Senior Security Assurance Specialist

THE COMPANY

E*TRADE is a leading financial services company and a pioneer in the online brokerage industry. Having executed the first-ever electronic trade by an individual investor more than 30 years ago, the company has long been at the forefront of the digital revolution, offering easy-to-use solutions for individual investors and stock participants. Founded on the principle of innovation and determined to level the playing field for individual investors, E*TRADE delivers digital platforms, tools, and professional assistance to help investors and traders meet their near-and long-term investing goals. The Company provides these services both online and through its network of customer service representatives and financial consultants – over the phone at two national branches and in-person at 30 E*TRADE branches.

SUMMARY

The Senior Security Assurance Specialist will be responsible for multiple technology disciplines with knowledge in areas that include Unix/Linux, Windows, Cisco network devices, mobile devices and various databases (Oracle, MS SQL, Sybase and DB2), application security and various penetration testing methodologies. The Senior Security Assurance Specialist will provide oversight for technology-specific programs, participate in cross-functional teams to create security baselines and standards, research vulnerabilities, perform technology security assessments, classify security risk levels for technology related activities within the company and support external and internal audits as necessary.

RESPONSIBILITIES

● Provide subject matter security analysis of projects sponsored through various Business Units

● Communicate risk and mitigation strategies resulting from participation in security technical reviews and related projects

● Research patch-levels and/or software updates to provide risk analysis and recommendations to stakeholders to address vulnerabilities and improve security

● Review and create and/or update technology baselines and configuration parameters

● Perform log analysis on systems to detect anomalous activities

● Participate in Change Management approval function, as required, including attending review meetings and reviewing/approving change control tickets as a representative for Corporate Security

● Research industry trends, identify ongoing security requirements, analyze new security administration tools, and provide recommendations on the need and usefulness of services and/or products

● Communicate and collaborate with internal and external resources while maintaining strong interpersonal skills at all times

● Assist Business teams to address/ research internal and/or external reported security issues

● Occasional travel as required

REQUIREMENTS

● Ability to maintain strong interpersonal skills, excellent organizational/communication skills and strong business acumen during all communications/interactions with internal and external stakeholders

● Minimum 4 years’ experience in an Information Security position, or four years in Information Technology with a strong background in Information Security best practices

● Solid background, knowledge and hands-on experience in multiple technology disciplines with knowledge in Unix/Linux, Windows, Cisco network devices, mobile device management and various databases(Oracle, MS SQL, Sybase and DB2), application security and various penetration testing methodologies

● In-depth knowledge of open source and commercial information security tools, such as vulnerability scanners, intrusion detection systems, log analysis and penetration testing tools

● Knowledge of applicable frameworks and standards such as FFIEC, NIST, SOX, ISO, GLBA, SB1386, COBIT, SEC, OCC, etc.

● Hands-on experience with technology baseline reviews utilizing industry best practices (e.g. National Institute of Technology and Standards and Center for Internet Security)

● Experience with responding to Audit requests and creating/developing mitigation strategies and remediation plans

● Inherent desire to research and understand security vulnerabilities, tools and emerging trends

● Strong troubleshooting and problem solving/root cause analysis skills with attention to detail and ability to identify solutions and provide recommendations only after reviewing multiple options and resources

● Demonstrated project management skills with the ability to manage deadlines and deliverables understanding all the various dynamics to ensure target completion date is achieved

● Proven ability to succeed under moderate supervision lead and manage security initiatives yet willing to work as a team player

● Training in one or more technology disciplines and/or demonstrated certification

● Membership and active participation in security organizations, such as ISSA, ISC2,

DESIRED EXPERIENCE

● ISACA, OWASP

● Previous experience in a Financial Institution

● Project Management Certification (PMP)

EDUCATION, CERTIFICATION, TRAINING

● CISSP, CISA, CISM, or GIAC Certification acquired and in good standing, or in progress

ETRRSR

Source:https://www.etradecareers.com/job/6766071/

. . . . . . . .

Leave a Reply