Overview Bring your ideas. Make history. BNY Mellon offers an exciting array of future-forward careers at the intersection of business, finance, and technology. We are one of the world's top asset management and banking firms that manages trillions of dollars in assets, custody and/or administration. Known as the "bank of banks" - 97% of the world's top banks work with us as we lead and serve our customers into the new era of digital. With over 240 years of rich history and industry firsts, BNY Mellon has been built upon our proven ability to evolve, lead, and drive new ideas at every turn. Today, we're approximately 50,000 employees across 35 countries with a culture that empowers you to grow, take risks, experiment and be yourself. This is what is all about. We're seeking a future team member for the role of Director to join our Technology Audit team. This role is located in New York, NY - Flexible. In this role, you'll make an impact in the following ways: Execute annual auditable entity risk assessments Define the annual audit plan Set individual audit scope and testing Oversee successful execution of audits, in line with audit department methodology and professional standards Identifying risk-based gaps in the firm's technology systems and processes Lead issue discussions with management and obtain appropriate remedial actions Manage the performance and development of staff and the achievement of staff goals and objectives Maintaining relationships with key technology staff to stay abreast of new developments or control breakdowns Engage in relevant training regarding audit, businesses, financial controls, regulations, or a particular specialty and actively seek to apply this knowledge in the role and pass on to the wider audit team. Prioritizing project workflows. Investigating unexpected situations, providing thoughtful analysis and resolution To be successful in this role, we're seeking the following: An inquisitive individual with an in-depth understanding of processes, risks, controls, tools, and techniques in cyber security areas including: Vulnerability Management Threat Detection and Response Mitre Att&ck Framework NIST Cybersecurity Framework FFIEC Information Security Guidance Threat Intelligence Advanced Persistent Threat Detection and Response Static and Dynamic Code Scanning and Secure SDLC Cybersecurity Incident Response and Reporting Security Monitoring processes and SIEM tools Identity and Access Management Ability to manage global projects on time and within budget Experience with managing and motivating a global team Ability to collaborate with members of other audit team Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field (Master's degree preferred). Minimum of 15 years of experience in IT auditing and cybersecurity. Proven experience in conducting IT audits. Strong technical knowledge of IT systems, networks, and cybersecurity protocols. Professional certifications such as CISA, CISSP, or CISM are highly desirable. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills. Ability to lead a team and manage senior stakeholders across the firm At BNY Mellon, our inclusive culture speaks for itself. Here's a few of our awards: Fortune World's Most Admired Companies & Top 20 for Diversity and Inclusion Bloomberg's Gender Equality Index (GEI) Human Rights Campaign Foundation, 100% score Corporate Equality Index Best Places to Work for Disability Inclusion , Disability: IN - 100% score 100 Best Workplaces for Innovators, Fast Company CDP's Climate Change 'A List' Our Benefits: BNY Mellon offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves that can support you and your family through moments that matter. BNY Mellon assesses market data to ensure a competitive compensation package for our employees. The base salary for this position is expected to be between $136,500 and $275,000 per year at the commencement of employment. However, base salary if hired will be determined on an individualized basis, including as to experience and market location, and is only part of the BNYM total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, short and long-term incentive packages, and Company-sponsored benefit programs. This position is at-will and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation) at any time, including for reasons related to individual performance, change in geographic location, Company or individual department/team performance, and market factors. Employer Description: For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments and safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon. EEO Statement: BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals With Disabilities/Protected Veterans. Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.
04/27/2024
Full time
Overview Bring your ideas. Make history. BNY Mellon offers an exciting array of future-forward careers at the intersection of business, finance, and technology. We are one of the world's top asset management and banking firms that manages trillions of dollars in assets, custody and/or administration. Known as the "bank of banks" - 97% of the world's top banks work with us as we lead and serve our customers into the new era of digital. With over 240 years of rich history and industry firsts, BNY Mellon has been built upon our proven ability to evolve, lead, and drive new ideas at every turn. Today, we're approximately 50,000 employees across 35 countries with a culture that empowers you to grow, take risks, experiment and be yourself. This is what is all about. We're seeking a future team member for the role of Director to join our Technology Audit team. This role is located in New York, NY - Flexible. In this role, you'll make an impact in the following ways: Execute annual auditable entity risk assessments Define the annual audit plan Set individual audit scope and testing Oversee successful execution of audits, in line with audit department methodology and professional standards Identifying risk-based gaps in the firm's technology systems and processes Lead issue discussions with management and obtain appropriate remedial actions Manage the performance and development of staff and the achievement of staff goals and objectives Maintaining relationships with key technology staff to stay abreast of new developments or control breakdowns Engage in relevant training regarding audit, businesses, financial controls, regulations, or a particular specialty and actively seek to apply this knowledge in the role and pass on to the wider audit team. Prioritizing project workflows. Investigating unexpected situations, providing thoughtful analysis and resolution To be successful in this role, we're seeking the following: An inquisitive individual with an in-depth understanding of processes, risks, controls, tools, and techniques in cyber security areas including: Vulnerability Management Threat Detection and Response Mitre Att&ck Framework NIST Cybersecurity Framework FFIEC Information Security Guidance Threat Intelligence Advanced Persistent Threat Detection and Response Static and Dynamic Code Scanning and Secure SDLC Cybersecurity Incident Response and Reporting Security Monitoring processes and SIEM tools Identity and Access Management Ability to manage global projects on time and within budget Experience with managing and motivating a global team Ability to collaborate with members of other audit team Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field (Master's degree preferred). Minimum of 15 years of experience in IT auditing and cybersecurity. Proven experience in conducting IT audits. Strong technical knowledge of IT systems, networks, and cybersecurity protocols. Professional certifications such as CISA, CISSP, or CISM are highly desirable. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills. Ability to lead a team and manage senior stakeholders across the firm At BNY Mellon, our inclusive culture speaks for itself. Here's a few of our awards: Fortune World's Most Admired Companies & Top 20 for Diversity and Inclusion Bloomberg's Gender Equality Index (GEI) Human Rights Campaign Foundation, 100% score Corporate Equality Index Best Places to Work for Disability Inclusion , Disability: IN - 100% score 100 Best Workplaces for Innovators, Fast Company CDP's Climate Change 'A List' Our Benefits: BNY Mellon offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves that can support you and your family through moments that matter. BNY Mellon assesses market data to ensure a competitive compensation package for our employees. The base salary for this position is expected to be between $136,500 and $275,000 per year at the commencement of employment. However, base salary if hired will be determined on an individualized basis, including as to experience and market location, and is only part of the BNYM total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, short and long-term incentive packages, and Company-sponsored benefit programs. This position is at-will and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation) at any time, including for reasons related to individual performance, change in geographic location, Company or individual department/team performance, and market factors. Employer Description: For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments and safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon. EEO Statement: BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals With Disabilities/Protected Veterans. Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.
