We are seeking a Cyber Software Security Expert for a permanent position with our financial client in NYC.
This group is responsible for developing, executing and maintaining a superior information security program that promotes resiliency by identifying and mitigating cyber risks and threats through risk-based consultation, advice, and direction for controls, designs, and investments for the entire Bank. Your role as as Cyber Software Security Expert:
- Design, develop and execute software security practices and strategy by building and maintaining security policies for tooling (SAST, DAST, OSS, IAST) to increase effectiveness and reduce false positive; promote, and build procedures for the security champions in the Agile squads; and, bring IS policy and standard expertise into the Agile Scrum squads.
- Experienced in conducting and reviewing results from software security technical testing tools to identify vulnerabilities and contextualize business impact of cyber risks respectively.
- Design, develop and execute NIST based cyber risk assessments practices and strategy by building and maintaining industry risk-based risk management practices.
- Identify, measure, monitor, report on security risks within the information technology domain, and assess the adequacy of controls including information security, cyber security, software security practices and mitigations practices for technical vulnerabilities.
- Overall, 7 years plus on enterprise cyber risk assessment and management and software security practices or equivalent experiences
- Possession of or the ability to obtain and maintain National Security Clearance, which includes U.S. Citizenship
- Understanding of risk management and control frameworks (NIST 800-53) and industry best practices. Understanding of vulnerability risk impact on key objectives and critical processes; ability to link risk management programs and initiatives to inform critical business strategies and processes
- Knowledge of and experience implementing industry standards, frameworks, and best practices in cyber risk management programs, practices, and processes inclusive of risk identification, analysis, response, communication, monitoring and escalation.
Yoh, a Day & Zimmermann company, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Visit https://www.yoh.com/applicants-with-disabilities
to contact us if you are an individual with a disability and require accommodation in the application process.