Senior Principal Cybersecurity Analyst, CAT

About The Position

Requirements

• Bachelor’s degree in computer science, computer engineering, cybersecurity, or technical field preferred and a minimum of eight (8) years of related experience.
• Experience in multiple cybersecurity domains appropriate to the job description, including designing, implementing, operating, monitoring, and assessing security controls for cloud-based systems such as AWS required.
• Substantial experience designing, implementing, and operating a variety of tools and resources to identify cyber security threats, vulnerabilities, configuration defects, and other deficiencies to determine root cause and manage remediation strategies and countermeasures.
• Understanding of common cybersecurity vulnerabilities and attack patterns and ability to explain how they are both exploited and countered.
• Must demonstrate intellectual curiosity and attention to detail, with strong verbal and written communication skills

Nice To Haves

• Hands-on coding experience desired, especially as applied to creating tools and automation to customize, optimize, and enhance security controls.
• Experience supporting compliance with security frameworks, especially NIST 800, desirable.

Responsibilities

• Manages and communicates cybersecurity threats, risks, and state of controls to the Chief Information Security Officer (CISO) and stakeholders.
• Implements and operates security controls and automation across multiple cybersecurity subdomains.
• Ensures security controls are well designed, effectively implemented, and aligned with organizational policies.
• Designs and implements automated solutions for efficiently managing cybersecurity risk including use of state-of-the-art tools and technologies such as generative AI to optimize risk management outcomes where appropriate.
• Utilizes a variety of tools and resources to identify cyber security threats, vulnerabilities, configuration defects, and other deficiencies to determine root cause and manage remediation strategies and countermeasures.
• Establishes and executes security processes and procedures across multiple cybersecurity domains, including but not limited to access management, risk management, and audit and compliance (include as relates to NIST SP 800).
• Defines, enforces, and promotes information security policies and related governance artifacts and processes.
• Ensures compliance with applicable regulatory and contractual requirements, including maintaining the artifacts and processes necessary for NIST SP 800 compliance.
• Manages security vendor relationships; ensure vendors comply with contractual commitments. Typical examples include vendors support periodic penetration testing, red team exercises, and IV&Vs.

Benefits

• Employees may be eligible for a discretionary bonus in addition to base pay.
• Non-exempt employees are also eligible for overtime pay in accordance with federal, state, or local law.
• FINRA provides comprehensive health, dental and vision insurance.
• Additional insurance includes basic life, accidental death and dismemberment, supplemental life, spouse/domestic partner and dependent life, and spouse/domestic partner and dependent accidental death and dismemberment, short- and long-term disability, long-term care, business travel accident, disability and legal.
• FINRA offers immediate participation and vesting in a 401(k) plan with company match and eligibility for participation in an additional FINRA-funded retirement contribution, tuition reimbursement, commuter benefits, and other benefits that support employee wellness, such as adoption assistance, backup family care, surrogacy benefits, employee assistance, and wellness programs.
• Time Off and Paid Leave FINRA encourages its employees to focus on their health and wellness in many ways, including through a generous time-off program of 15 days of paid time off, 5 personal days and 9 sick days, unless otherwise required by law (all pro-rated in the first year).
• Additionally, we are proud to support our communities by providing two volunteer service days (based on full-time schedule).
• Other paid leave includes military leave, jury duty leave, bereavement leave, voting and election official leave for federal, state or local primary and general elections, care of a family member leave (available after 90 days of employment); and childbirth and parental leave (available after 90 days of employment).
• Full-time employees receive nine paid holidays.