Principal Engineer III - Cyber

About The Position

Requirements

• 12 + years of experience in Information Technology or Security in a large-scale Fortune 100 financial services and or $100B + asset size bank.
• Bachelor's degree in related field required; Masters or MBA in related field preferred.
• Advanced knowledge of general Financial Services or Banking is preferred.
• Extensive background in technology infrastructure and architecture, design and engineering with a focus on Security and Operational Resiliency and risk mitigation techniques.
• Experience with identity and access, application security, and data protection technologies controls and safeguards.
• Expert understanding that downstream business-critical processes are dependent on the availability and reliability of data, designs new (and refactors existing) cyber defense, auditing, and access platforms to meet growth by scaling, service reliability requirements and problem management. Knowledge of applicable regulatory and legal compliance obligations, rules and regulations, industry standards and practices.
• Expert understanding and experience working with downstream business-critical processes that are dependent on the availability and reliability of data, designing new (and refactor existing) cyber defense, auditing, and access platforms through scaling, service reliability requirements and problem management. Knowledge of applicable regulatory and legal compliance obligations, rules and regulations, industry standards and practices.
• Expert experience or knowledge of 4 or more of the following: NIST, MITRE, any IT Automation platform, SOAR, Firewall, IAM platform, SIEM, or cloud cyber defense platform. Experience gathering operational reports on utilization, capacity, performance and anomalies to drive improvements.
• Experience in data networking, authentication, Azure / AWS cloud management, vulnerability and CIS compliance management, web application firewalls, network segmentation/zoning, load balancing.
• Excellent analytical and problem-solving skills, with the ability to assess complex situations and develop effective solutions.
• Exceptional communication and interpersonal skills, with the ability to influence and collaborate with stakeholders at all levels.
• Strong leadership and project management skills, with experience leading cross-functional teams.
• Combination of Cloud Technology, Generic Computing, and Cyber Security certifications.

Responsibilities

• Engage with business and IT project teams to enforce security standards, offer solutions to applicable security risks and ensure resiliency is built into new project or applications design, engineering, and implementations.
• Engage with the Information Technology Risk Committee to review and opine on requested exceptions and risk acceptance rationale.
• Actively drive security, data privacy, business continuity and disaster recovery resiliency goals in project and product deployments as part of project teams and Architectural Standard Board.
• Provide oversight, review and approval of technology readiness checklist as a member of the Technical Review Board.
• Drive technical discussions, review and approve control evidence during the CRI Cybersecurity assessment process.
• Work within the CISO team as technical expert during risk control inventory and risk control self-assessment and control testing.
• Perform annual Swift and Fedline self-assessment and attestation processes according to industry requirements.
• Coordinate with SRC compliance to respond to external partner/investor security inquiries.
• Maintain the mapping of threat and control relationships within MITRE Attack framework.
• Contributes to the continual development and supports of information security policies and standards.
• Supports organizations requirements for evidence and control testing during internal and external audit and Federal Reserve examinations.
• Supports team in the management of security measures and controls over existing operating systems including configuration management, and CIS Standards.
• Contribute to the development and refinement of key risk indicators and metrics to measure the effectiveness of the cyber security program.

Benefits

• We offer all the important things you'd want - like competitive salaries, an ownership stake in the company, medical and dental insurance, time off, a great 401k matching program, tuition assistance program, an employee volunteer program, and a wellness program. In addition, you'll have the opportunity to bolster your business knowledge, learning the ins and outs of how successful companies operate and manage their finances, giving you invaluable hands-on experience to help grow your career!