Description
RESPONSIBILITIES? Collaborate closely with Third Party Oversight to provide Information Security Risk Assessment support for security assessments of E*TRADE vendors. Complete security risk assessments, determine mitigating controls, conduct closing meetings, document through Security Risk reports, and identify/track the corrective action through Management Action Plans (MAPs) as required.
? Perform on-site security assessments at various E*TRADE offices, and at selected E*TRADE vendor locations. Perform security assessments, determine mitigating controls, and identify/track the corrective action through Management Action Plans (MAPs) as required.
? Participate in application security assessments. Review the evidence and results of the application assessments for compliance to security policy and information security best practices. Initiate Exception Forms for policy or control deviations and identify mitigating controls.
? Research industry trends, identify ongoing security requirements, analyze security risk management tools, and provide recommendations on the need and usefulness of the tools.
? Refine security process documentation to align with Regulatory requirements and best practices as noted through organizations such as BITS, ISO, and COBIT.
REQUIREMENTS
? 3 years of experience in an Information Security position with a background in Information Security best practices.
? Knowledge of ISO 27000 frameworks, BITS SIG, or COBIT/SOX IT control testing.
? Knowledge of security controls for the handling of Personally Identifiable Information (PII) data.
? Knowledge of regulations and security compliance requirements affecting financial institutions.
? General knowledge of Agiliance RiskVision, MetricStream or other commercial Governance, Risk and Compliance (GRC) solution, is a plus.
? Excellent organizational, collaborative, written, presentation and verbal skills.
? Occasional travel may be required (no more than 25%).
DESIRED EXPERIENCE
? CISSP, CISA, or CISM preferred.
? Membership and participation in security organizations, such as ISSA, ISC2, or ISACA.