JOB PURPOSE:
Analyzing threat trends and anomalies to determine operational impact and identify potential mitigation strategies. Develop skills in identifying and escalating security defects or vulnerabilities and begin to address security issues with customers and partners in a timely manner. Additionally, contribute to analysis reports and communicate findings and recommendations to decision makers, enhancing your problem-solving and communication abilities. . Oversee and lead the module through planning, estimation, implementation, monitoring and tracking.
KEY RESPONSIBILITIES:
- Experience working internally to deliver a SOC 2 certification, working with internal stakeholders to evidence controls and interfacing with external auditor.
- Experience working with virtual server and desktop environments such as VMware and Citrix.
- Familiarity with security frameworks such as NIST800, CIS, ISO27001.
- Industry recognized technical certifications are desirable (CISSP, CCSP, CompTIA Security+, GIAC security essentials).
- Familiarity with security and privacy regulations impacting financial services such as SOX and GDPR.
- Excellent written and verbal communications skills.
KEY COMPETENCIES:
- Over 8 + years of experience in software development lifecycle, large scale computing, modeling, cyber security, anomaly detection (enterprise experience).
- Support the delivery of projects for ISG and the broader GTO function.
- Act as a technical SME regarding SOC 2 assessments and security control framework.
- Support Federated Hermes’s SOC 2 assessment, working with internal stakeholders to evidence security controls in operation.
- Work with stakeholders across GTO to review and update Federated Hermes’s security controls framework in line with recent changes to NIST and CIS controls.
- Co-ordinate stakeholders across GTO to disseminate assessment findings and coordinate remediation.
- Work closely with project managers on outlining key tasks, refining delivery plans.