Federal Reserve Bank of New York
Application Security Risk Analyst
Traditional Asset Manager
Works hands-on with development teams to develop, roll-out and provide oversight for a comprehensive Secure Software Development Life Cycle (SSDLC) program, including secure coding guidelines, static code analysis, and dynamic testing. Contributes both on an individual application basis as well as a member of the Information Security Assurance team to raise the application security posture across the organization, by developing an application security framework, including SSDLC development, standards and guidelines for application developers, helping the development teams identify application security vulnerabilities through a combination of security assessment techniques, and disseminate specialist application security knowledge to the development communities.
Principal Duties and Responsibilities:
Works with various IT leaders and application development areas to develop and implement SSDLC Program according to the organization's unique information security risk management, governance, risk, and compliance processes.
Works directly with the business and application development team representatives to imbed application security processes, tools and techniques within the various SSDLC processes used.
Provides oversight / governance of the SSDLC Program and communicates progress and issues to the ISO, Information Security Manager, and IT Leadership and Application Development teams.
Serves as a consultant to disseminate specialist application security knowledge to the development communities.
Researches and evaluates solutions and recommends the most efficient and cost effective solutions for ensuring that security is built-in to all phases of the SSDLC.
Leads demonstrations of application security tools to business and application development teams.
Develops/implements continuous integration (CI) framework processes.
Responsible for maintenance & support of technology integrations with the application security tools.
Responsible for the development and maintenance of Static Code Analysis Tools scanning policies, user provisioning and security strategy documents, and any other related documentation.
Engages Client and/or other third-party suppliers of application security software on system defects, support issues.
Researches and investigates new and emerging vulnerabilities, to include 0 Day events, and participate in external security communities.
Keeps apprised of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks; Identify vulnerabilities or weaknesses in systems.
Develops an externally-focused view of the evolving threats facing the organization.
Reports to management on IT system vulnerability and protection against malware and hackers.
Promotes awareness of applicable regulatory standards, upstream risks and industry best practices across the organization.
Assists in all internal and external audits.
Assists in development and implementation of policies, procedures, standards.
Examines systems and procedures to identify potential adverse events, including but not limited to hardware and software crashes, physical disasters, malicious intruders, malware, denial of service attacks and employee misconduct.
Evaluates security policy, processes and procedures for completeness.
Monitors and advise on information security issues related to the systems to ensure the security controls are appropriate and operating as intended; Ensure that controls are adequate to protect sensitive information systems.
Develops and maintain security operating procedures and associated documentation.
Identifies inefficiencies and make suggestions for process improvements.
Tracks open audit issues to closure and reporting on status completion and progress.
Reviews access controls processes to identify vulnerabilities and the appropriate solutions to eliminate or minimize their potential effects.
Fulfills job duties and responsibilities in conformance with sound safety practices.
Performs other related duties as assigned.
Bachelor's Degree from a four-year college or university in Computer Science, Management Information Systems, Information Security, or equivalent work experience.
5 years working in Information Technology and/or Information Security.
5 years working in Application Security
CISSP, CEH, GWAPT, GSEC
Knowledge & Skills:
Ability to work efficiently, making sound decisions while meeting time sensitive deadlines.
Superior organizational and time management skills.
Self-motivated and able to prioritize tasks based on business requirements.
Excellent interpersonal communication and listening skills is essential.
Strong analytical and problem solving skills.
Creative thinking and troubleshooting.
Excellent communication (oral and written), interpersonal, organizational, and presentation and listening skills.
Strong deductive reasoning, critical thinking, problem solving, and prioritization skills.
Ability to work in a fast-paced, support team environment.
Ability to follow detailed process and procedure documentation.
Ability to present complex solutions and methods to general community.
Strong team player who collaborates well with others to solve problems.
Solid understanding of networking concepts.
Solid understanding of operating system security concepts.
Understanding of malware, emerging threats, attacks, and vulnerability management.
Applicants must be able to provide work authorization to prove their eligibility to work in the United States.
Americas, United States
Manager, Technology Risk Advice
Multifamily Risk Distribution and Credit Underwriting Analyst
Advertise with us
| United States
| Czech Republic
| South Africa
| District Of Columbia
| View Other Popular States
Popular Risk Types:
| Risk Management Jobs
| Market Jobs
| Operational Jobs
| Energy Jobs
| Regulatory/Compliance Jobs
| Academic Jobs
Resumes by Job Titles:
| Risk Analyst
| Quantitative Analyst
| Risk Manager
| Risk Management Consultant
| Risk Officer
| View Other Resumes
Terms & conditions
Copyright © 2017 Global Risk Jobs | Powered by JobMount Job Board Software
| Job Wrapping
Federal Reserve Bank of New York
Website : http://www.newyorkfed.org