Senior Information Security Risk Analyst

Job Title
Senior Information Security Risk Analyst
Job ID
27405776
Location
New York,  NY 10017
Other Location
Description

Senior Information Security Risk Analyst

WHO WE ARE

Cloud9 Technologies is a voice communication and analytics platform for institutional traders.  We leverage cloud services including AWS, a wide array of web services, WebRTC, as well as advanced deep learning techniques to empower firms with the benefit of modern communication tools and enhance trader workflow with actionable voice data & analytics.    

Our company was started in 2014 by a team of motivated entrepreneurs and highly successful industry veterans that have started several businesses and taken multiple companies through public offerings.  We are well funded, with investors including J.P. Morgan, Barclays, NEX, and Point72 Asset Management. Cloud9 has been profiled in publications such as the Wall Street Journal, Forbes, and Waters Technology.  Our award-winning technology was a named the 2017 Best Sell-Side Trading Communication System by Waters Technology for the second year in a row, recognized in the Top 10 innovative solutions of the year by the Futures and Options Industry Association, named to the CB Insights Fintech 250, and the FinTech Global RegTech 100.

By bringing together an experienced group of engineers, product managers, and industry experts, Cloud9 developed a communications platform for the trading floor of the future – offering more functionality and analytic insight than legacy hardware at a fraction of the cost.  We’re a group of pioneers who enjoy solving challenges and building disruptive technology – and we’re looking to hire the best and brightest.

Join our team to contribute to the development of the most secure, compliant, and reliable communications platform in the financial services industry.

WHAT YOU WILL DO

In order to comply with various organizational policies, client contractual obligations and regulatory mandates related to Information/Privacy, Cloud9’s Information Security and Compliance department is in the process of implementing a new Information Security Program and Risk Management framework based on various well know information security standards and frameworks such as ISO/NIST, which includes requirements for regularly assessing information risk and facilitate remediation of identified vulnerabilities within organization’s network, systems, and applications.

Cloud9 Information Security and Compliance department requires a dedicated resource to perform regular Risk and Vulnerability Assessments utilizing various IT Security Tools and Methodologies and reports on findings and recommendations for corrective action.

As a Senior Information Security Risk Analyst, this resource will be responsible for assessing information risks, identifying opportunities for reducing risk, and facilitate remediation of identified vulnerabilities within organization’s network, systems, and applications. Reports on findings and recommendations for corrective action. Perform regular Risk and Vulnerability Assessments utilizing various IT Security Tools and Methodologies and reports on findings and recommendations for corrective action. Identify opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios. Facilitate and monitor performance of risk remediation tasks, changes related to risk mitigation & reports on findings. Maintain oversight of IT and vendors regarding the security maintenance of their systems and applications. Provides regular status reports, including metrics and outstanding issues. Assist in all internal and external audits, and regulatory examinations.

RESPONSIBILITIES

  • Provides oversight and governance of the organization’s Information Security/Cyber Security Program and communicates progress and issues to the Sr. Management;
  • Initiates and develops innovative concepts to solve complex challenges with little or no precedent; creates new opportunities to enable the use of new solutions. Serves as a consultant to disseminate specialist information security knowledge and provide conceptual guidance to other senior and high-level technical experts.
  • Develop and implement effective Threat and Vulnerability Management program;
  • Research and investigate new and emerging vulnerabilities, to include 0 Day events, and participate in external security communities;
  • Develop an externally focused view of the evolving threats facing organization.
  • Promote awareness of applicable regulatory standards, upstream risks and industry best practices across the organization.
  • Primary contact for all internal and external audits, and regulatory examinations.
  • Serve as project manager/lead within IT security projects.
  • Examine systems and procedures to identify potential adverse events, including but not limited to hardware and software crashes, physical disasters, malicious intruders, malware, denial of service attacks and employee misconduct.
  • Identify risks which might occur;

THE RIGHT BACKGROUND

  • 7+ years working in IT Risk Management
  • Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
  • Required: deep knowledge of well-known standards and frameworks (e.g. ISO 27002, NIST Cybersecurity Framework, COBIT, COSO, GDPR). Additionally, knowledge of rules and regulations related to information/cybersecurity (e.g. DFS, FRB, and FFIEC etc.)
  • Required: 7+ years’ experience in conducting IT Compliance Assessments (e.g. DFS, FFIEC, ISO, SOC)
  • Required: 7+ years’ experience in administrating IT Security Controls in an organization
  • Required: 7+ years’ experience in performing security reviews and risk assessments
  • Understanding of malware, emerging threats, attacks, and vulnerability management
  • Experience assisting the development and maintenance of tools, procedure, and documentation
  • Prior experience working within a financial service organization preferred.

Education

  • Required: Bachelor’s Degree from a four-year college or university in Engineering, Business Administration, Computer Science, Management Information Systems, Information Security.
  • Required: CISSP, CISA, CRISC
  • Optional: CSSLP, CISM, CEH