Senior Engineer - IT

Security, Risk and Technology

• Strong knowledge of financial services and insurance industry regulations around security and privacy including the Gramm-Leach-Bliley Act, State Privacy Laws, Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act, SEC Rules 17a-3 and 17a-4, and state security breach disclosure notification laws. Ability to relate these regulations back to security controls.
• Understanding and application of information security standards and best practices including NIST Cybersecurity Framework, ISO 27001-4, CoBIT, Cloud Security Alliance, etc.
• Ability to identify risks, quantify them, and help recommend and design mitigations.
• Broad knowledge of Unix, Linux, Windows and mainframe server environments. Knowledge of various database platforms.
• Strong knowledge of best practice processes and technologies across security domains especially related to identity and access management, network security, logging and monitoring.
• Knowledge of at least one cloud services platform (Amazon Web Services, Microsoft Azure, Google
• Cloud or Oracle Cloud)

Education / Experience:

• Security, compliance, audit or risk covering a wide area of technologies and security domains including those previously mentioned.
• Financial industry or highly regulated industry background (Insurance, Banking, etc.)
• Project work experience with a recognized security, audit, or risk consulting firm a plus
• CISSP, CISA, CISM or other security/control certifications a plus.
• Bachelor’s degree or higher – preferably in Computer Science, Engineering, or a related scientific fields

Communication

• Excellent verbal and written communication skills
• Ability to develop and QA/oversee development of high quality project artifacts
• Ability to collaborate, influence and communicate successfully in different ways concisely to different audiences (i.e., in business terms to business people, in technical terms to technical people)
• Able to develop and present dashboards

Engagement

• Proven ability to engage with customers (IT and Business) and consultants in a highly professional and competent manner.
• Understanding and experience with project life cycles using proven methodologies – from analysis through implementation with hands-on deliverable development.
• Ability to work in a matrix reporting environment
• A practiced ability to influence peers, customers and project teams to make security minded decisions and changes
• Ability to scope projects, developing project charters, requirements, documenting issues and work plans, vendor selection, product/process design and implementation, change management/communication a plus.

This position can be based in any of the following locations:

For internal use only: