Security Specialist

About The Position

Requirements

• Risk management
• Controls
• Remediation
• GLBA regulatory compliance
• FFIEC
• Familiarity with NIST
• Experience in risk management, policy/governance, IT controls, or cybersecurity, within CIAM/IAM or directly related identity domains.
• Demonstrated experience writing policies/standards/procedures and mapping them to controls and evidence.
• Experience with CIAM concepts: authentication flows, MFA factors, federation (OIDC/OAuth2, SAML), identity proofing, session security, risk-based auth.
• Working knowledge of risk frameworks and governance approaches: e.g., NIST 800-53/63, ISO 27001/27002, FFIEC expectations; three lines of defense model; issue/exception management.
• Strong written communication skills: policy drafting, risk narratives, control design, audit responses.
• Analytical skills: define KRIs/KCIs/KPIs, interpret trends, and present data-driven recommendations.
• Successful candidates must demonstrate appropriate knowledge, skills, and abilities for a role.
• Roles at this level typically require a university / college degree, with 5+ years of industry-relevant experience.
• Specific certifications are often required.
• In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.

Nice To Haves

• Jira/Confluence for workflow, documentation, and control libraries.
• Experience with GRC tools (e.g., Archer, ServiceNow GRC, MetricStream) and evidence management.
• Certifications: CIPM, CISA, CRISC, CISM, CGEIT, CISSP, CCSP, or vendor CIAM certs.

Responsibilities

• Provides technical evaluation and analysis in a specific Security area.
• Supports activities, process, and tools needed to improve overall security posture of the organization.
• Applies security concepts, reviews information, executes defined tasks, analyzes requirements, reviews logs, and creates documentation.
• Performs investigation and data loss prevention, data manipulation, and coordination of activities.
• Performs actions to address or mitigate risks and vulnerabilities.
• Reviews and defines controls.
• Advises on more complex security procedures and products for clients, security administrators and network operations.
• Participates in enforcement of control security risks and threats; potential of one more controls subject to manager discretion.
• Shares knowledge with staff.
• Conducts security assessments and other information security routines consistently.
• Investigates and recommends corrective actions for data security related to established guidelines.
• Develops policies and procedures to standardize security functions and eliminate potential vulnerabilities and threats.
• Oversees that business needs are being met during development.

Benefits

• PNC offers a comprehensive range of benefits to help meet your needs now and in the future.
• Depending on your eligibility, options for full-time employees include: medical/prescription drug coverage (with a Health Savings Account feature), dental and vision options; employee and spouse/child life insurance; short and long-term disability protection; 401(k) with PNC match, pension and stock purchase plans; dependent care reimbursement account; back-up child/elder care; adoption, surrogacy, and doula reimbursement; educational assistance, including select programs fully paid; a robust wellness program with financial incentives.
• In addition, PNC generally provides the following paid time off, depending on your eligibility: maternity and/or parental leave; up to 11 paid holidays each year; 9 occasional absence days each year, unless otherwise required by law; between 15 to 25 vacation days each year, depending on career level; and years of service.
• To learn more about these and other programs, including benefits for full time and part-time employees, visit pncthrive.com .