Cybersecurity Engineer / Analyst @ New York City, NY (Hybrid)

Position: Cybersecurity Engineer

Location: New York City, NY (Hybrid)

Duration: 6 12 months

Job Function: Metric Design and Architecture (Technology / Cybersecurity controls)

Job Description: The Continuous Controls Monitoring (CCM) team is part of Technology Controls Group, within the Technology and Operation Risk organization.

The objective of Continuous Controls Monitoring (CCM) program is to provide a structured and consistent process to enable near real-time monitoring of Technology Policy Control implementations across the firm, identify control failures and respond to them. Technology controls ensure the confidentiality, integrity, and availability of the Firm's data, infrastructure, and systems in on-premises and off-premises (cloud) environments. CCM provides continuous visibility into control weaknesses and demonstrates compliance with laws, rules, and regulations.

The successful candidate will join the Continuous Controls Monitoring (CCM) team and be part of the Metric Design & Architecture team. Metric Design is one of the core components of CCM which quantifies and reports on the implementation correctness and/or operating efficiency of Technology controls. The Metric Design & Architecture team translates Technology Policy controls into clear and specific Metric definitions which identifies the implementation details, tools, evidence, metrics formula, etc. for data acquisition, analysis, and reporting of Control effectiveness. The team works closely with Control implementors, product owners, architects, and engineers.

Specific role responsibilities include:

• Establish and document Control metric definition for Technology controls by engaging with various Stakeholders, understanding processes, and analyzing data for accurate measurement.
• Engage with Technology Policy team to ensure Control Measurement/Metric requirements are met through Policy design/update process.
• Partner with various Metric consumers to establish Reporting framework meeting their requirements.
• Partner closely with CCM Data acquisition and tooling team for successful implementation of metrics.

Required Skills:

• 5 years of experience in information security and/or information technology
• 2 years hands-on experience with technology or cybersecurity control implementations
• Ability to define metrics / Key Control Indicators to show control implementation completeness
• Strong business acumen and a strategic mindset
• Experience working with and understanding the needs of customers or clients
• Strong interpersonal skills, to interact at all levels and be effective as part of a broader team
• Ability to manage expectations and handle high-pressure situations with the tight deadlines
• Proven analytical skills decision-making ability based on quantitative and qualitative data

Skills Desired:

• Knowledge of various domains of Technology control / Cybersecurity
• Knowledge of Public cloud technology
• Knowledge of security concepts and tools around Identity & Authentication, Data Security, System Security, Network Security, and Application Security
• Knowledge of security logging, monitoring, and incident response
• Cybersecurity certifications are preferred