A leading global financial institution and services company, providing a broad range of innovation and collaborative solutions for cultivating environments and driving technology focused applications, resources and products in digitizing workflows and new strategies for their markets and clients.
Led by the Chief Information Security Officer (CISO), Technology Risk secures the firm against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has a global presence across the Americas, APAC, India and EMEA.
Within Technology Risk, Advisory is the consultative and technology subject matter expertise arm, responsible for assessing new technology initiatives for risk, partnering with engineers to architect and design secure products and services, embedding implementation reviews as part of the SDLC and CI/CD pipeline via code analysis and penetration testing, and guiding technology innovation in terms of security and controls. The team plays a critical role in designing and assessing controls for our transition to building native public cloud applications.
Key Roles and Responsibilities:
- In this role, you will be providing oversight, project planning and resource management for security initiatives established by the firm across cross functional teams, as well as identifying opportunities for process improvement
- The ideal candidate should have 3+ years of prior TPM experience and relevant education.
Functional Background & Experience:
- Serve as the primary liaison between the security testers and developers
- Develop and execute project plans coordinating with application and security teams across different functions
- Support resource planning, utilization tracking, project management, ticket management and timely execution of key initiatives
- Drive implementation reviews – setup kickoff and finding read-out calls, send daily updates, enforce lead times, and escalate environment/access issues
- Review security assessment reports from pentest and code review engagements and remove false positives
- Help moderate the finding discussions between testers and developers/architects. Articulate risks in technical and layman’s terms
- Drive long-term risk remediation projections – tracking, coordinating and reporting to key stakeholders across multiple cross functional teams
- Collate content for weekly updates to senior management on key accomplishments and risks. Maintain ticket dashboards and diligently follow-up to close tickets with necessary evidence/documentation
- Production release blocking/approval based on completion of key engagements and risks identified
- 3+ years’ experience as a TPM in one or more technical roles (focusing on application security
- Familiarity with common cloud services, recommended security best practices – AWS is preferred
- Deep understanding of most common Application Security vulnerabilities – e.g., OWASP Top 10 and cloud security gaps
- Knowledge of common security standards such as OWASP top ten, NIST and Sans top 20
- Understanding of core cryptography concepts (Encryption, Hashing, HMAC, digital signatures) and how they are applied and attacked in web applications (e.g. TLS attacks, CBC attacks)
- Understanding of common security protocols – OAuth, SAML, OIDC etc.
- Good written and oral communication. Excellent problem-solving skills
- Individual should be a self-starter, who can execute projects from inception to completion with very minimal guidance
- Knowledge of application, cloud and information security risks
- MS. in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security
- Prior work experience as a pentester or managing bug bounty programs
- Relevant security certification such as CISSP, CISM, AWS Architect Associate, CEH, OSCP etc.