Executive Management Services, LLC
Monterey, California
INTRODUCTION Contractor services are required to assist FLENUMMETOCCEN personnel in providing cybersecurity services in support of the Information Systems Security Officer (ISSO) (Windows) activities for the Cyber Security group. Work will include planning, scanning, validation, analysis, documentation, reporting and coordination of Cybersecurity (CS) requirements for Windows computing systems. SCOPE This requirement is for surge support to assist FLENUMMETOCCEN in providing cybersecurity services in support of the ISSO (Windows) activities for the Cybersecurity group. The scope includes: • Perform assigned CS duties associated with unclassified, classified Microsoft Windows systems • Perform assigned CS duties associated with unclassified and classified network systems • Perform assigned CS tasks using established Federal, DOD and Navy CS policies and procedures • Perform work that is varied, may be somewhat difficult in nature and involves limited technical direction • Perform Cyber Security Officer duties to include incident handling, event management, network analysis, system-level auditing per established Federal, DOD and Navy CS policies and procedures • Coordinate with DOD and Navy agencies for resolution of all CS incidents and event management issues • Scan, monitor, audit, harden and implement CS safeguards for MS Windows systems in accordance with Federal, DOD and Navy CS policy and procedures • Report unauthorized physical and electronic access to MS Windows system • Perform MS Windows system device log analyses for unauthorized access or unauthorized elevation of permissions and note any deviance from normal system activities • Assess MS Windows system CS defensive posture, report gaps, and recommend solutions to harden systems per Federal, DOD and Navy CS policy and procedures • Provide information to ISSM in support of Certification and Accreditation (C&A) data calls and compliance initiatives • Assist in conducting CS safeguard tests in accordance with ISSM guidance • Participate in CS risk assessments • Participate in CS Continuity of Operations planning, testing and evaluation • Ensure necessary reporting is captured and maintained for evaluation per ISSM guidance • Ensure conformity of password policies per Federal, DOD and Navy CS policy and procedure • Provide and monitor security counter measures per Federal, DOD and Navy CS policy and procedure • Assist with coordination of CS activities associated with remote access per ISSM guidance • Comply with Federal, DOD and Navy CS policy and procedure regarding the proper handling of personal, confidential and privacy act information • Attend meetings • Perform work with limited technical direction and in accordance with ISSM guidance • Coordinate timely notification and resolution of pending CS issues to include FISMA POA&M, pending items in the Vulnerability Remediation Asset Manager (VRAM) SPECIFIC TASKING The objective of this requirement is to provide senior-level support services to the Windows ISSO, assuring FNMOC computer systems are maintaining a high-degree of CS defensive safeguards and adherence to approved Federal, DOD and Navy CS compliance objectives. The vendor shall: 1. Leverage the Windows System Baseline Activity 2. Leverage the Windows System Baselines to Detect Anomalies Associated With System 3. Conduct Daily Inspections of the Windows Systems Baselines 4. Conduct daily inspections of the Windows Systems device logs for unauthorized electronic access and/or permissions escalation 5. Work with third party government agencies to report, resolve and prevent CS incidents and events of concern 6. Provide weekly status report (WSR) to the ISSM. The WSR shall provide details around the following: • Results of physical and electronic inspections • Percent of systems evaluated • Any modification to system baselines • Synopsis of anomalies observed • Synopsis of CS incidents detected and being worked • Synopsis CS events detected and being worked • Known vulnerabilities • Recommendations to shore up system device CS defensive posture • Any other pertinent information to the day's CS detection activity 7. Participate in technical meetings 8. Assist the ISSM in creating and presenting documents pertaining to CS policy, technical procedures, and guidelines. Documents can include CS Requirements, Risk Assessments, and Policy Statements 9. Provide monthly status reports (MSRs) to the ISSM and Technical Assistant. The MSR shall provide a high-level monthly summary of activities and project challenges as well as anticipated direction. The MSR shall contain the following sections: • A Brief Description of Requirements • Summary of Accomplishments and Significant Events • Deliverables Assigned/Milestones/Status • Deliverables Submitted • Current or Anticipated Issues • Government-Identified Topics and Issues • Summary of Activity Planned for the Next Reporting Period • Task Financial Status • Resource Planning/Status 10. Work with the ISSM in conducting internal audits of the IT infrastructure. Ensure necessary CS reporting is captured and maintained for future evaluation. 11. Ensure conformity of password policies per Federal, DOD and Navy CS policy and procedure 12. Provide and monitor security counter-measures per Federal, DOD and Navy CS policy and procedure. 13. Assist with coordination and evaluation of CS activities related to remote access, including Virtual Private Networking (VPN) 14. Coordinate timely notification and resolution of pending CS issues to include Federal Information System Management Act (FISMA) Plan of Action and Milestones (POA&M) and pending items in the Vulnerability Remediation Asset Manager (VRAM) 15. Comply with SECNAVINST 5239. 20A, "Department of the Navy Cyberspace Information Technology and Cybersecurity Workforce Management and Qualification" (also see DOD 8570.01-M), program development, coordination, and administration. PLACE OF PERFORMANCE The primary place of performance shall be on-site at the FLENUMMETOCCEN facility located at 7 Grace Hopper Avenue, Monterey, CA 93943. The primary work setting is a general office area environment. Contactor tasks may require work anywhere within the FLENUMMETOCCEN compound including the computer center(s).
04/22/2024
Full time
INTRODUCTION Contractor services are required to assist FLENUMMETOCCEN personnel in providing cybersecurity services in support of the Information Systems Security Officer (ISSO) (Windows) activities for the Cyber Security group. Work will include planning, scanning, validation, analysis, documentation, reporting and coordination of Cybersecurity (CS) requirements for Windows computing systems. SCOPE This requirement is for surge support to assist FLENUMMETOCCEN in providing cybersecurity services in support of the ISSO (Windows) activities for the Cybersecurity group. The scope includes: • Perform assigned CS duties associated with unclassified, classified Microsoft Windows systems • Perform assigned CS duties associated with unclassified and classified network systems • Perform assigned CS tasks using established Federal, DOD and Navy CS policies and procedures • Perform work that is varied, may be somewhat difficult in nature and involves limited technical direction • Perform Cyber Security Officer duties to include incident handling, event management, network analysis, system-level auditing per established Federal, DOD and Navy CS policies and procedures • Coordinate with DOD and Navy agencies for resolution of all CS incidents and event management issues • Scan, monitor, audit, harden and implement CS safeguards for MS Windows systems in accordance with Federal, DOD and Navy CS policy and procedures • Report unauthorized physical and electronic access to MS Windows system • Perform MS Windows system device log analyses for unauthorized access or unauthorized elevation of permissions and note any deviance from normal system activities • Assess MS Windows system CS defensive posture, report gaps, and recommend solutions to harden systems per Federal, DOD and Navy CS policy and procedures • Provide information to ISSM in support of Certification and Accreditation (C&A) data calls and compliance initiatives • Assist in conducting CS safeguard tests in accordance with ISSM guidance • Participate in CS risk assessments • Participate in CS Continuity of Operations planning, testing and evaluation • Ensure necessary reporting is captured and maintained for evaluation per ISSM guidance • Ensure conformity of password policies per Federal, DOD and Navy CS policy and procedure • Provide and monitor security counter measures per Federal, DOD and Navy CS policy and procedure • Assist with coordination of CS activities associated with remote access per ISSM guidance • Comply with Federal, DOD and Navy CS policy and procedure regarding the proper handling of personal, confidential and privacy act information • Attend meetings • Perform work with limited technical direction and in accordance with ISSM guidance • Coordinate timely notification and resolution of pending CS issues to include FISMA POA&M, pending items in the Vulnerability Remediation Asset Manager (VRAM) SPECIFIC TASKING The objective of this requirement is to provide senior-level support services to the Windows ISSO, assuring FNMOC computer systems are maintaining a high-degree of CS defensive safeguards and adherence to approved Federal, DOD and Navy CS compliance objectives. The vendor shall: 1. Leverage the Windows System Baseline Activity 2. Leverage the Windows System Baselines to Detect Anomalies Associated With System 3. Conduct Daily Inspections of the Windows Systems Baselines 4. Conduct daily inspections of the Windows Systems device logs for unauthorized electronic access and/or permissions escalation 5. Work with third party government agencies to report, resolve and prevent CS incidents and events of concern 6. Provide weekly status report (WSR) to the ISSM. The WSR shall provide details around the following: • Results of physical and electronic inspections • Percent of systems evaluated • Any modification to system baselines • Synopsis of anomalies observed • Synopsis of CS incidents detected and being worked • Synopsis CS events detected and being worked • Known vulnerabilities • Recommendations to shore up system device CS defensive posture • Any other pertinent information to the day's CS detection activity 7. Participate in technical meetings 8. Assist the ISSM in creating and presenting documents pertaining to CS policy, technical procedures, and guidelines. Documents can include CS Requirements, Risk Assessments, and Policy Statements 9. Provide monthly status reports (MSRs) to the ISSM and Technical Assistant. The MSR shall provide a high-level monthly summary of activities and project challenges as well as anticipated direction. The MSR shall contain the following sections: • A Brief Description of Requirements • Summary of Accomplishments and Significant Events • Deliverables Assigned/Milestones/Status • Deliverables Submitted • Current or Anticipated Issues • Government-Identified Topics and Issues • Summary of Activity Planned for the Next Reporting Period • Task Financial Status • Resource Planning/Status 10. Work with the ISSM in conducting internal audits of the IT infrastructure. Ensure necessary CS reporting is captured and maintained for future evaluation. 11. Ensure conformity of password policies per Federal, DOD and Navy CS policy and procedure 12. Provide and monitor security counter-measures per Federal, DOD and Navy CS policy and procedure. 13. Assist with coordination and evaluation of CS activities related to remote access, including Virtual Private Networking (VPN) 14. Coordinate timely notification and resolution of pending CS issues to include Federal Information System Management Act (FISMA) Plan of Action and Milestones (POA&M) and pending items in the Vulnerability Remediation Asset Manager (VRAM) 15. Comply with SECNAVINST 5239. 20A, "Department of the Navy Cyberspace Information Technology and Cybersecurity Workforce Management and Qualification" (also see DOD 8570.01-M), program development, coordination, and administration. PLACE OF PERFORMANCE The primary place of performance shall be on-site at the FLENUMMETOCCEN facility located at 7 Grace Hopper Avenue, Monterey, CA 93943. The primary work setting is a general office area environment. Contactor tasks may require work anywhere within the FLENUMMETOCCEN compound including the computer center(s).
