Job Details – this job has expired, please see similar jobs below
The Sr Security Consultant is responsible for providing security consulting to technology teams and business units for cybersecurity readiness across the technology stack (applications, databases, operating systems, middleware, network, and storage).You will assist Technology Advancement Group (TAG) in aligning security management strategy with business goals including leading technical discussions, guiding the development of strategic and tactical security architecture and control efforts for traditional (i.e. on-premises) and evolving (i.e. cloud-based) security architectures, and enable a pathway to shift left and build automation.
Collaborate and act as a security advisor to all technology groups when new technologies and/or business needs are identified.
Perform security threat modeling including analyzing and documenting security controls for internal and cloud technologies to ensure compliance with documented and approved security policies and standards.
Collaborate and work with the relevant technology team(s) to identify solutions to security control gaps, process improvements (control automation) and/or facilitate the risk acceptance process as needed.
Understand the interactions between systems, applications, and services within the environment, and evaluate the impact of security changes or additions.
Ability to review and as needed document reference architectures, network schematics, blueprints, patterns, and other types of security architectural documentation.
Ability to prioritize and manage multiple engagements and deliver quality security assessments within expected timeframes. Proactively keep the IT GRC Manager abreast on work progress and deliverables.
Maintain working knowledge of the current security environment and industry trends to identify security control issues, communicate this information to the respective technology engagement team through written correspondence and verbal presentations.
Maintain working knowledge of cloud delivery, security and service deployment models for Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) offerings.
Engages Architecture, DevOps and Engineering to ensure that overall Azure Architecture is inclusive of all stakeholder viewpoints and are vetted to ensure that artifacts support, reflect, advance and integrate as intended.
Bachelor’s degree preferred in computer science or equivalent
Required certifications: Type: CISM or CISSP. Microsoft Azure or cloud security related certifications will be a plus.
8+ years of experience in or a combination of information security consulting, IT audit, or information technology operations.
3-5 years of experience in evaluating security controls relative to information security frameworks such as ISO 27002, NIST 800 series, or financial services regulatory frameworks such as the FFIEC IT booklets and Cybersecurity Assessment Tool (CAT).
Minimum of 3 years as a security architect or consultant with increasing levels of responsibility.
Experience and working knowledge of key cloud security standards (e.g., NIST, CIS, ISO, CSA STAR).
Experience and working knowledge of good industry practice in tiered security architecture design. Demonstrated understanding of information security concepts including: encryption, access controls, network security, security operations, security architect, threat modeling and design.
Knowledge of applicable regulatory requirements including FFIEC, PCI DSS, GLBA CCPA, and HIPAA.
Ability to operate in a cross-functional environment, build, and foster relationships with other departments and stakeholders.
Ability to anticipate and respond to changing priorities and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness.
Experience in or Knowledge of a scripting language preferably Python or PowerShell.
A strong understanding of DevOps principles.
Experience working in the public cloud infrastructure and ability to learn new technology including associated security risks and controls.
Physical Requirements and Working Conditions
Lifting up to 10 pounds.
No relocation is offered.
We do things a little differently here at Company. Our retail stores serve as community hubs, our associates are given up to 40 hours of volunteer time each year, and we're never satisfied with the status quo. It's no wonder we've made "Fortune's 100 Best Companies to Work For" eight years in a row. But greatness has no finish line, so we continue every day to keep people at the center of everything we do. We focus on building relationships, understanding our customers' needs and connecting to people in new and innovative ways -- always staying true to our mission of providing personalized banking for all people, whenever and however they prefer to bank.
Company is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, protected veteran status, or disability. We maintain a drug-free workplace and may perform pre-employment substance abuse testing.
Sign up and search through 44,267 curated jobs in the Finance & Investment Edition: