The Lead Cybersecurity Analyst, working independently, is responsible for planning, designing, implementing, operating, and monitoring cybersecurity controls in a secure, effective, and compliant manner.
Essential Job Functions:
- Ensure that security risks are comprehensively and effectively managed though leading the application of established and ad hoc processes and techniques.
- Lead the planning, design, implementation, and operation of security controls, such as a comprehensive continuous security monitoring and threat detection program. Ensure security controls are well designed, effectively implemented, and aligned with organizational policies. Design and implement automated solutions for efficiently managing cybersecurity risk
- Establish, implement, and promote security control operation and monitoring strategies. Review, triage, and prioritize control output.
- Lead the identification, evaluation, and recommendation of new security technologies, techniques, and tools.
- Define, review, implement, execute, and promote information security policies, standards, guidelines, and procedures.
- Lead and champion efforts to enforce and monitor compliance with internal and external regulations, policies, and standards. Establish and promote strategies to ensure that compliance is effectively monitored and enforced.
- Manage relationships with security vendors throughout the vendor lifecycle, as needed to accomplish departmental objectives. Ensure vendors comply with contractual commitments and continue to meet the security and risk management needs of the organization.
- Ensure compliance with security-related regulatory and contractual requirements.
- Enforce security-related policies, standards, and procedures that support the security of CAT and the sensitive data maintained within.
- Clearly communicate state of cybersecurity threats, risks, and controls to the CISO and other stakeholders.
- Support FISMA/NIST compliance activities, to include, SSP/POAM development, artifact generation in support of audit activities, and risk register management.
- Mentor/guide team members and other organizational stakeholders on matters of cybersecurity.
- Bachelorâ€™s degree in computer science, computer engineering, cybersecurity, or technical field preferred. Other bachelorâ€™s degrees may be considered at the discretion of the CISO.
- 7+ years of professional experience in the design, operation, and monitoring of IT systems, with substantial emphasis on cybersecurity, including 3+ years designing, operating, monitoring, and assessing security controls for AWS-based systems.Â Experience must include both leadership and hands-on experience in key areas such as:
- Multiple cybersecurity domains appropriate to the role, such as intrusion detection, cloud security, application security, network security, and threat detection and response.
- Modeling threats to identify attack vectors, associated risk levels, and appropriate mitigating controls.
- Experience using a variety of tools and resources to identify cyber security threats, vulnerabilities, configuration defects, and other deficiencies to determine root cause and identify remediation strategies and countermeasures.
- Substantial hands-on experience with many of the following technologies;
- Monitoring: Splunk
- Vulnerability and Configuration Management: Tripwire, Qualys, Crowdstike EDR, Checkmarx, Halo, Blackduck
- Other: JIRA, Confluence
- Demonstrated understanding of common information security vulnerabilities and attack patterns and ability to explain how they are both exploited and countered.
- Strong verbal and written communication skills.
- Work is normally performed in an office environment, with extended hours when necessary. Occasional travel may be required.
To be considered for this position, please submit an application.
The information provided above has been designed to indicate the general nature and level of work of the position. It is not a comprehensive inventory of all duties, responsibilities and qualifications required.
Please note: If the â€Apply Nowâ€ button on a job board posting does not take you directly to the FINRA Careers site, enter www.finra.org/careers into your browser to reach our site directly.
FINRA strives to make our career site accessible to all users. If you need a disability-related accommodation for completing the application process, please contact FINRAâ€™s accommodation help line at 240.386.4865. Please note that this number is exclusively for inquiries regarding application accommodations.
In addition to a competitive salary, comprehensive health and welfare benefits, and incentive compensation, FINRA offers immediate participation and vesting in a 401(k) plan with company match. You will also be eligible for participation in an additional FINRA-funded retirement contribution, our tuition reimbursement program and many other benefits. If you would like to contribute to our important mission and work collegially in a professional organization that values intelligence, integrity and initiative, consider a career with FINRA.
FINRAâ€™s Code of Conduct imposes restrictions on employeesâ€™ investments and requires financial disclosures that are uniquely related to our role as a securities regulator. FINRA employees are required to disclose to FINRA all brokerage accounts that they maintain, and those in which they control trading or have a financial interest (including any trust account of which they are a trustee or beneficiary and all accounts of a spouse, domestic partner or minor child who lives with the employee) and to authorize their broker-dealers to provide FINRA with duplicate statements for all of those accounts. All of those accounts are subject to the Codeâ€™s investment and securities account restrictions, and new employees must comply with those investment restrictionsâ€"including disposing of any security issued by a company on FINRAâ€™s Prohibited Company List or obtaining a written waiver from their Executive Vice Presidentâ€"by the date they begin employment with FINRA. Employees may only maintain securities accounts that must be disclosed to FINRA at one or more securities firms that provide an electronic feed (e-feed) of data to FINRA, and must move securities accounts from other securities firms to a firm that provides an e-feed within three months of beginning employment.
You can read more about these restrictions here.
As standard practice, employees must also execute FINRAâ€™s Employee Confidentiality and Invention Assignment Agreement without qualification or modification and comply with the companyâ€™s policy on nepotism.
Search Firm Representatives
Please be advised that FINRA is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, a valid written agreement and task order must be in place before any resumes are submitted to FINRA. All resumes submitted by search firms to any employee at FINRA without a valid written agreement and task order in place will be deemed the sole property of FINRA and no fee will be paid in the event that person is hired by FINRA.
FINRA is an Equal Opportunity and Affirmative Action Employer
All qualified applicants will receive consideration for employment without regard to age, citizenship status, color, disability, marital status, national origin, race, religion, sex, sexual orientation, gender identity, veteran status or any other classification protected by federal state or local laws as appropriate, or upon the protected status of the personâ€™s relatives, friends or associates.
FINRA abides by the requirements of 41 CFR 60-741.5(a). This regulation prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.
FINRA abides by the requirements of 41 CFR 60-300.5(a). This regulation prohibits discrimination against qualified protected veterans, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified protected veterans.
Â©2020 FINRA. All rights reserved. FINRA is a registered trademark of the Financial Industry Regulatory Authority, Inc.