Overview Bring your ideas. Make history. BNY Mellon offers an exciting array of future-forward careers at the intersection of business, finance, and technology. We are one of the world's top asset management and banking firms that manages trillions of dollars in assets, custody and/or administration. Known as the "bank of banks" - 97% of the world's top banks work with us as we lead and serve our customers into the new era of digital. With over 240 years of rich history and industry firsts, BNY Mellon has been built upon our proven ability to evolve, lead, and drive new ideas at every turn. Today, we're approximately 50,000 employees across 35 countries with a culture that empowers you to grow, take risks, experiment and be yourself. This is what is all about. We're seeking a future team member for the role of Director to join our Technology Audit team. This role is located in New York, NY - Flexible. In this role, you'll make an impact in the following ways: Execute annual auditable entity risk assessments Define the annual audit plan Set individual audit scope and testing Oversee successful execution of audits, in line with audit department methodology and professional standards Identifying risk-based gaps in the firm's technology systems and processes Lead issue discussions with management and obtain appropriate remedial actions Manage the performance and development of staff and the achievement of staff goals and objectives Maintaining relationships with key technology staff to stay abreast of new developments or control breakdowns Engage in relevant training regarding audit, businesses, financial controls, regulations, or a particular specialty and actively seek to apply this knowledge in the role and pass on to the wider audit team. Prioritizing project workflows. Investigating unexpected situations, providing thoughtful analysis and resolution To be successful in this role, we're seeking the following: An inquisitive individual with an in-depth understanding of processes, risks, controls, tools, and techniques in cyber security areas including: Vulnerability Management Threat Detection and Response Mitre Att&ck Framework NIST Cybersecurity Framework FFIEC Information Security Guidance Threat Intelligence Advanced Persistent Threat Detection and Response Static and Dynamic Code Scanning and Secure SDLC Cybersecurity Incident Response and Reporting Security Monitoring processes and SIEM tools Identity and Access Management Ability to manage global projects on time and within budget Experience with managing and motivating a global team Ability to collaborate with members of other audit team Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field (Master's degree preferred). Minimum of 15 years of experience in IT auditing and cybersecurity. Proven experience in conducting IT audits. Strong technical knowledge of IT systems, networks, and cybersecurity protocols. Professional certifications such as CISA, CISSP, or CISM are highly desirable. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills. Ability to lead a team and manage senior stakeholders across the firm At BNY Mellon, our inclusive culture speaks for itself. Here's a few of our awards: Fortune World's Most Admired Companies & Top 20 for Diversity and Inclusion Bloomberg's Gender Equality Index (GEI) Human Rights Campaign Foundation, 100% score Corporate Equality Index Best Places to Work for Disability Inclusion , Disability: IN - 100% score 100 Best Workplaces for Innovators, Fast Company CDP's Climate Change 'A List' Our Benefits: BNY Mellon offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves that can support you and your family through moments that matter. BNY Mellon assesses market data to ensure a competitive compensation package for our employees. The base salary for this position is expected to be between $136,500 and $275,000 per year at the commencement of employment. However, base salary if hired will be determined on an individualized basis, including as to experience and market location, and is only part of the BNYM total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, short and long-term incentive packages, and Company-sponsored benefit programs. This position is at-will and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation) at any time, including for reasons related to individual performance, change in geographic location, Company or individual department/team performance, and market factors. Employer Description: For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments and safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon. EEO Statement: BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals With Disabilities/Protected Veterans. Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.
04/20/2024
Full time
Overview Bring your ideas. Make history. BNY Mellon offers an exciting array of future-forward careers at the intersection of business, finance, and technology. We are one of the world's top asset management and banking firms that manages trillions of dollars in assets, custody and/or administration. Known as the "bank of banks" - 97% of the world's top banks work with us as we lead and serve our customers into the new era of digital. With over 240 years of rich history and industry firsts, BNY Mellon has been built upon our proven ability to evolve, lead, and drive new ideas at every turn. Today, we're approximately 50,000 employees across 35 countries with a culture that empowers you to grow, take risks, experiment and be yourself. This is what is all about. We're seeking a future team member for the role of Director to join our Technology Audit team. This role is located in New York, NY - Flexible. In this role, you'll make an impact in the following ways: Execute annual auditable entity risk assessments Define the annual audit plan Set individual audit scope and testing Oversee successful execution of audits, in line with audit department methodology and professional standards Identifying risk-based gaps in the firm's technology systems and processes Lead issue discussions with management and obtain appropriate remedial actions Manage the performance and development of staff and the achievement of staff goals and objectives Maintaining relationships with key technology staff to stay abreast of new developments or control breakdowns Engage in relevant training regarding audit, businesses, financial controls, regulations, or a particular specialty and actively seek to apply this knowledge in the role and pass on to the wider audit team. Prioritizing project workflows. Investigating unexpected situations, providing thoughtful analysis and resolution To be successful in this role, we're seeking the following: An inquisitive individual with an in-depth understanding of processes, risks, controls, tools, and techniques in cyber security areas including: Vulnerability Management Threat Detection and Response Mitre Att&ck Framework NIST Cybersecurity Framework FFIEC Information Security Guidance Threat Intelligence Advanced Persistent Threat Detection and Response Static and Dynamic Code Scanning and Secure SDLC Cybersecurity Incident Response and Reporting Security Monitoring processes and SIEM tools Identity and Access Management Ability to manage global projects on time and within budget Experience with managing and motivating a global team Ability to collaborate with members of other audit team Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field (Master's degree preferred). Minimum of 15 years of experience in IT auditing and cybersecurity. Proven experience in conducting IT audits. Strong technical knowledge of IT systems, networks, and cybersecurity protocols. Professional certifications such as CISA, CISSP, or CISM are highly desirable. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills. Ability to lead a team and manage senior stakeholders across the firm At BNY Mellon, our inclusive culture speaks for itself. Here's a few of our awards: Fortune World's Most Admired Companies & Top 20 for Diversity and Inclusion Bloomberg's Gender Equality Index (GEI) Human Rights Campaign Foundation, 100% score Corporate Equality Index Best Places to Work for Disability Inclusion , Disability: IN - 100% score 100 Best Workplaces for Innovators, Fast Company CDP's Climate Change 'A List' Our Benefits: BNY Mellon offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves that can support you and your family through moments that matter. BNY Mellon assesses market data to ensure a competitive compensation package for our employees. The base salary for this position is expected to be between $136,500 and $275,000 per year at the commencement of employment. However, base salary if hired will be determined on an individualized basis, including as to experience and market location, and is only part of the BNYM total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, short and long-term incentive packages, and Company-sponsored benefit programs. This position is at-will and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation) at any time, including for reasons related to individual performance, change in geographic location, Company or individual department/team performance, and market factors. Employer Description: For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments and safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon. EEO Statement: BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals With Disabilities/Protected Veterans. Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.
Overview Bring your ideas. Make history. BNY Mellon offers an exciting array of future-forward careers at the intersection of business, finance, and technology. We are one of the world's top asset management and banking firms that manages trillions of dollars in assets, custody and/or administration. Known as the "bank of banks" - 97% of the world's top banks work with us as we lead and serve our customers into the new era of digital. With over 240 years of rich history and industry firsts, BNY Mellon has been built upon our proven ability to evolve, lead, and drive new ideas at every turn. Today, we're approximately 50,000 employees across 35 countries with a culture that empowers you to grow, take risks, experiment and be yourself. This is what is all about. We're seeking a future team member for the role of Director to join our Technology Audit team. This role is located in New York, NY - Flexible. In this role, you'll make an impact in the following ways: Execute annual auditable entity risk assessments Define the annual audit plan Set individual audit scope and testing Oversee successful execution of audits, in line with audit department methodology and professional standards Identifying risk-based gaps in the firm's technology systems and processes Lead issue discussions with management and obtain appropriate remedial actions Manage the performance and development of staff and the achievement of staff goals and objectives Maintaining relationships with key technology staff to stay abreast of new developments or control breakdowns Engage in relevant training regarding audit, businesses, financial controls, regulations, or a particular specialty and actively seek to apply this knowledge in the role and pass on to the wider audit team. Prioritizing project workflows. Investigating unexpected situations, providing thoughtful analysis and resolution To be successful in this role, we're seeking the following: An inquisitive individual with an in-depth understanding of processes, risks, controls, tools, and techniques in cyber security areas including: Vulnerability Management Threat Detection and Response Mitre Att&ck Framework NIST Cybersecurity Framework FFIEC Information Security Guidance Threat Intelligence Advanced Persistent Threat Detection and Response Static and Dynamic Code Scanning and Secure SDLC Cybersecurity Incident Response and Reporting Security Monitoring processes and SIEM tools Identity and Access Management Ability to manage global projects on time and within budget Experience with managing and motivating a global team Ability to collaborate with members of other audit team Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field (Master's degree preferred). Minimum of 15 years of experience in IT auditing and cybersecurity. Proven experience in conducting IT audits. Strong technical knowledge of IT systems, networks, and cybersecurity protocols. Professional certifications such as CISA, CISSP, or CISM are highly desirable. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills. Ability to lead a team and manage senior stakeholders across the firm At BNY Mellon, our inclusive culture speaks for itself. Here's a few of our awards: Fortune World's Most Admired Companies & Top 20 for Diversity and Inclusion Bloomberg's Gender Equality Index (GEI) Human Rights Campaign Foundation, 100% score Corporate Equality Index Best Places to Work for Disability Inclusion , Disability: IN - 100% score 100 Best Workplaces for Innovators, Fast Company CDP's Climate Change 'A List' Our Benefits: BNY Mellon offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves that can support you and your family through moments that matter. BNY Mellon assesses market data to ensure a competitive compensation package for our employees. The base salary for this position is expected to be between $136,500 and $275,000 per year at the commencement of employment. However, base salary if hired will be determined on an individualized basis, including as to experience and market location, and is only part of the BNYM total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, short and long-term incentive packages, and Company-sponsored benefit programs. This position is at-will and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation) at any time, including for reasons related to individual performance, change in geographic location, Company or individual department/team performance, and market factors. Employer Description: For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments and safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon. EEO Statement: BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals With Disabilities/Protected Veterans. Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.
04/20/2024
Full time
Overview Bring your ideas. Make history. BNY Mellon offers an exciting array of future-forward careers at the intersection of business, finance, and technology. We are one of the world's top asset management and banking firms that manages trillions of dollars in assets, custody and/or administration. Known as the "bank of banks" - 97% of the world's top banks work with us as we lead and serve our customers into the new era of digital. With over 240 years of rich history and industry firsts, BNY Mellon has been built upon our proven ability to evolve, lead, and drive new ideas at every turn. Today, we're approximately 50,000 employees across 35 countries with a culture that empowers you to grow, take risks, experiment and be yourself. This is what is all about. We're seeking a future team member for the role of Director to join our Technology Audit team. This role is located in New York, NY - Flexible. In this role, you'll make an impact in the following ways: Execute annual auditable entity risk assessments Define the annual audit plan Set individual audit scope and testing Oversee successful execution of audits, in line with audit department methodology and professional standards Identifying risk-based gaps in the firm's technology systems and processes Lead issue discussions with management and obtain appropriate remedial actions Manage the performance and development of staff and the achievement of staff goals and objectives Maintaining relationships with key technology staff to stay abreast of new developments or control breakdowns Engage in relevant training regarding audit, businesses, financial controls, regulations, or a particular specialty and actively seek to apply this knowledge in the role and pass on to the wider audit team. Prioritizing project workflows. Investigating unexpected situations, providing thoughtful analysis and resolution To be successful in this role, we're seeking the following: An inquisitive individual with an in-depth understanding of processes, risks, controls, tools, and techniques in cyber security areas including: Vulnerability Management Threat Detection and Response Mitre Att&ck Framework NIST Cybersecurity Framework FFIEC Information Security Guidance Threat Intelligence Advanced Persistent Threat Detection and Response Static and Dynamic Code Scanning and Secure SDLC Cybersecurity Incident Response and Reporting Security Monitoring processes and SIEM tools Identity and Access Management Ability to manage global projects on time and within budget Experience with managing and motivating a global team Ability to collaborate with members of other audit team Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field (Master's degree preferred). Minimum of 15 years of experience in IT auditing and cybersecurity. Proven experience in conducting IT audits. Strong technical knowledge of IT systems, networks, and cybersecurity protocols. Professional certifications such as CISA, CISSP, or CISM are highly desirable. Excellent analytical and problem-solving skills. Strong communication and interpersonal skills. Ability to lead a team and manage senior stakeholders across the firm At BNY Mellon, our inclusive culture speaks for itself. Here's a few of our awards: Fortune World's Most Admired Companies & Top 20 for Diversity and Inclusion Bloomberg's Gender Equality Index (GEI) Human Rights Campaign Foundation, 100% score Corporate Equality Index Best Places to Work for Disability Inclusion , Disability: IN - 100% score 100 Best Workplaces for Innovators, Fast Company CDP's Climate Change 'A List' Our Benefits: BNY Mellon offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves that can support you and your family through moments that matter. BNY Mellon assesses market data to ensure a competitive compensation package for our employees. The base salary for this position is expected to be between $136,500 and $275,000 per year at the commencement of employment. However, base salary if hired will be determined on an individualized basis, including as to experience and market location, and is only part of the BNYM total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, short and long-term incentive packages, and Company-sponsored benefit programs. This position is at-will and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation) at any time, including for reasons related to individual performance, change in geographic location, Company or individual department/team performance, and market factors. Employer Description: For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments and safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon. EEO Statement: BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals With Disabilities/Protected Veterans. Our ambition is to build the best global team - one that is representative and inclusive of the diverse talent, clients and communities we work with and serve - and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.
Who is Saliense? Saliense is a growing Management and Technology Consulting Solutions provider based out of Mclean, VA. We work to solve our client's toughest challenges within the Defense, Civilian, Financial, and Healthcare industries. Our diverse employees support vital missions for government and commercial customers. For more information, visit . Why Saliense? In addition to providing a fun, energetic environment that promotes innovation and personal growth, we offer excellent compensation packages with plenty of opportunities for advancement. We pay 100% of the premiums for employee Healthcare, including medical, dental, and vision. We offer a 401K match, and all company contributions are 100% vested immediately. Since we believe in work-life balance so much, we offer 20 days of paid leave per year. Use it as you need it or use it all at once and go travel for a month! We are proud to offer parental leave. There are many more - connect with us to get a preview of the full benefits package. Job Title: Senior ISSO (Senior Technical Consultant) This is a REMOTE position but must be local to DMV area. Duties & Responsibilities: The Senior Information System Security Officer serves as the primary cybersecurity point of contact for work performed under the contract possessing an in-depth knowledge of federal information system security policy, industry best practices, security control assessments, Plan of Action and Milestones (POA&M) management, system authorizations, configuration management, and system analysis. Functions as the highest-level individual contributor in this area; has a high level of diverse technical and industry experience Acts as a recognized technical expert providing technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation. From a technical perspective the Senior Information System Security Officer is responsible for designing and implementing solutions for protecting the confidentiality, integrity, and availability of sensitive information. Provides technical evaluations of customer systems and assists with making security improvements. Participates in design of information system contingency plans that maintain appropriate levels of protection and meet time requirements for minimizing operations impact to customer organization. Conducts security product evaluations, and recommends products, technologies, and upgrades to improve the customer's security posture. Requirements: 10+ Years of federal information systems security experience BS/BA in Computer Science, Information Systems, Engineering, Business, Physical Science, or other technology-related discipline. Professional Certification: Must have and maintain one or more of the following IAT Level III certifications: Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), CompTIA Advanced Security Practitioner (CASP+) certified or other cyber security professional certifications and relevant information security technology expertise, US Citizenship & ACTIVE TS CLEARANCE REQUIRED Technical Skills: - Experience with RMF and applying the NIST Cybersecurity Framework. - Possesses an in-depth knowledge of federal information system security policy, industry best practices, security control assessments, Plan of Action and Milestones (POA&M) management, system authorizations, configuration management, and system analysis - Experience designing and implementing solutions for protecting the confidentiality, integrity, and availability of sensitive information. - A technical expert providing technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation. - Experience designing and implementing solutions for protecting the confidentiality, integrity, and availability of sensitive information. - Experience using CSAM. - Solid understanding and application of NIST Special Publications including SP 800-53, SP 800-137, SP 800-171, and SP 800-37. - Solid understanding of FISMA audit requirements. - Solid understanding of IT audit requirements. - Ability to work with cooperatively and at a technical level with developers, engineers, and managers on system teams. - Knowledge of computer networking concepts, protocols, and network security methodologies. - Knowledge of risk management processes and tools (e.g., methods and tools for assessing and mitigating risks). - Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy in a federal environment. - Knowledge of current and past cybersecurity threats and vulnerabilities. Saliense Consulting LLC provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
04/20/2024
Full time
Who is Saliense? Saliense is a growing Management and Technology Consulting Solutions provider based out of Mclean, VA. We work to solve our client's toughest challenges within the Defense, Civilian, Financial, and Healthcare industries. Our diverse employees support vital missions for government and commercial customers. For more information, visit . Why Saliense? In addition to providing a fun, energetic environment that promotes innovation and personal growth, we offer excellent compensation packages with plenty of opportunities for advancement. We pay 100% of the premiums for employee Healthcare, including medical, dental, and vision. We offer a 401K match, and all company contributions are 100% vested immediately. Since we believe in work-life balance so much, we offer 20 days of paid leave per year. Use it as you need it or use it all at once and go travel for a month! We are proud to offer parental leave. There are many more - connect with us to get a preview of the full benefits package. Job Title: Senior ISSO (Senior Technical Consultant) This is a REMOTE position but must be local to DMV area. Duties & Responsibilities: The Senior Information System Security Officer serves as the primary cybersecurity point of contact for work performed under the contract possessing an in-depth knowledge of federal information system security policy, industry best practices, security control assessments, Plan of Action and Milestones (POA&M) management, system authorizations, configuration management, and system analysis. Functions as the highest-level individual contributor in this area; has a high level of diverse technical and industry experience Acts as a recognized technical expert providing technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation. From a technical perspective the Senior Information System Security Officer is responsible for designing and implementing solutions for protecting the confidentiality, integrity, and availability of sensitive information. Provides technical evaluations of customer systems and assists with making security improvements. Participates in design of information system contingency plans that maintain appropriate levels of protection and meet time requirements for minimizing operations impact to customer organization. Conducts security product evaluations, and recommends products, technologies, and upgrades to improve the customer's security posture. Requirements: 10+ Years of federal information systems security experience BS/BA in Computer Science, Information Systems, Engineering, Business, Physical Science, or other technology-related discipline. Professional Certification: Must have and maintain one or more of the following IAT Level III certifications: Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), CompTIA Advanced Security Practitioner (CASP+) certified or other cyber security professional certifications and relevant information security technology expertise, US Citizenship & ACTIVE TS CLEARANCE REQUIRED Technical Skills: - Experience with RMF and applying the NIST Cybersecurity Framework. - Possesses an in-depth knowledge of federal information system security policy, industry best practices, security control assessments, Plan of Action and Milestones (POA&M) management, system authorizations, configuration management, and system analysis - Experience designing and implementing solutions for protecting the confidentiality, integrity, and availability of sensitive information. - A technical expert providing technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation. - Experience designing and implementing solutions for protecting the confidentiality, integrity, and availability of sensitive information. - Experience using CSAM. - Solid understanding and application of NIST Special Publications including SP 800-53, SP 800-137, SP 800-171, and SP 800-37. - Solid understanding of FISMA audit requirements. - Solid understanding of IT audit requirements. - Ability to work with cooperatively and at a technical level with developers, engineers, and managers on system teams. - Knowledge of computer networking concepts, protocols, and network security methodologies. - Knowledge of risk management processes and tools (e.g., methods and tools for assessing and mitigating risks). - Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy in a federal environment. - Knowledge of current and past cybersecurity threats and vulnerabilities. Saliense Consulting LLC provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Who We Are: TradeStation is an online brokerage firm seeking to level the playing field for self-directed investors and traders, empowering them to claim their individual financial edge. At TradeStation, we're continuously pushing the boundaries of what's possible, encouraging out-of-the-box thinking and relentless search for innovation. What We Are Looking For: The Senior Information Systems and Information Technology Auditor will be an independent contributor and will be responsible for the timely execution of controls testing for Japanese Sarbanes Oxley (JSOX) or U.S. SOX compliance, risk-based audits in accordance with the annual audit plan as well as assisting with other audit matters and subjects. The responsibilities will include supporting the IT Audit lead and the Audit Directors for Finance, Operations and Regulatory audits in the design of testing procedures, executing testing steps to evaluate the adequacy and effectiveness of the Information Systems and Information Technology and work with management to identify remediation plans for observations noted. What You'll Be Doing: Assist with the planning and execution of the IT Audit portion of audit engagements Document test steps and results to standards expected by external auditors Prepare executive ready audit reports Provide guidance on best practices in Information Systems auditing Communicate findings to stakeholders Conduct interviews, gather information, document and/or update prior system matrix and dataflows Identify and document audit issues and recommendations for improvement Work on multiple projects simultaneously and take initiative to manage priorities and meet deadlines Use technical, business, and problem-solving skills to provide in-depth audit and consulting services for system development projects, focusing on business process, application, information technology and project management risks and controls Perform research and attend virtual and live training to maintain and enhance knowledge necessary to effectively support IT Internal Audit and the business Clearly articulate the role and value of the Internal Audit function, underscoring independence, and objectivity Participate in special projects, investigations, due diligence, reorganizations, new products, and system implementations Conduct IT and end to end process internal audits to ensure effective internal controls are in place Manage the completion of all phases of the audit process for assigned IT audits and special projects Consult continuously with the Company's external auditors and provide assistance as needed Conduct the annual testing and internal control assessments required by Sarbanes-Oxley The Skills You Bring: Ability to manage multiple, changing, and competing priorities in a fast-paced, interactive, results-based team environment Ability to balance diplomacy with assertiveness and hold difficult or sensitive discussions with confidence, while gaining and/or maintaining the trust of others Extensive knowledge and experience performing JSOX or SOX Information Technology General Control Testing (ITGC) testing such as access controls, change management, information security and IT operations Extensive knowledge and experience related to Information Technology Application Controls (ITAC) Extensive knowledge of management information systems terminology, concepts, and practices Extensive knowledge of and experience utilizing various methodologies and frameworks, including, pertinent ISO standards, COBIT, COSO, ITIL, NIST, etc. Knowledge of auditing key systems such as Windows OS, SQL, and AWS Able to communicate effectively (orally and written) with professionalism and possess strong presentation skills among all levels of management Experience in documenting process flows and diagrams utilizing tools such as Visio Demonstrates an in-depth and current knowledge of relevant industry trends as it pertains to technology Experience in providing control documentation support for operational and financial audits Proven ability to critically assess, drive action, and deliver meaningful results in a high-paced environment Strong work ethic, initiative, teamwork, and flexibility to assist department in meeting organizational goals Adhere to the highest degree of professional standards including independence, objectivity, fairness, and strict confidentiality Minimum Qualifications: 4-year college degree in Information Systems or other relevant major 2 + years' experience in the financial services or Technology sector 4+ years in public accounting (Big 4) or directly related equivalent A minimum of 4 years' experience in an Internal or External Audit role Solid knowledge of IT Auditing/SOX concepts and practices Experience across various IT domains: cybersecurity, infrastructure, IT operations, Cloud, etc. Experience managing own project portfolio, creating work plans, auditing processes, and writing reports Certified Information Systems Auditor ("CISA") Knowledge on ISA (International Standards on Auditing) Demonstrated ability to provide exemplary leadership within an Audit organization Additional Desired Qualifications: Knowledge on IFRS (International Financial Reporting Standards) Certified Information Systems Security Professional ("CISSP") or Certified Information Security manager ("CISM") valued Certified Internal Auditor ("CIA") highly valued What We Offer: Collaborative work environment Competitive Salaries Yearly bonus Comprehensive benefits for you and your family starting Day 1 Unlimited Paid Time Off Flexible working environment TradeStation Account employee benefits, as well as full access to trading education materials Pay Range (US) $96-113K (Countries outside of the US have differing ranges in accordance with local labor markets) TradeStation provides equal employment opportunities to current and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, sexual orientation, age, pregnancy, disability, handicap, citizenship, veteran or marital status, or any other legally recognized status entitled to protection under federal, state, or local anti-discrimination laws.
