Collaborate with the team and collectively respond client information security assessments
Engage with clients to discuss assessment findings, address questions or concerns, and provide guidance and support during client assessment
Document client assessment responses to support processes and commonly asked questions
Document and respond to shared assessments SIG(Standardized Information Gathering) questionnaire for external client assessments
Familiarity with Information security policies, procedures and standards to support client assessments
Review and action alerts from Security Rating Tools used to monitor SYF security posture
Support identification of process improvements and implementation of changes
Maintain clear and open communication with key stakeholders throughout the assessment process, including client representatives and internal teams
Continuous Improvements: Obtain feedback from clients and internal teams to identify areas for process improvement, refine assessment methodologies, and enhance the quality and value of future client assessments
Perform RCSA (Risk & Control Self Assessments) against organization policies, standard controls and regulatory control frameworks
Work collaboratively with all teams in InfoSec to gather evidence from their processes in support of documenting and validating the assurance of RCSA controls
Report any control violation findings through organization risk management framework or model
Support administrative and maintenance tasks associated with GRC and SRS Tools(Black kite)
Evaluate and communicate security risks and solutions to business partners and IT management/staff
Support risk management special projects for Ex:External Outbound data etc.
Requirements
Bachelor’s Degree in Computer Engineering or related field, with a minimum of 2 years of experience in Information Security OR in lieu of the Bachelor's degree, a minimum of 4 years of experience in Information Security.
Minimum 2 years of experience conducting security risk assessments
Good understanding of IS Risk Management Concepts
Good understanding of IT related US Banking regulations & industry best practices (IT SOX 404, NIST, PCI DSS, HIPAA etc.)
Excellent interpersonal skills with ability to influence team members, management & external groups
Self-motivated & able to work independently or in a team environment & work with virtual teams
Good understanding of foundational cloud security concepts