The security operations team is responsible for ensuring that the confidentiality, integrity and availability of the organization is not impacted. We are seeking a security professional who understands the technicalities of a security incident, but also oversee the governance of various security standards, policies and procedures. Exposure to industry standards like NIST and experience on regulations such as NYDFS are highly desired. The Senior Security Analyst work with auditors, investors, and regulators to ensure that PHH Mortgage is in compliance with their requests and needs.
Job Functions and Responsibilities:
- Implement and Manage Security Tools.
- Investigate suspicious activities, contain and prevent them. Correlate and validate alerts. Contextualize these events within the network environment of the business, and coordinate response activities with key staff in real time.
- Investigate security breaches and other cybersecurity incidents. Document security breaches and assess the damage they cause.
- Understanding of security technologies including Anti-Malware, EDR, Web Security, SIEM, IPS/IDS, Firewalls, Threat Intelligence etc.
- Working knowledge of common IT security-related regulations and/or standards such as Sarbanes-Oxley, GLBA, NYDFS, CCPA, FFIEC, NIST and ISO 27001/2 highly desired
- Experience conducting security control assessments or audits. Participating in Internal and External audits.
- Strong oral and written communication skills
- Ability to maintain security documentation and manuals
- Must have strong analytical and critical-thinking skills
- 4-6 years of progressive experience in one or more of the following: internal/external IT and business process auditing, sourcing advisory, vendor management roles
- Bachelor's degree in Computer Information Systems or a related field or applicable work experience.
- Preferred Certifications
- ISO/IEC 27001 Lead Implementer
- Certified Information System Auditor (CISA)
- Certified Ethical Hacker (CEH)
- Demonstrated experience in conducting Risk Assessments for Vendors, Internal and External stakeholders
- Experience in Information Security or demonstrated knowledge on Information Security Operations
- Demonstrated experience in a multi-vendor environment