AVP, IT Security Engineer

Responsibilities:
The AVP, IT Security Specialist will be responsible for:

• Developing and implementing security strategy in consultation with the IT teams, ensuring that all initiatives are mirrored in respective strategies.
• Provide security advice and support for information technology projects.
• Research new security related products and services to ensure that the firm is equipped with appropriate industry best of breed tools and solutions.
• Operate and maintain Security controls related to SIEM, DLP, Vulnerability Management, Cyber Threat Intelligence, Endpoint Protection, Network Protection, etc.
• Review and help refine Security procedures to ensure compliance with cyber resilience requirements.
• Be responsible when assigned ownership of Security related Regulatory and Internal Audit finding(s) and provide effective / timely resolution.
• Design and integrate consistent security solutions across on-premise and cloud environments for domains like Vulnerability Management, Endpoint Security, Data Security, Network Security, Identity and Access management, etc.
• Facilitate monitoring and enforcement of configurations, as well as manage and monitor security on systems deployed in the cloud in a similar fashion as is done on-premises.
• Oversee design principles and controls relating to third party solution providers.
• Work as a team member and individual contributor being able to work independently and confidently without direct supervision.
• Through example and behavior, strive to provide peer leadership to other team members with the goal of being excellent service providers and enablers to other constituencies (both internal and external).
• Strong communication (verbal and written) skills to engage with technical and non-technical audiences.
• Ability to clarify technical detail and confidently communicate business risks to senior management.
• Execute Security Engineering team's vision and mission in alignment with the overall Security vision and mission, as well as with strategic direction as it pertains to cyber resilience.

Qualifications:

• A minimum of 5 years of information security experience with at least 2 years in cloud security.
• BS. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent) or Security Certifications such as CISSP, SANS GIAC GSEC, GCED, GCIA, GCIH, GREM; or Cisco CCNA, CCNP; or equivalent.
• Industry recognized cloud security qualifications (e.g. CCSK, CCSP, AWS Security Fundamentals, AWS Certified Security)
• Working knowledge of the following frameworks and regulations: ISO 27001/2, SANS Top 20 Critical Security Controls, NIST CSF, and FFIEC handbook
• Expert knowledge of one or more of the following: firewalls, TCP/IP, network IDS/IPS, host-based IDS/IPS, endpoint and network-based DLP, web proxies, email protection, endpoint protection software, SIEM
• Sound knowledge of enterprise security concepts/frameworks and products, secure design principles and patterns
• Monitor, tune and develop technical Security controls and frameworks to ensure appropriate preparation, monitoring and response to threats
• Ability to collaborate effectively with others to drive forward key security objectives
• Strong documentation and report writing skills (to both technical and business audiences)
• Excellent time management and organizational skills combined with technical Security acumen
• Financial and/or Banking industry experience preferred