Role Name: Senior Security Engineer with audit
Location: Connecticut State, CT(Onsite)
Role Description:
o Good understanding of audit requirements
o Risk management processes and ability to foresee gaps in the processes and identify mitigation plano Enterprise level understanding of Compliance requirements from various States & Federal agencies
o Deep understanding of industry popular frameworks – Basic knowledge related to Information Security in a regulated environment (OCC, FDIC, Fed Reserve, CFPB, FFIEC, ISO 27001 standards / SIG framework etc)o Results-driven, analytical problem-solver with extensive experience in identifying Information Security Risks and developing cost-effective solutions to meet business requirements.
o Working experience in IT General Controls designing and evaluation of effectiveness of the controls Exposed any of the GRC tools and management of controls using the toolso Perform vendor documentation review and analysis
o Assess current business practices and identify opportunities to promote effective third party risk management Document and report risk to Vendor Assessment management team, business partners, and vendors Perform onsite assessments of vendor facilities Review completed SIG questionnaires based on vendor inherent risk
o Document risks and recommendations based on a vendors lack of controls
o Identify and measure risk associated with vendor security controls on-Technical:
o Communication – Must have excellent communication skill (English)
o Managed services – experience working with customers directly and ability to understand the requirements Communication - Ability to communicate Up, Down, and Across All Levels of the Organization and Technical Backgrounds Detail Oriented - Good Understanding of Risk Management Framework’s Analytical, Self-motivated - Critical thinker who can analyze and identify basic indicators of compromise on hosts and applications’ Interpersonal skills and Professional demeanour - Respond to customer inquiries in a timely manner, guiding and advising customers on security best practices in a friendly customer facing mannero Problem-Solver - Processes tactical mitigations based on results of analysis and determination of threat validity