Lead Senior Information Security Analyst
Current• Create processes for technical SMEs to adhere to security policy’s and regulatory requirements• Development of security control documentation related to cloud, IAM, firewalls/network, data encryption, endpoint security, and compliance/regulatory adherence• Identify vulnerabilities, evaluate associated risks and develop actionable solutions• Monitor and analysis of third-party, application code, regulatory, compliance, and vulnerability security metrics• Lead security risk assessments to ensure regulatory compliance and enterprise security policies• Lead cybersecurity vendor/third-party risk and compliance assessments• Assess new/existing security designs, and emerging security and operational technologies• Lead security audits of applications, infrastructure, and vendor/third-party’s• Execute the Technology Risk Management Strategy for internal and external cloud capabilities• Recommend improvements to current control effectiveness based on evolving threat landscape• Identify opportunities for common solutions across the enterprise, collaborating within the business, architecture and development communities• Provide security recommendations on cross-domain systems, business strategy, goals and processes.• Develop security policies, guidelines, practices, processes, templates, and reporting metrics• Determine technology risk levels, control weaknesses and evaluate the risk of solutions not meeting requirements.• Create and review mitigation, remediation plans and provide advice on mitigation effectiveness• Audits for OCC/FED/FDIC, PCI 27001-29100:2011, SOX, ISO and GLBA• Risk assessments and frameworks – NIST 800, CSA, PCI DSS, SOC 1/2 (TSC) Type I/II• Team Lead of risk assessment team• Review SOC, Nessus, SEIM, and other cybersecurity logs and dashboards• Ensuring all Security, Infrastructure projects are completed on time, within scope, and on budget• Engaging with and managing expectations of all stakeholders involved in projects