Senior Security Analyst, Boston, MA or potentially remote Apply Type Direct Hire ID j-970 Posted Sep 15, 2020 Senior Security Analyst, Boston, MA or potentially remote Compensation Commensurate with experience, bonus, benefits, EOE, diverse highly educated culture Candidates must be a U.S. citizen or national, refugee, asylum, or lawful permanent resident. Unfortunately, Visa candidates will NOT be considered for this role: Our client is a global financial technology firm that enables businesses of all sizes to harness the power of bleeding edger blockchain technology for global payments, commerce, and financial applications worldwide. Our client’s platform has supported over 100 million transactions worth tens of billions of dollars, with nearly 10 million retail customers, over a thousand businesses, while storing and securing more than $5 billion in digital currency assets. If you see yourself working in a rewarding to see your work scale through automation, are interested in building something meaningful, and would love to work in an entrepreneurial environment, we look forward to hearing from you. Our client’s security team works to protect its platforms; its customers, clients, and partners; and the financial markets upon which consumers rely. The security team leads the company’s programs for information security and cybersecurity, business continuity, vendor risk management, and privacy. As a member of this team, you’ll be responsible for designing and testing key security controls both independently and collaboratively across company teams. You will continue to learn and stay current in a fun and rapidly changing environment. Responsibilities: Work collaboratively with internal stakeholders to design and test IT general controls Support the success of SOC 1, SOC 2, and financial audits Conduct risk assessments and perform controls design reviews for client’s business processes, new initiatives, and third party partners and vendors Design key controls to mitigate assessed risk based on client’s business requirements and risk tolerance Use industry standards such as the NIST CyberSecurity Framework and ISO 27002 to ensure comprehensive control coverage Document control narratives for use by both internal and external constituents Design and execute control tests to verify operating effectiveness and monitor control performance Own and build relationships with key external stakeholders such as customers, vendors, and auditors Support independent auditors with knowledge transfer of control narratives and evidence collection Produce data-based reports on the comprehensiveness and effectiveness of IT general controls Drive continuous improvement around control operating effectiveness Qualifications: Enthusiasm for scalable, reproducible security and risk management Self-motivated and creative problem-solver able to work independently with minimal guidance Ability to manage multiple competing priorities and use good judgement to prioritize on the fly Experience with SOC 1, SOC 2, and financial audits Experience designing controls that are easy to test and audit, designing automated control tests, and designing control tests for Agile and CI/CD environments An understanding of standards such as ISO 27001/27002, the NIST Cybersecurity Framework and the PCI DSS desirable Familiarity with cloud computing environments such as AWS and Google a plus Experience working in financial services or financial technology a plus Experience working with GRC platforms such as Archer, MetricStream, or ProcessUnity a plus Three or more years of experience building and testing IT general controls or as an IT auditor. Bachelor’s degree in computer science, business administration or related field. Equivalent experience also accepted Certifications such as CISA, CISM, CISSP or similar will receive favorable consideration but are not required BlueSkyClarity: BlueSkyClarity (a Delaware LLC) is a search firm focused on retaining smart, passionate and talented people within the marketing, creative, analytic, product, sales, software engineering and information technology domain disciplines for web-to-consumer, digital agency, consulting, start-up, or iconic brand clients in all industries. Diversity and EOE Statements: Our client is an equal opportunity employer and values diversity. Our client (and we as their representative) do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital, veteran, or disability status. BlueSkyClarity proudly believe that your gender, race, nationality, religion, sexual orientation, status as a protected veteran, or status as an individual with a disability should have nothing to do with hiring practices. Posted by: #J-18808-Ljbffr
Agile Amazon Web Services (AWS) Computer Science automation Certified Information Security Manager (CISM) Information security Marketing Certified Information Systems Security Professional (CISSP) PCI DSS remote work Information technology (IT) Google Commerce Sales Cybersecurity Finance Consulting Creativity testing Software Development Engineer platform transactions Privacy management Bachelor’s Degree risk management startups Designer Business Administration Blockchain