Senior Staff, Security Analyst

    • Westlake, TX

Your Opportunity In Corporate Risk Management (CRM), we provide a coordinated risk management strategy that supports the delivery of predictable financial and operational performance in order to produce successful client and shareholder outcomes. We are organized around six primary functions: Bank Risk, Enterprise Risk, Information Security Risk Management (ISRM), Market and Investment Risk, Model Risk and Operational Risk. Within each of these areas, we develop a framework for how much risk we are willing to accept as a firm and establish processes for identifying, evaluating, measuring, monitoring and reporting against that framework. In ISRM, we support that framework across information and technology to protect client assets, client information and firm assets. This is an Individual Contributor role reporting to the Vice President, INFO SECURITY RISK MANAGEMENT

What you're good at
The Senior Staff - Security Management, in Technology Risk Management (TRM) - Infrastructure and Application Risk Management (IARM), as a 2nd Line of Defense function, is responsible for evaluating technology and information security requirements and focused on

a) policy, oversight, assessments and metric reporting across platforms, applications, products, and projects;
b) assessing ongoing consistency to security standards and standard methodologies by conducting recurring and ad-hoc risk assessments;
c) and collaborating with technology and business teams to champion the alignment to security standards and standard methodologies.

These activities will leverage your partnership with the 1st Line of Defense, other 2nd Line of Defense org and team peers to create repeatable processes and enhance the security posture at the firm.

  • Former Developers or Architects desiring to move into a more strategic role would be ideal
  • Conduct information security risk assessments on initiatives; identifying mitigation strategies and coordinating the implementation of solutions that adhere to firm policies and security standards.
  • Lead engagements and responses across IARM for audit and regulatory activities.
  • Oversee the processing of risk event reporting and critical issues within the team, assuring a comprehensive evaluation of root cause, remediation option analysis, remediation planning, execution and reporting.
  • Evaluate the audit, regulatory and assessment schedules and scope to improve the efficiency and reduce duplication to our team and target organizations, while keeping pace with required activities.
  • Partner with technology, business and other risk teams to coordinate, track remediation activities as they cross the disciplines within IARM.
  • Build and execute a repeatable system to support cross-org work requests and responses.
  • Translate corporate InfoSec policies into sustainable solutions across a portfolio of initiatives.
  • Develop, execute and maintain processes to track assessments and related findings to ensure appropriate oversight and reporting.
  • Lead various project and programs within the group's charter, as assigned.
  • Be an advocate for security initiatives with fellow employees, vendors, clients and management.


What you have
  • Bachelor's degree plus CISSP, CISM, or equivalent certification is preferred
  • 5+ years of direct experience working within enterprise risk management
  • Must be passionate about Threat Management, Application Security, Identity and Access Management, or other operational or information security disciplines required
  • Interest and passion for all aspects of security research and advancement of the state of the practice
Keywords:
Program Management
Implementation
Policy Oversight
Risk Assessment
Data protection


Back to top