Senior Information Security Engineer

About the Role:
Our Cybersecurity team is looking for Senior Information Security Engineer to join our Data Loss Prevention Team.  This role will support DLP Program within the bank to support DLP monitoring and DLP policy management across different environments and provide consultation on improvisation of the program through identification of gaps and recommend policy tuning. This role will also include monitor, analyze, review, reporting and readiness of DLP key controls, will also closely work with the team on development, analysis, and review of leadership reports.

Responsibilities:
 

• Participate in identification of security risks companywide and ensure that appropriate data security procedures and DLP rules are implemented properly.
• Update DLP Rules, processes and procedures
• Design DLP rules and implement techniques to prevent risky user behaviors in partnership with security, investigative partners, business groups and other stakeholders.
• Assist with inquiries from risk partners, Internal Audit and regulatory bodies on EDLP controls and procedures.
• Assist with stakeholder requests for net-new and enhancements to existing solutions.
• Maintain an awareness of bank security policies and government regulations pertaining to information security.
• Provide information security consultation to improve awareness and compliance with Enterprise Information Security policy, processes and standards.
• Perform remediation of security assessment review issues, complex ad hoc data, and reporting to support information security risk management
• Provide guidance and direction in reviewing assessment findings and mitigating controls to optimize information security.
• Provide advanced data aggregation and data of information security risk exposure.
• Review draft and proposed control standards for business impact and recommend modifications or clarifications as required.
• Conduct security control testing and consultation with stakeholders.
• Evaluate and interpret internal and Enterprise Information Security policies, processes and standards, and provide recommendations to improve them.
• Collaborate and consult with peers, colleagues, and managers to resolve issues and achieve goals.

Essential Qualifications

• A bachelor’s degree in information systems, Computer Science, Engineering and/or other related discipline or equivalent experience
• 8+ years of progressive experience in implementation of Data Loss Prevention solution
• 5+ years’ experience in Data Loss Prevention in policy creation, tuning and testing
• 2+ years’ experience in any one of SIEM tools (e.g. QRadar, ArcSight, LogRhythm, SPLUNK)
• Experience in Creating new DLP/Cloud Policies across Iaas, Paas & Saas.
• Strong experience in policy management like fine tuning of policies and false positives and creating new policies based on requirements and business demands.
• Experience working with cloud DLP security and cloud access security broker (CASB).
• Proven experience in internal audits, evidence preparation and gathering
• Knowledge and understanding of cloud computing and Office 365
• Ability to prioritize work, meet deadlines, achieve goals, and work under pressure in a dynamic and complex environment
• Knowledge on industry cybersecurity standard frameworks (e.g. NIST)
• Ability to present reports to and interact with senior leaders
• Strong hands-on skill with MS Excel, Power point
• Excellent communication and documentation skills with good attention to detail
•  

Desired Qualifications

• Industry recognized certifications like CISM, CISSP, ITIL or any other Security related certifications
• Knowledge of Security Configuration for various platforms/servers
• Good understanding of networking concepts like ICMP, DNS, TCP/IP, DHCP, traceroute.
• Good understanding of threat, vulnerabilities, attacks and countermeasures
• Understanding of OWASP and Vulnerability management