IT Security Analyst-w Threat Risk Assessments (TRAs ) & regulatory knowledge- hybrid

Job title: IT Security Analyst
Duration: 6-12 Months+
Location: New York City
Type: Hybrid ( 2 days )

This is a security advisory team that provides various security services across the enterprise, including assessing systems and their security posture, aligning technology into the network environment, supporting secure by design initiatives, and providing guidance to business lines on best practices and adhering to the banks security standards. The successful candidate must have an understanding of regional and US regulatory requirements.

Candidate Value Proposition:
The successful candidate will have the opportunity to work for a global legacy Canadian bank with a strong multi-regional US presence that is undergoing significant transformations, including Cloud.

Typical Day in Role:

Reporting to the Senior Manager of Security Advisory (US Advisory), the Information Security Advisor provides guidance to business lines to ensure design, development and implementation of complex projects and initiatives are in accordance with the Bank's Information Security Standards and in compliance with industry regulations. In this role, you will be supporting various business lines while assisting them in making informed decisions to protect information assets deployed in various environments.

Provide strategic guidance and technical expertise to business lines, IT support functions, and IS&C Control functions to include security within early stages of the design of Banks technological solutions.
Providing the following functions to Initiatives:
Conducting Threat Risk Assessments and performing security advisory work on specific applications and infrastructure associated with subsidiaries and other Initiatives ensuring that controls are adequate, meet Bank standards, and enable business objectives.
Conducting Risk Management activities.
Provide Quality Assurance on Threat Risk Assessments and Threat Modelling as required for Cloud initiatives.Provide design and technical expertise on security solutions and recommend best practices.
Collaborate with cross-functional teams to design and implement robust security architectures for various systems, applications, and networks.
Evaluate existing security solutions and propose enhancements or new designs to address emerging threats and business requirements.
Ensure alignment with industry best practices, compliance standards, and organizational security policies.
Identify security weaknesses, vulnerabilities, and gaps in existing systems and recommend remediation strategies.
Provide support on how to apply the Bank's portfolio of standards to the technology footprint of subsidiaries.
Provide oversight over the specific line of business security posture, ensuring that all tools available to detect and remediate security risks have been applied.
Conduct industry reviews and benchmarking exercises to ensure our controls are aligned with our peers, emerging threats, and available mitigation strategies.
Working directly with technical leads from assigned Lines of Businesses supporting their initiatives from an Information Security perspective.
Providing relationship management function primarily to US subsidiaries from an Information Security perspective.

Candidate Requirements/Must Have Skills:
1) 5+ years of hands-on technical working experience in performing security assessments on various platforms, network infrastructure and complex applications.
2) 3+ years of Experience with Threat Risk Assessments of applications hosted on premise, cloud, hybrid cloud and SaaS.
3) 2+ years of experience in security solution architecture, software development, and/or hands-on experience with implementations to various environments, knowledge of application security controls, including compensating controls and cloud-based security solutions
4) 3+ experience reviewing and interpreting vulnerability reporting, server hardening requirements, and validating presence of controls through evidence
5) Strong understanding of US regulatory regulations and practices

Nice-To-Have Skills:
1) prior experience using ServiceNow platform
2) Basic knowledge of cloud technologies and cloud security (Google Cloud Platform or Azure or AWS)
3) security engineering, security architecture, and/or security risk based certifications (CISSP, CISM, CCSP, CRISC)
4) Familiar with industry standards and frameworks e.g., NIST 800-53, ISO 27001, ISO27002, ISO 27017, ISO27018, PCI DSS, CIS.

Soft Skills Required:
You are a strong communicator and capable of creating clear documentation and communicating ideas to others
You possess advanced communication (verbal/written/presentation) skills in English.

Education: Post-secondary education in Computer Science or in a related field.

Best VS. Average Candidate: The ideal candidate would be familiar with frameworks listed under nice to haves and would have solid knowledge of cloud security. The candidate must have strong US regulatory knowledge.

Estimated Min Rate: $55.00
Estimated Max Rate: $60.00


What s In It for You?
We welcome you to be a part of the largest and legendary global staffing companies to meet your career aspirations. Yoh s network of client companies has been employing professionals like you for over 65 years in the U.S., UK and Canada. Join Yoh s extensive talent community that will provide you with access to Yoh s vast network of opportunities and gain access to this exclusive opportunity available to you. Benefit eligibility is in accordance with applicable laws and client requirements. Benefits include:

• Medical, Prescription, Dental & Vision Benefits (for employees working 20+ hours per week)
• Health Savings Account (HSA) (for employees working 20+ hours per week)
• Life & Disability Insurance (for employees working 20+ hours per week)
• MetLife Voluntary Benefits
• Employee Assistance Program (EAP)
• 401K Retirement Savings Plan
• Direct Deposit & weekly epayroll
• Referral Bonus Programs
• Certification and training opportunities

Note: Any pay ranges displayed are estimations. Actual pay is determined by an applicant's experience, technical expertise, and other qualifications as listed in the job description. All qualified applicants are welcome to apply.

Yoh, a Day & Zimmermann company, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Visit https://www.yoh.com/applicants-with-disabilities to contact us if you are an individual with a disability and require accommodation in the application process.

For California applicants, qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. All of the material job duties described in this posting are job duties for which a criminal history may have a direct, adverse, and negative relationship potentially resulting in the withdrawal of a conditional offer of employment.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

By applying and submitting your resume, you authorize Yoh to review and reformat your resume to meet Yoh s hiring clients preferences. To learn more about Yoh s privacy practices, please see our Candidate Privacy Notice: https://www.yoh.com/privacy-notice