The Cyber Security Monitoring & Forensics Team Lead (M&FTL) is responsible for the management and execution of key ISM business objectives or projects within agreed upon time frames and quality standards. The M&FTL is responsible for establishing the guidelines and framework surrounding the ISM Monitoring Team’s activity and to ensure that all monitoring related requirements as specified in the ISM Policies and Standards and Procedures are adhered to. The M&FTL is responsible for understanding security and access controls on core platforms and applications, how and where (user) activity is captured and stored, the types of activity that should be monitored, and the means by which that activity can be monitored. Additionally, the M&FTL will be responsible for the preservation of evidence and documentation for monitoring requests and forensic investigations. The M&FTL interfaces with a variety of technical SME’s and technology leaders within the organization to both share the corporate information security vision and to solicit involvement in achieving higher levels of enterprise security through information sharing, innovation, and co-operation.
- Create and lead security project plans to support new systems/processes and/or modifications to existing systems/processes.
- Lead in the design and implementation of new monitoring controls as needed.
Information Security Leadership
- Establish the guidelines and framework surrounding the ISM Monitoring Team’s activity.
- Have a strong understanding of core platforms to be able to identify privileged level access and where the potential threat of unauthorized access to the Firm’s data may reside.
- SME on key tools utilized to monitor target platforms.
- Engage in ongoing communications with peers in technical development groups as well as the various business groups to ensure enterprise wide understanding of security goals, to solicit feedback, and to foster co-operation.
- Provide consultation to the business and Systems personnel on security policies and issues.
- Represent the security needs of the organization by providing security expertise and assistance on all IT projects.
- Develop and oversee the enforcement of IT security policies, guidelines, standards and procedures.
- Partner with system owners to secure the integrity, availability and confidentiality of information residing in corporate databases, workstations, servers or being transmitted over the network.
Security Business Focus and Design
- Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
- Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
- Work with ISM teams and Systems to monitor deployment, integration and initial configuration of all new security solutions.
- Maintain a strong understanding of the Firm’s business and how it relates to the Monitoring function’s framework and security treatment.
- Ensure all daily review tasks are completed, tracked, and summarized in management reporting.
- Escalate security related events detected to senior management.
- Document all monitoring related procedures; ensuring they are current.
- Maintain the Monitoring Inventory to ensure that all monitoring reports are accounted for.
- Ensure control gaps are identified, escalated and remediated
- Develop custom reports as needed (e.g., SQL queries).
- Manage the Performance Management process for direct reports.
- Communicate key priorities and monitor team’s progress.
- Maintain a digital investigations practice following industry best practices, policies, and tools for forensic and incident response matters.
- Perform user behavior analysis and privileged access monitoring to identify policy violation or security events.
- Ability to work with internal teams to coordinate investigation matters (legal, privacy, HR, etc…)
- Ensure the confidentiality of all monitoring tasks and investigations.
- Maintain digital evidence integrity and documentation of investigation and monitoring requests.
- College diploma or university degree in the field of computer science/ Information Systems and/or 8-10 years equivalent work experience.
- Extensive experience within the monitoring function of an Information Security organization.
- Extensive experience in enterprise security document creation.
- Experience in managing staff.
- Familiarity working within the financial industry with security best practices, FFIEC and ISO standards.
- Training and/or experience with risk based approach
- SME in core platforms (e.g., Mainframe Z/OS, Active Directory, UNIX, Oracle, SQL, etc.).
- SME in core access control or monitoring tools (CA-TSS, Oracle Audit Vault, Intrust, Varonis, TripWire, etc.).
- Query development skills (e.g., SQL).
- General understanding of network security, cyber security threats and monitoring tools (SIEM, IDS, Firewall).
- Extensive problem solving, organizational and project management skills.
- Strong written and verbal communication skills.
- Strong relationship and people management skills.
- Extensive experience with standard desktop tools, including Microsoft Office (Excel).
- Strong project management skills.
- Ability to handle multiple priorities, while meeting deadlines.
- Experience in developing and maintaining incident response and digital investigations best practices and policies.
- Experience with forensic and incident response tools and uses.
Pluses (beneficial, not required):
- Familiarity of Systems Development Life-Cycle.
- Certification Pluses: CISM, CISSP, CISA,CRISC
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, age, genetic information, creed, marital status, sexual orientation, gender identity, disability status, protected veteran status, or any other protected status under federal, state or local law.