Information Security Analyst

Our client is a well-known financial services organization whose mission is to create a better informed and more efficient financial market. They are actively seeking an Information Security Analyst to join their team. The ideal candidate has experience with risk assessment, regulatory compliance, as well as documenting and implementing security policies and procedures. This is a fantastic contract opportunity that offers a mostly remote schedule, and we are looking to fill the position as quickly as possible.

Responsibilities:

• Review, update, and enhance all relevant policies and procedures to ensure the company’s compliance with SEC Regulation SCI and ISO 27001 requirements.
• Develop and implement new policies as needed to address emerging security threats and regulatory changes.
• Assist with organizing and running external risk assessments, ensure proper documentation of identified risks, develop risk mitigation plans and follow through on their implementation.
• Implement continuous monitoring strategies with regular reports to senior management.
• Enhance and implement procedures for reviewing access authorizations, especially during personnel transfers and third-party engagements.
• Enhance controls around privileged system accounts and administrative access.
• Conduct regular audits to ensure access controls are effective and compliant.
• Enhance and formalize incident response plans, including regular testing and integration with other organizational plans.
• Enhance business continuity and disaster recovery plans, ensuring detailed procedures and roles are defined.
• Implement data loss prevention controls and encryption protocols.
• Help improve policies for data classification, retention, and destruction.
• Conduct regular audits to ensure data protection measures are effective.
• Maintain a comprehensive security awareness training program, including insider threat and incident response training.
• Update training content to address new threats and compliance requirements.
• Establish and enforce security requirements for third-party vendors.
• Conduct periodic assessments of vendors and review of applicable CUICs – Complimentary User Entity Controls.
• Enhance and implement a comprehensive GRC framework that integrates governance, risk management, and compliance activities across the organization.
• Ensure alignment with industry standards and regulatory requirements and facilitate regular GRC audits and assessments to identify and mitigate potential gaps.
• Assist with maintaining the firm’s security tools and daily processes such as security reviews, applications approvals, and change management approvals.
• Help manage security information and event management (SIEM) systems to monitor network and system activities for signs of security breaches.
• Ensure timely detection and response to potential security incidents.
• Conduct regular vulnerability assessments and penetration testing to identify and remediate security weaknesses.
• Assist with the response to security incidents, including investigation, containment, eradication, and recovery.
• Maintain detailed incident logs and conduct post-incident reviews to improve response processes.
• Provide regular reports to senior management on security posture, incident trends, and areas for improvement.

Qualifications:

• Bachelor's degree in Information Security, Cybersecurity, or a related field; Advanced degree preferred.
• Relevant certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Implementer are highly desirable.
• At least 5 years of experience in cybersecurity, information security, information technology, engineering, risk management, compliance or a related field, preferably within the financial services industry.
• Demonstrated experience with regulatory compliance such as SEC Regulation SCI requirements.
• Proficiency with ISO 27001 standard, CIS Benchmarks, risk assessment methodologies, and implementation of security controls.
• Proven successful track record of developing, documenting, and implementing security policies and procedures.
• Experience in incident response, business continuity planning, capacity planning and stress testing.
• Demonstrated expertise in managing third-party vendor relationships, including conducting security assessments.
• Familiarity with data protection and encryption technologies.