04/19/2024
Full time
Who We Are: TradeStation is an online brokerage firm seeking to level the playing field for self-directed investors and traders, empowering them to claim their individual financial edge. At TradeStation, we're continuously pushing the boundaries of what's possible, encouraging out-of-the-box thinking and relentless search for innovation. What We Are Looking For: The Senior Information Systems and Information Technology Auditor will be an independent contributor and will be responsible for the timely execution of controls testing for Japanese Sarbanes Oxley (JSOX) or U.S. SOX compliance, risk-based audits in accordance with the annual audit plan as well as assisting with other audit matters and subjects. The responsibilities will include supporting the IT Audit lead and the Audit Directors for Finance, Operations and Regulatory audits in the design of testing procedures, executing testing steps to evaluate the adequacy and effectiveness of the Information Systems and Information Technology and work with management to identify remediation plans for observations noted. What You'll Be Doing: Assist with the planning and execution of the IT Audit portion of audit engagements Document test steps and results to standards expected by external auditors Prepare executive ready audit reports Provide guidance on best practices in Information Systems auditing Communicate findings to stakeholders Conduct interviews, gather information, document and/or update prior system matrix and dataflows Identify and document audit issues and recommendations for improvement Work on multiple projects simultaneously and take initiative to manage priorities and meet deadlines Use technical, business, and problem-solving skills to provide in-depth audit and consulting services for system development projects, focusing on business process, application, information technology and project management risks and controls Perform research and attend virtual and live training to maintain and enhance knowledge necessary to effectively support IT Internal Audit and the business Clearly articulate the role and value of the Internal Audit function, underscoring independence, and objectivity Participate in special projects, investigations, due diligence, reorganizations, new products, and system implementations Conduct IT and end to end process internal audits to ensure effective internal controls are in place Manage the completion of all phases of the audit process for assigned IT audits and special projects Consult continuously with the Company's external auditors and provide assistance as needed Conduct the annual testing and internal control assessments required by Sarbanes-Oxley The Skills You Bring: Ability to manage multiple, changing, and competing priorities in a fast-paced, interactive, results-based team environment Ability to balance diplomacy with assertiveness and hold difficult or sensitive discussions with confidence, while gaining and/or maintaining the trust of others Extensive knowledge and experience performing JSOX or SOX Information Technology General Control Testing (ITGC) testing such as access controls, change management, information security and IT operations Extensive knowledge and experience related to Information Technology Application Controls (ITAC) Extensive knowledge of management information systems terminology, concepts, and practices Extensive knowledge of and experience utilizing various methodologies and frameworks, including, pertinent ISO standards, COBIT, COSO, ITIL, NIST, etc. Knowledge of auditing key systems such as Windows OS, SQL, and AWS Able to communicate effectively (orally and written) with professionalism and possess strong presentation skills among all levels of management Experience in documenting process flows and diagrams utilizing tools such as Visio Demonstrates an in-depth and current knowledge of relevant industry trends as it pertains to technology Experience in providing control documentation support for operational and financial audits Proven ability to critically assess, drive action, and deliver meaningful results in a high-paced environment Strong work ethic, initiative, teamwork, and flexibility to assist department in meeting organizational goals Adhere to the highest degree of professional standards including independence, objectivity, fairness, and strict confidentiality Minimum Qualifications: 4-year college degree in Information Systems or other relevant major 2 + years' experience in the financial services or Technology sector 4+ years in public accounting (Big 4) or directly related equivalent A minimum of 4 years' experience in an Internal or External Audit role Solid knowledge of IT Auditing/SOX concepts and practices Experience across various IT domains: cybersecurity, infrastructure, IT operations, Cloud, etc. Experience managing own project portfolio, creating work plans, auditing processes, and writing reports Certified Information Systems Auditor ("CISA") Knowledge on ISA (International Standards on Auditing) Demonstrated ability to provide exemplary leadership within an Audit organization Additional Desired Qualifications: Knowledge on IFRS (International Financial Reporting Standards) Certified Information Systems Security Professional ("CISSP") or Certified Information Security manager ("CISM") valued Certified Internal Auditor ("CIA") highly valued What We Offer: Collaborative work environment Competitive Salaries Yearly bonus Comprehensive benefits for you and your family starting Day 1 Unlimited Paid Time Off Flexible working environment TradeStation Account employee benefits, as well as full access to trading education materials Pay Range (US) $96-113K (Countries outside of the US have differing ranges in accordance with local labor markets) TradeStation provides equal employment opportunities to current and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, sexual orientation, age, pregnancy, disability, handicap, citizenship, veteran or marital status, or any other legally recognized status entitled to protection under federal, state, or local anti-discrimination laws.
Empower the Individual Through Crypto Gemini is a crypto exchange and custodian that allows customers to buy, sell, store, and earn more than 30 cryptocurrencies like bitcoin, bitcoin cash, ether, litecoin, and Zcash. Gemini is a New York trust company that is subject to the capital reserve requirements, cybersecurity requirements, and banking compliance standards set forth by the New York State Department of Financial Services and the New York Banking Law. Gemini was founded in 2014 by twin brothers Cameron and Tyler Winklevoss to empower the individual through crypto. Crypto is about giving you greater choice, independence, and opportunity. We are here to help you on your journey. We build crypto products that are simple, elegant, and secure. Whether you are an individual or an institution, we want to help you buy, sell, and store your bitcoin and cryptocurrency. Crypto is not just a technology, it's a movement. At Gemini, our mission is to empower the individual and that includes giving our employees flexibility of choice - our Office Optional Policy allows employees to choose to work from one of our physical locations or from home. Select roles that are location-specific will still be eligible for flexible schedules. The Department: Compliance Compliance at Gemini is a team dedicated to managing the next generation of financial crime in a complex and evolving regulatory environment. We are a diverse group of technology, legal, and operational professionals who develop new approaches to solving classic problems using cutting edge tools and processes. The Role: Senior Associate, Compliance Operations In this role, you will work with a team of experienced compliance professionals responsible for critical functions within the Compliance and AML/BSA/Sanctions program. You will have responsibilities including, but not limited to, triaging a variety of account operations-related issues escalated by cross functional teams across the enterprise, draft and maintain written procedural guides, assist with internal and external audit functions, track and manage ongoing project work, and other critical components/development of the compliance program that may arise from time to time. Gemini's Compliance team is constantly evolving and developing new operations and controls. In this role, you will contribute to that development by rolling-up your sleeves and building the future of money, while being an integral part of a best-in-class compliance department. Responsibilities Monitor and assist with account related escalations. Respond to various account operations requests from teams across the enterprise. Maintain procedural guides for onboarding and account review. Act as a centralized hub for procedural updates and ensure relevant stakeholders are informed. Assist with internal and external audits. Manage onboarding and account review projects by working closely with project managers on technical updates and procedural improvements. Minimum Qualifications BA/BS degree or international equivalent. 5+ years of experience in the financial services industry with a focus on BSA/AML compliance. Previous experience reviewing operational procedures and identifying areas for improvement. Excellent written and verbal communication skills with previous experience developing and maintaining written policies and procedures. Track record of success and results, ideally in a high-growth or entrepreneurial environment. Flexible mindset and a willingness to roll up your sleeves and assist in various compliance functions as needed. Preferred Qualifications Advanced degree/certifications, e.g., JD, MBA, CAMS, CFE. Familiarity with Customer Identification Program (CIP) requirements including KYC best practices. Working knowledge of digital asset trading and blockchain technology. Comfort with an ever-changing regulatory landscape and fast-paced business environment. Experience working with business and project management tools such as Looker and JIRA. At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace and affirmative action employer. If you have a specific need that requires accommodation, please let a member of the People Team know.
09/23/2021
Full time
Empower the Individual Through Crypto Gemini is a crypto exchange and custodian that allows customers to buy, sell, store, and earn more than 30 cryptocurrencies like bitcoin, bitcoin cash, ether, litecoin, and Zcash. Gemini is a New York trust company that is subject to the capital reserve requirements, cybersecurity requirements, and banking compliance standards set forth by the New York State Department of Financial Services and the New York Banking Law. Gemini was founded in 2014 by twin brothers Cameron and Tyler Winklevoss to empower the individual through crypto. Crypto is about giving you greater choice, independence, and opportunity. We are here to help you on your journey. We build crypto products that are simple, elegant, and secure. Whether you are an individual or an institution, we want to help you buy, sell, and store your bitcoin and cryptocurrency. Crypto is not just a technology, it's a movement. At Gemini, our mission is to empower the individual and that includes giving our employees flexibility of choice - our Office Optional Policy allows employees to choose to work from one of our physical locations or from home. Select roles that are location-specific will still be eligible for flexible schedules. The Department: Compliance Compliance at Gemini is a team dedicated to managing the next generation of financial crime in a complex and evolving regulatory environment. We are a diverse group of technology, legal, and operational professionals who develop new approaches to solving classic problems using cutting edge tools and processes. The Role: Senior Associate, Compliance Operations In this role, you will work with a team of experienced compliance professionals responsible for critical functions within the Compliance and AML/BSA/Sanctions program. You will have responsibilities including, but not limited to, triaging a variety of account operations-related issues escalated by cross functional teams across the enterprise, draft and maintain written procedural guides, assist with internal and external audit functions, track and manage ongoing project work, and other critical components/development of the compliance program that may arise from time to time. Gemini's Compliance team is constantly evolving and developing new operations and controls. In this role, you will contribute to that development by rolling-up your sleeves and building the future of money, while being an integral part of a best-in-class compliance department. Responsibilities Monitor and assist with account related escalations. Respond to various account operations requests from teams across the enterprise. Maintain procedural guides for onboarding and account review. Act as a centralized hub for procedural updates and ensure relevant stakeholders are informed. Assist with internal and external audits. Manage onboarding and account review projects by working closely with project managers on technical updates and procedural improvements. Minimum Qualifications BA/BS degree or international equivalent. 5+ years of experience in the financial services industry with a focus on BSA/AML compliance. Previous experience reviewing operational procedures and identifying areas for improvement. Excellent written and verbal communication skills with previous experience developing and maintaining written policies and procedures. Track record of success and results, ideally in a high-growth or entrepreneurial environment. Flexible mindset and a willingness to roll up your sleeves and assist in various compliance functions as needed. Preferred Qualifications Advanced degree/certifications, e.g., JD, MBA, CAMS, CFE. Familiarity with Customer Identification Program (CIP) requirements including KYC best practices. Working knowledge of digital asset trading and blockchain technology. Comfort with an ever-changing regulatory landscape and fast-paced business environment. Experience working with business and project management tools such as Looker and JIRA. At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace and affirmative action employer. If you have a specific need that requires accommodation, please let a member of the People Team know.
