JD
Description and Location
Overall purpose of role
This is a contract position for a Cyber Security Specialist that will be part of the CISO function and will support Clients US Consumer Banking Business with the acquisition of Best Egg. The role will support Best Egg Integration and will be responsible to work on the legal day 1 and beyond Cyber deliverables for the Project that includes, completion of the gap analysis against Clients standards, alignment with Clients tech and cyber policies and standards and determine and co-ordinate post legal day 1 integration and control enhancements/deliverables. This will include requirements related to penetration testing, third party security, data security, vulnerability management, secure configuration, and other cyber domains. Additionally, the role will support the Business Information Security Office with governance activities for Best Egg Cyber function in the first year.
Key Accountabilities
Support gap assessment against Clients Cyber policies and standards and help define remediation plans to address the gaps
Ensure gaps and risks are recorded as per Clients governance framework and are tracked to closure.
Co-ordination of penetration testing of Best Egg networks and applications, and security reviews related to third party security, data security, vulnerability management, secure configuration, and other cyber domains.
Support Cyber Security activities and other related activities to ensure the organization s assets and IT systems are appropriately protected against unauthorized activities including deliberate or accidental loss.
Execution of security risk assessments during the change & development lifecycle to identify vulnerabilities within Best Egg systems, applications and infrastructure, ensuring compensating security controls and countermeasures are embedded to enhance security posture and resilience against cyber threats.
Support and provide guidance to Chief Information Security Office (CISO), Business information Security Office (BISO), Chief Information Office (CIO) and Product Team functions providing security reviews and recommendations for risk mitigation.
Contribute to the design of security solutions
Work with the business and project team(s) to ensure residual risks are adequately mitigated to the degree that meets the risk appetite of the business.
Handling complex information. 'Complex' information could include sensitive information.
Influence or convince stakeholders to achieve outcomes.
Person/Skillset Specification
Has 5 to 7 years of experience in cyber and information security domain preferably in CISO or Security consultancy roles
Broad domain expertise across network security, cloud, IAM, data protection, application security, third-party security and artificial intelligence.
Understanding of security strategies and technologies including secure network design, e-Channels, remote computing, desktop and server hardening, secure web services, Compliance Auditing, Penetration Testing, Security Monitoring, Access Controls (identification, authentication and authorization) and Encryption.
Expertise in Technology and cyber standards and control framework and experience performing gap assessments against these framework as well as recommending risk mitigation measures.
Working knowledge of NIST CSF, ISO/IEC 27001/27002, PCI DSS/PED and CIS Controls, and their application into diverse environments.
Understanding of the security mechanisms associated with Windows or Unix operating systems, switched networks, web based applications and databases.
Competent to discuss the underlying technology with product developers.
Contribute to formulation of controls and best practices for security management.
Can describe all key Cyber Security functions, major roles, responsibilities and their inter-dependencies.
Has contributed to the creation of technology-related security best practices and processes.
Understands security operations from a people, process and technology perspective.
Understands routine Cyber Security monitoring and administration tools.
Risk and Control Objective
Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Clients Policies and Policy Standards
Need to work from office 3 days a week.
Never miss an opportunity! Create an alert based on the job you applied for.
