Our client, one of the largest financial services firms, is seeking a Mobile Apps Security Lead.
Location: Ohio, Florida, Irving TX, New Jersey/New York, NY
Position Type: Full Time
Actively executes the IS program elements and other plans developed by the Business or as Applicable
Assists the business in the completion of the IS Risk Assessments and other related IS-related compliance processes, ensuring that they are understood, that appropriate controls are embedded in the day-to-day operation, and remediation of non-compliance is documented and addressed
Responds to security events by initiating and coordinating emergency actions to protect the Business unit and its customers from an imminent loss of information or value
Provides IS security advice to the business managers and staff
Reports IS issues to the Business as applicable with appropriate documentation
Coordinates the capture of IS key indicator metrics for reporting to the Business as applicable.
Implement security solutions according to Security Policy and Practices established by our client.
Ensure the business complies with the applicable requirements of the Information Security policies.
Continuously review and modify as applicable information security practices and procedures.
Determine the appropriate levels of controls to safeguard sensitive data and validate those controls are being implemented.
Manage the Risk Assessment process to include asset inventory, system criticality, and data classification, threat analysis and action plans.
Provide guidance preparing for audits, resolving audit findings and ensuring closure.
Work with the Business to develop processes and procedures to ensure information security policies and standards are integrated.
Perform Vendor Security Questionnaires and/or Vendor Onsite Security Reviews.
Guide the business in development of action plans while reporting and tracking to closure all information security issues resulting from Self-Assessment, Audit, Risk Assessment, Ethical Hacks, Vendor Reviews, etc.
Facilitates awareness and training programs as specified by the Business and as applicable
Work with the IS peer teams to develop, coordinate and implement a robust Security Awareness & Training program.
Promote awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit.
Manage an aggressive program to promote employees' awareness and understanding of Information Security Policy, Standards & procedures.
Distribute information security awareness materials and publications appropriately within the business.
Conduct annual Security Awareness Days.
Tailor and deploy training materials providing training sessions as necessary.
Track and report status of all required training sessions and awareness initiatives.
Build relationship with the International Business Heads and Senior Management teams.
Frequently interact with, and educate, the Business Heads and their Senior Management teams on current issues and overall status of the information security program.
Help drive best practices between organizations and countries.
Identify key business contacts to ensure adequate coverage for the business' security program.
Maintain a relationship with internal and external auditors.
Meet regularly with business and technology managers.
Attend Business Information Security Officer (BISO) meetings.
4 - 7 years' experience in Information Security. Knowledge of software/solution development/delivery methodologies, mCommerce/eCommerce and mobile/LAN/WAN infrastructure preferred.
Ability to manage and prioritize responsibilities through the effective use of time management and organizational techniques. Must be able to apply analytical skills to improve performance of all security associated projects and initiatives. Must have strong planning and organizing skills and the ability to work well with seasoned and inexperienced team members.
Must be flexible and be able to manage several projects simultaneously. Must be able to work through cross-departmental situations, track performance, communicate expectations, anticipate and recognize problems, and when appropriate, escalate appropriately.
Ability to interact and communicate both written and verbally with the Business Head and their Senior Management team. Have capacity to communicate with both the Business and the Technology groups to effectively facilitate issues and requirements. Strong written skills are required in the documentation of policies, procedures and standards as they apply to security. Must be able to help motivate team members and project owners to successful completion of required projects.
Ability to create metrics, presentations and other documents as needed.