Excel MSO is looking for the best and brightest professionals to handle the business side of medical practice so "doctors can be doctors." We are fortunate to have experienced unprecedented growth in the last few years - and we're just getting started. As the largest Independent Physicians Association in Santa Clara County, not only do we partner with the most health plans, but we're also the first Clinically Integrated Network in Silicon Valley. We deeply trust and value our dedicated physicians and employees who provide compassionate care to our 100,000+ patients every day. If you are looking for a rewarding opportunity with an innovative, collaborative, and inspirational team, join us at PMGSJ / Excel MSO, and help us continue to be trailblazers in the transformation of health care. SUMMARY Under general direction of the Senior Director of Information Systems, the Sr. Network Administrator is responsible for providing the leadership and hands on support for company-wide data and network infrastructure and desktop/application initiatives. This position emphasizes anticipating the future direction of the Information Technology industry and relating those changes to current and future infrastructural and organizational projects. Knowledge of the Managed Care industry is preferred and not required. ESSENTIAL DUTIES AND RESPONSIBILITIES Plan, organize, direct, and review the delivery of network and data infrastructure, cybersecurity, and VOIP services. Oversee system infrastructure operations, security management, user technical support, and production job schedules. Assist in the management of policy development and technology planning. Evaluate user needs and system functionality to confirm that systems meet the needs of individuals and projects. Ensure smooth operations of all IT systems and data security in the event of an internal/external attack. Understand and track applicable regulatory and reporting requirements. Provide users secure access to the network, appropriate support, and training. Conduct periodic audits (based on policies and procedures) to ensure compliance with regulatory, enterprise security, and HIPAA requirements. Prepare the IT organization's disaster recovery and business continuity plans, policies, and procedures. Administrate and manage all system databases to improve system efficiency. Work with CIO and senior management to determine and enforce network architecture strategies and standards. Identify issues, trends, and opportunities to improve efficiency, cost effectiveness, and/or quality; develop recommendations and implement solutions to identified issues and opportunities. Establish a stable performance environment by monitoring and analyzing problems. Ensure problems are identified and solved as rapidly and efficiently as possible. Provide and manage utilization and capacity monitoring of all networks, data storage, servers, and phones for management reporting and planning. Perform any other duties as required or assigned. SUPERVISORY RESPONSIBILITIES Manage IT infrastructure, support staff, and vendors. Recruit, interview, and hire new team members. Plan for equipment implementation and project expansion; coordinate and supervise new system installation. Set goals and plan, assign, and direct work accordingly. Appraise performance, reward and discipline employees, address complaints, and resolve issues. Provide regular and effective feedback to employees and complete timely and objective performance reviews. QUALIFICATIONS: Bachelor's degree in Computer Science, Engineering or, equivalent experience, training, or coursework required. Minimum 5-7 years of progressively responsible and direct work experience with the duties and responsibilities listed above required. Microsoft Certified Professional Certification highly desired. Minimum 5-7 years of hand on experience working with network switches, firewalls, and cybersecurity system configuration required. Minimum 5-7 years of related experience with firewall concepts and deployment, DMZ layout, VOIP, infrastructure, network environments required. Minimum 5-7 years of network engineering, designing, planning, and implementing LANs/WANs infrastructure required. Minimum 2 years of cloud hosting experience required. Demonstrated experience with scripting and automation desired. Must be willing to pursue continued learning and certification related to emerging technologies, as applicable to the healthcare industry and business expansion. Excellent demonstrated data analysis skills, including ability to gather and analyze data, organize and design reports, and manage work efficiently. Working knowledge of computer applications such as Outlook, Word, Excel, and other Microsoft Office applications. Ability to plan, evaluate, prioritize organization information system needs. BEHAVIORAL REQUIREMENTS Demonstrate accountability and good judgment in providing guidance and making recommendations for organization information system needs. Maintain the confidentiality of passwords, security codes, and other system access codes. Maintain the confidentiality of patient and organizational data and information. LANGUAGE SKILLS Ability to read, analyze, and interpret general business information. Ability to write reports, business correspondence, and procedural manuals. Ability to effectively present information and respond to questions among groups of managers, clients, investors, customers, and the general public. We follow the SCC Public health guidelines for COVID-19. recblid bm5tfihx1hfdpamf3y2q5y6k7xgt7k
09/14/2021
Full time
Excel MSO is looking for the best and brightest professionals to handle the business side of medical practice so "doctors can be doctors." We are fortunate to have experienced unprecedented growth in the last few years - and we're just getting started. As the largest Independent Physicians Association in Santa Clara County, not only do we partner with the most health plans, but we're also the first Clinically Integrated Network in Silicon Valley. We deeply trust and value our dedicated physicians and employees who provide compassionate care to our 100,000+ patients every day. If you are looking for a rewarding opportunity with an innovative, collaborative, and inspirational team, join us at PMGSJ / Excel MSO, and help us continue to be trailblazers in the transformation of health care. SUMMARY Under general direction of the Senior Director of Information Systems, the Sr. Network Administrator is responsible for providing the leadership and hands on support for company-wide data and network infrastructure and desktop/application initiatives. This position emphasizes anticipating the future direction of the Information Technology industry and relating those changes to current and future infrastructural and organizational projects. Knowledge of the Managed Care industry is preferred and not required. ESSENTIAL DUTIES AND RESPONSIBILITIES Plan, organize, direct, and review the delivery of network and data infrastructure, cybersecurity, and VOIP services. Oversee system infrastructure operations, security management, user technical support, and production job schedules. Assist in the management of policy development and technology planning. Evaluate user needs and system functionality to confirm that systems meet the needs of individuals and projects. Ensure smooth operations of all IT systems and data security in the event of an internal/external attack. Understand and track applicable regulatory and reporting requirements. Provide users secure access to the network, appropriate support, and training. Conduct periodic audits (based on policies and procedures) to ensure compliance with regulatory, enterprise security, and HIPAA requirements. Prepare the IT organization's disaster recovery and business continuity plans, policies, and procedures. Administrate and manage all system databases to improve system efficiency. Work with CIO and senior management to determine and enforce network architecture strategies and standards. Identify issues, trends, and opportunities to improve efficiency, cost effectiveness, and/or quality; develop recommendations and implement solutions to identified issues and opportunities. Establish a stable performance environment by monitoring and analyzing problems. Ensure problems are identified and solved as rapidly and efficiently as possible. Provide and manage utilization and capacity monitoring of all networks, data storage, servers, and phones for management reporting and planning. Perform any other duties as required or assigned. SUPERVISORY RESPONSIBILITIES Manage IT infrastructure, support staff, and vendors. Recruit, interview, and hire new team members. Plan for equipment implementation and project expansion; coordinate and supervise new system installation. Set goals and plan, assign, and direct work accordingly. Appraise performance, reward and discipline employees, address complaints, and resolve issues. Provide regular and effective feedback to employees and complete timely and objective performance reviews. QUALIFICATIONS: Bachelor's degree in Computer Science, Engineering or, equivalent experience, training, or coursework required. Minimum 5-7 years of progressively responsible and direct work experience with the duties and responsibilities listed above required. Microsoft Certified Professional Certification highly desired. Minimum 5-7 years of hand on experience working with network switches, firewalls, and cybersecurity system configuration required. Minimum 5-7 years of related experience with firewall concepts and deployment, DMZ layout, VOIP, infrastructure, network environments required. Minimum 5-7 years of network engineering, designing, planning, and implementing LANs/WANs infrastructure required. Minimum 2 years of cloud hosting experience required. Demonstrated experience with scripting and automation desired. Must be willing to pursue continued learning and certification related to emerging technologies, as applicable to the healthcare industry and business expansion. Excellent demonstrated data analysis skills, including ability to gather and analyze data, organize and design reports, and manage work efficiently. Working knowledge of computer applications such as Outlook, Word, Excel, and other Microsoft Office applications. Ability to plan, evaluate, prioritize organization information system needs. BEHAVIORAL REQUIREMENTS Demonstrate accountability and good judgment in providing guidance and making recommendations for organization information system needs. Maintain the confidentiality of passwords, security codes, and other system access codes. Maintain the confidentiality of patient and organizational data and information. LANGUAGE SKILLS Ability to read, analyze, and interpret general business information. Ability to write reports, business correspondence, and procedural manuals. Ability to effectively present information and respond to questions among groups of managers, clients, investors, customers, and the general public. We follow the SCC Public health guidelines for COVID-19. recblid bm5tfihx1hfdpamf3y2q5y6k7xgt7k
As the Business Information Security Officer (BISO) of S&P Dow Jones Indices, you will be the Cyber Security & Assurance primary point of contact for the division, responsible for the development, communication, compliance and governance of the divisional security strategy, roadmap and policies that are in alignment with the organization's overall security objectives This position will report to the CTO of S&P Dow Jones Indices Responsibilities Develop and maintain the overall Security strategy of the division Ensure that the division's technology (IT) priorities align with the overall Security strategy Acquire and manage leadership support and financial resources to support the Security transformation and governance priorities of the division Engage with the Global Information Security policy team as the primary point of contact for the division and ensure that division's Security policies and priorities align with those of the overall organization Manage and communicate the divisional Security roadmap Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with Cybersecurity policies Monitor and evaluate the effectiveness of the division's cybersecurity safeguards to ensure that they provide the intended level of protection Ensure that Security requirements specific to information technology (IT) systems are included in all phases of the system life cycle Engage with the CIRT team to properly address and manage cybersecurity incidents or vulnerabilities Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. Advise senior management on cost/benefit analysis of information Security programs, policies, processes, systems, and elements Establish a mature Security posture within the Division Experience/Skills: 5+ years in a senior Security leadership role 10+ years of experience working in a Security focused role in the technology or other technology heavy industry (e.g. Financial Services) Bachelor's degree in Computer Science, Information Systems, Engineering or a related discipline Certified Information System Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) certifications preferred Detailed understanding of IT risk and information security fundamentals, risk assessment and risk management fundamentals, modern networking technologies and IT security controls Working knowledge of: Cloud computing architectures and the associated security designs and challenges Common open source libraries and technologies (e.g. Kafka, Spark, Hadoop) and how to effectively harden them Common web application development technologies (e.g. Java, PHP, Python, etc...) along with tools and processes to enable teams to develop safely NIST security controls frameworks Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization's cyber objectives Ability to exercise judgment when policies are not well-defined S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: and your request will be forwarded to the appropriate person. The EEO is the Law Poster describes discrimination protections under federal law. 102 - Senior Management (EEO Job Group) (inactive), 10 - Officials or Managers (EEO-2 Job Categories-United States of America), IFTECH102 - Senior Management (EEO Job Group) Job ID: 255641 Posted On: 2020-12-15 Location: New York, New York, United States
01/21/2021
Full time
As the Business Information Security Officer (BISO) of S&P Dow Jones Indices, you will be the Cyber Security & Assurance primary point of contact for the division, responsible for the development, communication, compliance and governance of the divisional security strategy, roadmap and policies that are in alignment with the organization's overall security objectives This position will report to the CTO of S&P Dow Jones Indices Responsibilities Develop and maintain the overall Security strategy of the division Ensure that the division's technology (IT) priorities align with the overall Security strategy Acquire and manage leadership support and financial resources to support the Security transformation and governance priorities of the division Engage with the Global Information Security policy team as the primary point of contact for the division and ensure that division's Security policies and priorities align with those of the overall organization Manage and communicate the divisional Security roadmap Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with Cybersecurity policies Monitor and evaluate the effectiveness of the division's cybersecurity safeguards to ensure that they provide the intended level of protection Ensure that Security requirements specific to information technology (IT) systems are included in all phases of the system life cycle Engage with the CIRT team to properly address and manage cybersecurity incidents or vulnerabilities Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. Advise senior management on cost/benefit analysis of information Security programs, policies, processes, systems, and elements Establish a mature Security posture within the Division Experience/Skills: 5+ years in a senior Security leadership role 10+ years of experience working in a Security focused role in the technology or other technology heavy industry (e.g. Financial Services) Bachelor's degree in Computer Science, Information Systems, Engineering or a related discipline Certified Information System Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) certifications preferred Detailed understanding of IT risk and information security fundamentals, risk assessment and risk management fundamentals, modern networking technologies and IT security controls Working knowledge of: Cloud computing architectures and the associated security designs and challenges Common open source libraries and technologies (e.g. Kafka, Spark, Hadoop) and how to effectively harden them Common web application development technologies (e.g. Java, PHP, Python, etc...) along with tools and processes to enable teams to develop safely NIST security controls frameworks Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization's cyber objectives Ability to exercise judgment when policies are not well-defined S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: and your request will be forwarded to the appropriate person. The EEO is the Law Poster describes discrimination protections under federal law. 102 - Senior Management (EEO Job Group) (inactive), 10 - Officials or Managers (EEO-2 Job Categories-United States of America), IFTECH102 - Senior Management (EEO Job Group) Job ID: 255641 Posted On: 2020-12-15 Location: New York, New York, United States
***If interested please send a copy of your resume to *** Lead Information Security Analyst Contract duration: 6-8 month contract to permanent Hours worked, hours paid while on contract No PTO or Paid Holidays during contracting period Target Start Date: Classes the first week of September, October and November Hours: Monday-Friday Regular Business hours Clearance: Must be able to obtain and maintain a fully adjudicated secret clearance, can hold up to a Top Secret Certification: IAT II or IAT III required prior to start date (Security+ CE, CCNA Security, CASP, CISSP, etc.) Job Description: He/She is responsible for Cyber Security of Facility-Related Control Systems (FRCS). They will operate equipment and perform Computer Security Incident Response activities, coordinate with the customer to record and report incidents. He/She recognizes potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analysis of relevant event detail and summary information. They are responsible for safeguarding the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices. He/She will guarantee the safety of information systems assets, protect systems from intentional or inadvertent access or destruction and support with implementation of counter-measures or mitigating controls. Duties: Appointed in writing by the Enterprise Information System Security Manager (ISSM) as the Information System Security Officer (ISSO) for the CE control system enclave. Responsible for creating and maintaining a complete and accurate FRCS inventory. Assist CES personnel with security control implementation and assessment. Register systems in eMASS with all necessary artifacts to attain Authority to Operate (ATO). Recognize potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analysis of relevant event detail and summary information. Assist with implementation of counter-measures or mitigating controls. Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices. Perform periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance. Ensure the safety of information systems assets and protect systems from intentional or inadvertent access or destruction. Perform Computer Security Incident Response activities, coordinate with teams to record and report incidents. Coordinate locally within local CE organization for CE FRCS owners Coordinate with teams for support of cybersecurity accreditation and protection. Maintain current knowledge of relevant technology as assigned. Desired Education and Experience (every scenario is different): A bachelor's degree plus 3 years of recent specialized experience, OR; An associate's degree plus 7 years of recent specialized experience, OR; A major certification plus 7 years of recent specialize experience, OR; 11 years of recent specialized experience. Desired Skills and Abilities: Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience in data security administration. EEO Employer Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or - provided by Dice
09/28/2020
Full time
***If interested please send a copy of your resume to *** Lead Information Security Analyst Contract duration: 6-8 month contract to permanent Hours worked, hours paid while on contract No PTO or Paid Holidays during contracting period Target Start Date: Classes the first week of September, October and November Hours: Monday-Friday Regular Business hours Clearance: Must be able to obtain and maintain a fully adjudicated secret clearance, can hold up to a Top Secret Certification: IAT II or IAT III required prior to start date (Security+ CE, CCNA Security, CASP, CISSP, etc.) Job Description: He/She is responsible for Cyber Security of Facility-Related Control Systems (FRCS). They will operate equipment and perform Computer Security Incident Response activities, coordinate with the customer to record and report incidents. He/She recognizes potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analysis of relevant event detail and summary information. They are responsible for safeguarding the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices. He/She will guarantee the safety of information systems assets, protect systems from intentional or inadvertent access or destruction and support with implementation of counter-measures or mitigating controls. Duties: Appointed in writing by the Enterprise Information System Security Manager (ISSM) as the Information System Security Officer (ISSO) for the CE control system enclave. Responsible for creating and maintaining a complete and accurate FRCS inventory. Assist CES personnel with security control implementation and assessment. Register systems in eMASS with all necessary artifacts to attain Authority to Operate (ATO). Recognize potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analysis of relevant event detail and summary information. Assist with implementation of counter-measures or mitigating controls. Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices. Perform periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance. Ensure the safety of information systems assets and protect systems from intentional or inadvertent access or destruction. Perform Computer Security Incident Response activities, coordinate with teams to record and report incidents. Coordinate locally within local CE organization for CE FRCS owners Coordinate with teams for support of cybersecurity accreditation and protection. Maintain current knowledge of relevant technology as assigned. Desired Education and Experience (every scenario is different): A bachelor's degree plus 3 years of recent specialized experience, OR; An associate's degree plus 7 years of recent specialized experience, OR; A major certification plus 7 years of recent specialize experience, OR; 11 years of recent specialized experience. Desired Skills and Abilities: Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience in data security administration. EEO Employer Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or - provided by Dice