Security Lead Engineer

About The Position

Requirements

• Bachelor’s degree or equivalent experience in a related security, technical field.
• 4-5+ years of technology experience with 4-5+ years of Information Security-specific work experience is required.
• CISSP preferred, with CISM, CRISC optional
• Professional Knowledge and Experience
• Proficient demonstrated ability and application of core concepts, frameworks, practices and procedures of enterprise-class security program, solutions and technologies, such as incident response, threat management vulnerability, compliance, cloud and application security and identity and access, etc.
• Proficient demonstrated skill and/or application of modern technologies and associated administrative, technical, and physical controls for Active Directory, Domain Controllers, Cloud (Azure, AWS, SaaS, PaaS, IaaS), Window and Unix/Linux OS, Oracle and SQL server, Database architecture, encryption, end-point devices, and basic networking
• Strong demonstrated understanding of basic risk assessment methodology concepts, such as risk review, challenge, acceptance, mitigation strategies, and risk appetite associated with business processes, operations, information security programs and technology projects
• Strong demonstrated understanding of basic technology-related concepts, frameworks and practices (e.g., Incident, Problem and Change Management, ITIL)
• Strong demonstrated understanding of project management concepts and able to manage multiple tasks and activities simultaneously (e.g., task identification, interdependencies, prioritization, time management, delivering quality outcomes)
• Solid demonstrated understanding of business practices, processes and procedures of a particular business process and/or application (e.g., transfer agency, trading, research, portfolio management, distribution, etc.)
• Core Competencies (solid demonstration)
• Active Listening
• Critical Thinking
• Problem solving
• Attention to detail
• Collaboration and teamwork
• Effective communication
• Time Management
• Taking initiative
• Conflict resolution
• Coaching Mindset
• Strategic Mindset
• Other
• May be required to work at off-hours such as nights and weekends to prevent interruption to business operations

Nice To Haves

• 6+ year of technology experience independent of the 6+ years of Information Security-specific work experience
• May have held previous positions such as: Sr. security engineer Sr. engineer within a technology discipline where some security aspects were within role
• Professional designations available that certify an individual’s potential ability to apply knowledge and execute at this level: CISSP (preferred) ISSEP (optional, but nice to have) SSCP (optional) CISM (optional) CRISC (optional)
• Core Competency considerations:
• Strong analytical, problem solving, writing and organizational skills; Adapts swiftly to changing priorities, showing flexibility and resilience in a fast-paced work environment.
• Demonstrated ability to interact, build relationships, and communicate well with members of team and management; makes and deliver effective presentations.
• Strong interpersonal, communication, and negotiation skills.
• Demonstrates solid financial skills, strategic and tactical planning.
• Proven ability to manage projects efficiently and effectively and to meet project deadlines
• Ability to multitask and shift priorities when necessary.

Responsibilities

• Subject matter resource in multiple disciplines in the field of Cyber/Information Security, while maintaining a proficient understanding of the field, its frameworks, programs, practices and controls, and its related technologies, threats, vulnerabilities, risks and exposures.
• Leads the implementation, integration and maintenance of enterprise-class security programs and solutions with quality outcomes, such as incident response, identity and access management, cloud, application and network security, key and certificate management, vulnerability management, threat detection, security information and event management and being able to quickly learn and adapt solutions as introduced to the security technology portfolio.
• Oversees the assessment, establishment and monitor countermeasures that protect, detect and/or deter when an unauthorized and/or suspicious activity.
• Directs activities with key stakeholders to assess, identify, design and implement security controls, processes, procedures and solutions within risk tolerance and ensure ongoing efficient, stable and reliable operations.
• Drives the assessment, identification, design, and implementation of approved methods and technologies to automate manual security-related tasks, improving efficiency and quality wherever practicable and appropriate.
• Conducts security risk assessment and due diligence outcomes to methodically analyze technology, solutions and processes, identifying risks from both a technical and business perspective, and recommending strategies to mitigate within risk tolerances.
• Assesses, evaluates, and presents security risk assessment data to wide range of peers, stakeholders and potential management.
• Leads with security investigations according to documented procedures and management’s directives.
• Maintains confidentiality in these matters and works to ensure the confidentiality of other information which is encountered during the discharge of security responsibilities.
• Advances multiple, simultaneous projects of high complexity, having broad goals and agreed upon outcomes, under minimal supervision.
• Accountable for meeting assigned performance and project objectives, including timelines and budget, provides innovative suggestions for solutions and executes plans.
• Effectively communicates complicated, often technical, cyber security concepts clearly and accurately through non-technical means, to ensure that all stakeholders are suitably informed.
• Collaborates with key stakeholders to assess and resolve security-related problems within risk appetite.
• Foster a collaborative and inclusive environment by acting as a resource for cross-functional team members to address questions, obstacles, and guidance to promote success.
• Continuously learns, grows and adapts knowledge of security practices, technologies and MFS business practices with the intent to analyze, recommend and implement improvements for the reliability, scalability, performance, and security as appropriate.

Benefits

• This position is eligible for competitive incentive bonus.
• MFS contributes an amount equal to 15% of your base salary to your retirement account that is separate from the company -sponsored 401(k)
• Education Assistance: MFS contributes $100 monthly up to $10,000 lifetime maximum directly to loan provider
• Education Assistance: Tuition reimbursement up to $8,000 annually
• Education Assistance: Access to discounted tutors and college coaches
• Generous time off and fully paid leaves including 20-weeks for maternity, 12-weeks for parental and caregiver leaves
• Choice of medical and dental plans and an and an employer contribution into the Health Savings Account
• Tax deferred commuter benefits & flexible spending accounts (medical & dependent care)
• Wellness Programs: Robust wellness webinars, employee assistance program with a focus on mental health, subsidized fitness benefit via Wellhub (formerly Gympass), where you can workout at gyms, studios and boutique fitness locations near you, join virtual personal training sessions and access a wide variety of well-being apps