Sr. Infosec Engineer

In need of a Sr. Infosec Engineer for a large financial services company. This contract will last approximately 1 year but will most likely extend or there is always a chance of a CTH scenario. WORKING HOURS (8-5) EST

Top 3 Must-Haves (Hard and/or Soft Skills):

Communication, Cyber Controls Expertise, Security Architecture and design

PCI compliance, Audit background, IT Engineering

Top 3 Nice-To-Haves (Hard and/or Soft Skills)

Degree Requirements (Experience in Lieu of Degree):

CISSP, CRISC, AI certifications

Certification Requirements (Any Preferences): A security based Certification

How many years of experience are you looking for?: 10+

What would "a day in the life" of this role look like? Working with IT partners to understand current and new solutions, how security controls are embedded, and discussing needed improvements to the IT products. Working with team members on process improvements to ensure consistent delivery of security consulting.

What interaction level with this role have the team members and hiring manager? Weekly and potentially daily interactions with team members.

What would you say is the top priority for the worker over the first few weeks/months? Learn our internal systems and standards. Begin shadowing existing team members to understand how processes are executing today. Transitioning to taking the lead on security consulting among IT teams

What do you foresee being the biggest challenge in this role? Learning the complex environment that is BFH and understanding who they will need to work with across the business in order to get the needed information.

Essential Job Functions

Security Architecture Development and Maintenance - Assists the Sr. and Principal Architects with the creation of security designs and

frameworks for technology systems. Monitors security intelligence sources for emerging industry security technologies, technology issues,

regulatory issues and practices. Provides oversight of new development efforts to ensure adherence to security policies, standards, and

reference architectures. Actively participates in decisioning processes related to adoption of new hardware and software technologies.

Provides advisory services as needed to information security teams. Utilizes planning and organization tools to develop project/action

plans. Meets deliverable deadlines as directed.

Information Security Strategy - Assists the Principal and Sr. Information Security Architects with the development of the annual Information

Security Strategy. This includes strategy development, formalized road map documentation, and continued maintenance.

Cyber Security Tooling and Processes - Possess intermediate knowledge of company Cyber Security Tools and affiliated operational

processes. Utilizes knowledge when advising to determine residual risk of identified threats or control weaknesses. Champions the

use Cyber Security Tooling through education and awareness of constituents.

Regulatory Requirements and Control Frameworks - Foundational knowledge of regulatory bodies and corresponding compliance

requirements including, but not limited to: PCI-DSS, SOX, GLBA, CCPA, GDPR. Intermediate knowledge of control frameworks including,

but not limited to: FFIEC Examination Handbooks, NIST 800-53, ISO 27001. Advanced knowledge of Cyber Security Maturity Frameworks such as NIST-CSF and FFIEC Cyber Assessment Tool.

General Information Technology- Intermediate knowledge of IT tools and practices including, but not limited to: Networking, LDAP

Directories, Vulnerability/Patch Management, Change Management, Incident Management, Server and Desktop Management, Mainframe

Technologies, Encryption and Key Management, Cloud Architecture and Computing, Software Application General Computing Controls,

Business Continuity/Disaster Recovery, Software Development Lifecycle, Access Management, and Cyber Security Tooling.

Human Relations - Ability to diffuse problematic situations and manage through conflict resolution. Utilizes soft skills such as: Selective

Agreement, Reflective Listening, Voice Inflection, and Empathy. Ability to take complex concepts and break down into laymen's terms or

analogies that help with other's understanding. Viewed as an enabling partner that provides options or information when saying no to

business or IT requests. Seen by leadership and peers as creditable, trustworthy and respectful. Utilizes subject matter expertise to guide

and coach less experienced team members.

Reports to: Manager or Director of Information Security

Working Conditions/ Physical Requirements: Normal office environment. As the need of the business continue to evolve, this role may be

asked to work an on-call rotation to include evenings or weekends.

Top 3 Must-Haves (Hard and/or Soft Skills):

Communication, Cyber Controls Expertise, Security Architecture and design

PCI compliance, Audit background, IT Engineering

Top 3 Nice-To-Haves (Hard and/or Soft Skills)

Degree Requirements (Experience in Lieu of Degree):

CISSP, CRISC, AI certifications

Certification Requirements (Any Preferences): A security based Certification

How many years of experience are you looking for?: 10+

What would "a day in the life" of this role look like? Working with IT partners to understand current and new solutions, how security controls are embedded, and discussing needed improvements to the IT products. Working with team members on process improvements to ensure consistent delivery of security consulting.

What interaction level with this role have the team members and hiring manager? Weekly and potentially daily interactions with team members.

What would you say is the top priority for the worker over the first few weeks/months? Learn our internal systems and standards. Begin shadowing existing team members to understand how processes are executing today. Transitioning to taking the lead on security consulting among IT teams

What do you foresee being the biggest challenge in this role? Learning the complex environment that is BFH and understanding who they will need to work with across the business in order to get the needed information.

Essential Job Functions

Security Architecture Development and Maintenance - Assists the Sr. and Principal Architects with the creation of security designs and

frameworks for technology systems. Monitors security intelligence sources for emerging industry security technologies, technology issues,

regulatory issues and practices. Provides oversight of new development efforts to ensure adherence to security policies, standards, and

reference architectures. Actively participates in decisioning processes related to adoption of new hardware and software technologies.

Provides advisory services as needed to information security teams. Utilizes planning and organization tools to develop project/action

plans. Meets deliverable deadlines as directed.

Information Security Strategy - Assists the Principal and Sr. Information Security Architects with the development of the annual Information

Security Strategy. This includes strategy development, formalized road map documentation, and continued maintenance.

Cyber Security Tooling and Processes - Possess intermediate knowledge of company Cyber Security Tools and affiliated operational

processes. Utilizes knowledge when advising to determine residual risk of identified threats or control weaknesses. Champions the

use Cyber Security Tooling through education and awareness of constituents.

Regulatory Requirements and Control Frameworks - Foundational knowledge of regulatory bodies and corresponding compliance

requirements including, but not limited to: PCI-DSS, SOX, GLBA, CCPA, GDPR. Intermediate knowledge of control frameworks including,

but not limited to: FFIEC Examination Handbooks, NIST 800-53, ISO 27001. Advanced knowledge of Cyber Security Maturity Frameworks such as NIST-CSF and FFIEC Cyber Assessment Tool.

General Information Technology- Intermediate knowledge of IT tools and practices including, but not limited to: Networking, LDAP

Directories, Vulnerability/Patch Management, Change Management, Incident Management, Server and Desktop Management, Mainframe

Technologies, Encryption and Key Management, Cloud Architecture and Computing, Software Application General Computing Controls,

Business Continuity/Disaster Recovery, Software Development Lifecycle, Access Management, and Cyber Security Tooling.

Human Relations - Ability to diffuse problematic situations and manage through conflict resolution. Utilizes soft skills such as: Selective

Agreement, Reflective Listening, Voice Inflection, and Empathy. Ability to take complex concepts and break down into laymen's terms or

analogies that help with other's understanding. Viewed as an enabling partner that provides options or information when saying no to