Head of Security Engineering (Leading Banking Institution)
Our client, a leading banking institution, is looking for a Head of Security Engineering to join their growing team.
25th October, 2019
Location(s): New York, NY; Jersey City, NJ; Boston, MA
Job Synthesis & Description
Our client, a world-class bank, is currently recruiting a Head of Security Engineering to join their Cyber Security organization. The Cyber Security Engineering Head will be responsible for leading the implementation of security configuration standards (hardening standards) across the firm and providing insight to management on the status of remediation.
In this role you will primarily be responsible for:
Strategic road-map of security configuration standards (security hardening standards), raising the level of protection year on year.
Raising awareness and providing advisory on the implementation of security configuration standards.
Manage the evaluation of security configuration adherence across all infrastructure components.
Provide advisory on the implementation of additional security hardening.
Develop effective procedures/controls to reduce security configuration risks across different technologies.
Provide security engineering and architecture support on new controls.
Some of your additional responsibilities include:
Security Configuration Standards
Based on a review of vendor recommended security standards, as well as industry, recommended standards, define the roadmap for the evolution of the Firm’s security configuration standards.
Provide tactical and strategic direction to the infrastructure teams on how to implement the security configuration standards (including automation options).
Be the first point of escalation for any conflicts on system parameters and applications and identify alternative controls or configurations.
Support technical reviews of risk exceptions.
Lead technical discussion around security the security configuration standards with various non-technical and technical parties.
Security Configuration Evaluation Program
Responsible for the ongoing testing of the adherence to security configuration standards across all platforms.
Manage configurations of tools and escalation of the identified security configuration gaps.
Lead resolution discussions with application, database and operating system platform owners on the remediation vulnerabilities.
Manage Security Configuration Reporting
Develop an operational support plan for the sustained success of the program – including KPIs and KRIs, training and development of security analysts and identify process improvements.
Enhance the firm’s security configuration identification program
Provide oversight and guidance over the firm’s security configuration activities.
Security Architecture Support / Security Engineering Support
Collaborate with security architects, development, network, server and web teams assess security weaknesses and provide prevention and detection recommendations for cyber threats.
Understand and Implement developing regulatory guidelines in regards to security configuration and hardening.
8+ years’ of relevant experience in two or more of the following areas: Network security management, Web application security management, Vulnerability & Patch management, Designing and Operating enterprise security controls, Malware analysis and remediation, Security Incident Response Management and Penetration Test/Red Team