|
Search Jobvertise Jobs
| |
Jobvertise
|
IT Security - Information Security Specialist
Location: US-MN-Richfield
Email this job to a friend
Report this Job
Title: IT Security - Information Security Specialist
Position Type: contract
Location: Richfield, MN, United States
Description: Job Description:
Description
U.S. Bank is seeking a senior Information Security Risk professional to perform information security risk assessments, which will inform the Bank's information security posture. We are seeking a self-motivated individual versed in information security controls, information assurance and risk management. The candidate will collaborate across organizations to achieve mutual goals.
Responsibilities may include but are not limited to:
Provide leadership in assisting with prioritizing risk assessment activity based on the current threat environment, while considering emerging technologies and business processes and the risk they pose.
Conduct in-depth security assessments with business and technology partners
Research and understand emerging information security threats and their impact on the business environment
Evaluate the effectiveness of controls in place to mitigate threats and communicate remaining residual risk
Report and escalate information security risks appropriately and timely
Provide recommendations to leadership on program effectiveness and enhancements
The ideal candidate will have a well-rounded information security background including a strong understanding of quantitative IT risk management, information security controls, vulnerability and patch management, and industry standards and best practices such as the NIST 800 series, NIST CSF, and ISO 27000 series. The candidate should understand and have experience with the evaluating the design and operating effectiveness of controls, as they apply to the regulatory, legal and contractual requirements impacting financial institutions (e.g. GLBA, SOX, FFIEC, and PCI).
The candidate additionally will have or exhibit the following:
Diverse technical background including experience with multiple security technologies
Ability to analyze and articulate implications of a threat actor exploiting vulnerabilities or gaps in controls
Strong writing skills with experience in documenting assessment procedures and results
Skilled at communicating technical information to both technical and non-technical audiences and stakeholders at every level of the organization
Ability to build and maintain relationships across diverse technical and non-technical teams
Minimum Requirements:
Bachelor's degree or equivalent work experience
Minimum of 8 years of experience in information technology and/or information security and compliance
Understanding of financial industry legal, regulatory and compliance requirements for information security
Effective communication
Preferred Skills:
Graduate/Master's level degree in the areas of information security, computer science, information technology management, or technology auditing
Experience in risk and compliance management and process development in the areas of information technology and security
Working knowledge of RSA Archer and ServiceNow tools
Working knowledge of FAIR or a similar quantitative risk methodology
Industry certifications in the area of information security, project management and technology auditing including, CRISC, CISSP, CISM, CGEIT, CISA, GIAC GSEC, and/or comparable qualifications
A R Systems Inc.,
|
