external law enforcement and others as required.
2. Security Incident Response: Leads the execution of all phases of the corporate security incident response methodology by providing a structured and timely response to incidents according to the corporate security incident response plan. Provides timely notification of critical events to the security incident response team and directs subordinate staff to perform response activities. Leads preparation activities with IT and business staff and identifies improved methods for security incident response.
3. Security Governance Development: Participate in the development, review, ongoing maintenance and development of security policies, standards, processes, procedures and requirements to facilitate the establishment of common administrative controls for the delivery of security capabilities. Provide Information Security guidance through all phases of a project when identified as a necessary resource.
4. Security Awareness: Develop content for organization wide and targeted security awareness training. Present relevant information security topics through a variety of forums depending on the audience.
5. Disaster Recovery: Assist with the maintenance and testing of disaster recovery exercises and plans.
6. The above statement of duties is not intended to be all inclusive and other duties will be assigned from time to time.
1. Bachelors Degree in Computer Science, Information Systems or related field (or equivalent work experience).
2. Six+ years of demonstrated proficiency with an information securityaudit, assessment, engineering or architecture focus or comparable, professional experience.
3. Proven ability to clearly and effectively communicate business and technical information, both verbally and in writing. Aptitude for speaking or communicating to varied groups of business and technical professionals.
4. Established skills and experience in the development of security policies, standards or other governance practices.
5. Demonstrated relationship management and consulting skills, including ability to effectively influence and negotiate.
6. Proven ability to provide high quality customer service.
7. In-depth knowledge of security issues in all areas of the Common Body of Knowledge.
8. Demonstrated working knowledge of information security concepts in at least (12) of the following: digitalforensics; incident response; patch management; configuration management; vulnerability management; audit & compliance; security assessments; penetration testing; control governance frameworks; security & privacy related regulations; security governance (policies, standards); risk management; software development lifecycle; systems development lifecycle; business continuity; disaster recovery; cryptography; application security; networksecurity; system security; database security; access management.
9. Financial Services industry experience strongly preferred.
10. Hold one or more professional certifications from the following programs: GIAC; ISC2; ISACA; CISSP, GSEC, GCFA, GSNA or CISA preferred
Job Id: R-002834