Info Security Analyst

Position: Info Security Analyst

Location: New York NY (Hybrid)

Duraition: 12 months Contract to Hire

Client: Apex / Bank of NY Mellon New York City

Pay Rate: $65 W2(AI)

Describe Project Background and Details

• Oversee risk issue control structure what are we going to do to fix it
• Inherent risk of what the team is doing
• Need to understand GRC cyber controls

• IAM vulnerability info sec operations

What are the Day to Day Responsibilities

• Oversee risk issue control structure what are we going to do to fix it
• Inherent risk of what the team is doing
• Will work on Discoverable records supporting Cyber identify the problem open it as open risk item and evaluate

Must Haves Skills & Technologies (Break down each skill or tech stack/ flexibility levels):

• Need to understand and oversee GRC cyber controls IAM vulnerability info sec operations
• Creating plan and major milestones and be able to document
• Create presentations and present to SR Leadership/internal stakeholders
• Familiarity with ServiceNow in a control environment is a high preference

• Exports from service now and manipulate data
• Entering familiar and using the tool

• Microsoft Suite can use V look ups

Jr. Mid or Sr. level and how many years of experience on each skill

SR MID 5 8 years

Drill down on how they will use the skill: Governance risk and compliance.

The Bank has established baseline standard for controls including resolution of security vulnerabilities which serve to minimize residual cyber risk. Utilizing a risk prioritized approach based upon industry standards (NIST Domains; Identify Detect Protect Respond and Recover) the IS Cyber Problem Mgt team provides a cohesive global process for identification notification awareness problem resolution and mitigation of cybersecurity control breaks and vulnerabilities. Leveraging a framework built upon the principles of ITIL ISD Cyber Problem Mgt helps BNYM in maintaining normal service availability and prevention of system/data and/or compromise while proactively reducing the residual risk and technical debt of control breaks.

Responsibilities:

• Reviews and analyzes complex data and information to provide insights conclusions and actionable recommendations provides direction and guidance on reports and analyses and ensures recommendations are aligned with customer/business needs and capabilities.
• Contributes to the achievement of area objectives.
• Consults with other IT areas and the businesses and provides professional support for major components of the companys information security infrastructure.
• Recommends course of action to mitigate risk and ensures that appropriate standards are established and met.
• Identify operational roadblocks to ensure timely remediation and countermeasures.
• Assist others in interpreting understanding and applying information security policies and standards.
• Works closely with other members of the Information Security and various other organizations in a collaborative and goaloriented manner.

Qualifications:

• Bachelors degree in computer science or a related discipline or equivalent work experience required advanced degree preferred
• 810 years of experience in information security or related technology experience required experience in the securities or financial services industry is a plus.
• Knowledge and conceptual understanding of security controls (Identity and Access Management IT General controls etc.) as well as System Development Life Cycle (SDLC)
• ServiceNow working with exports from SN entering data working with the SN tool
• Relentless in the pursuit of continuous cyber hygiene control completeness and effectiveness.
• Strong analytical and troubleshooting skills
• Selfmotivated individual and a team player
• Excellent analytical and troubleshooting skills
• Clear concise and effective written and verbal communication skills
• Exhibit good time management skills independent thinking and decisionmaking capabilities