Information Security and IT Risk Engineer in New York, NY at Open Systems Technologies

Date Posted: 10/19/2019

Job Snapshot

Job Description

A prominent financial services firm is currently seeking an Information Security and IT Risk Engineer to join their team in New York, NY.


  • Focus on cybersecurity solutions and ways to protect the firm from virus and malware vulnerabilities
  • Develop and maintain IT Risk log analysis solutions, including data collection and aggregations, data normalization, and reporting
  • Review and analysis of long-term comprehensive security data from a wide variety of sources
  • Assist with project management and be responsible for the development and management of ongoing Information Security and Corporate Governance training programs
  • Following established guidelines and identifying and resolving problems
  • Contribute to workflow or process change and redesign, and to form a strong basic understanding of the specific product or process; May also be accountable for regular reporting or process administration as owner
  • Coordinate and perform security audits and vulnerability assessments to assess internal security procedures and compliance requirements
  • Work with relevant internal IT Application, Infrastructure, Network and Support teams to ensure that security controls are implemented at all significant and relevant phases of all IT processes
  • Ensure that the IT systems are compliant with applicable regulations, group policies, codes and industry guidance
  • Assist in implementation of controls, where gaps are identified
  • Collate and quality assure data provided to other departments, such as Risk Management and Internal Audit
  • Review security event log data and investigate anomalies
  • Perform monitoring activities and risk assessments
  • Respond to, and where appropriate, resolve or escalate reported security incidents
  • Management of security related events and tracking of remediation process
  • Implement and support information security solutions including security architectures, change/configuration management, and the integration of security products as needed
  • Develop and maintain documentation for security systems and procedures and processes. Develop security awareness training for new employees
  • Participate in information security working groups
  • Perform testing to evaluate new products for network and system security controls
  • Maintain logging and monitoring standards, technical investigative techniques and reporting
  • Maintain project scheduling and task follow on security initiatives


  • Must have at least a Bachleor’s degree
  • 7+ years of relevant experience
  • Strong expertise with the following technologies and solutions:
    • Cybersecurity solutions and protection
    • Identity and Access Management
    • Endpoint Security
    • Privileged Management
    • IT Risk Assessments
    • IT Risk and Security Training
    • Next Generation Firewalls
    • Next Generation End Point Detection
    • Vulnerability Scanning
    • Threat Hunting
    • Web and Email Security
    • GRC
    • System vulnerability tools
    • Security monitoring tools
    • Application security risk assessment tools
  • Performing gap analyses within different environments coupled with an in depth understanding of regulatory guidelines as well as standards and best practices related to ISO and NIST
  • Able to follow priorities set by management
  • Strong ability to deliver on time
  • Strong ability to deliver quality
  • Ability to multi-task and work on several projects at the same time
  • Ability to translate business requirements into technical solutions
  • Ability to analyze vulnerabilities within the internal infrastructure and oversee timely remediation
  • Strong ability to recognize and remediate issues within the internal infrastructure
  • Ability to communicate information security concepts across a broad range of technical & non-technical staff
  • Good influencing, relationship and stakeholder management skill
  • One of the following certifications is a plus - SSCP, CISM, CISA, or CISSP
  • Weekend and night work may be needed at times based on project, support, and business needs
Job keywords: