Engineer - Information Security

Federated HermesPittsburgh, PA
70d
Match Resume

About The Position

The position involves conducting formal end-to-end Information Security Assessments, which includes reviewing questionnaires, third-party security audit reports, and evidence, as well as performing onsite assessments. The role requires performing security reviews for technical products, identifying gaps in security, and providing guidance on mitigating controls. Additionally, the candidate will perform risk analysis on third-party capabilities whenever an application or system undergoes a major change, and use third-party risk evaluation tools to monitor and reduce organizational cyber risk associated with third parties. The position also involves assessing remediation plans and non-compliance acceptances where Information Security standards compliance cannot be achieved, reviewing services and data in scope of the assessment, and analyzing security risk ratings. The candidate will work on projects as directed by management.

Requirements

  • Familiarity with security architecture frameworks such as SABSA and TOGAF.
  • Familiarity with Threat modelling methodologies such as STRIDE.
  • Familiarity with security frameworks such as NIST800, CIS, ISO27001.
  • Familiarity with independent assurance frameworks such as SOC2.
  • Prior experience with risk assessments and general understanding of risk management principles.
  • Excellent written and verbal communications skills.

Nice To Haves

  • Industry recognized technical certifications are desirable (CISSP, CCSP, CompTIA Security+, GIAC security essentials).
  • Familiarity with security and privacy regulations impacting financial services such as SOX and GDPR.

Responsibilities

  • Conduct formal end to end Information Security Assessments (review of questionnaires, third party security audit reports and evidence, onsite assessments, etc.)
  • Perform security reviews for technical products, identify gaps in security and assist in providing guidance on mitigating controls.
  • Perform risk analysis on third party capabilities (i.e., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
  • Use third-party risk evaluation tools to monitor and reduce organizational cyber risk associated with third parties.
  • Assess remediation plans and non-compliance acceptances where Information Security standards compliance cannot be achieved.
  • Review services and data in scope of the assessment and analyze security risk ratings.
  • Work on projects as directed by management.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Industry

Securities, Commodity Contracts, and Other Financial Investments and Related Activities

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service