The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a 501(c)(6), not-for-profit entity, the only global cyber intelligence sharing community solely focused on financial services. Serving financial institutions and in turn their customers, the organization leverages its intelligence platform, resiliency resources and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyber threats. FS-ISAC is headquartered in the US, with offices in Singapore, The Hague and London.
The Security GRC (Governance Risk & Compliance) Engineer position is a technical, hands-on engineer, who will need a broad background and be willing to learn new environments and apply security best practices at the appropriate level for FS-ISAC’s risk appetite. The individual will be responsible for working with our Managed Security Service Provider (MSSP) and managing security tools. The individual may be required to do security assessments of solutions or provide security architecture reviews to new or significantly changed systems. The individual will need to ensure FS-ISAC executes their documented security controls and remains compliant to our policies and meet customer/member expectations. The individual should have broad and deep security experiences. Expertise with AWS Security a plus. Expertise with Microsoft security a plus.
- Be primary or backup on all the security technology FS-ISAC uses.
- Interface with MSSP to provide solid security for FS-ISAC.
- Review changes to ensure there are no security concerns.
- Support annual security assessment and security strategy work.
- Support business activities and projects that need security support.
SKILLS AND QUALIFICATIONS
- Hands on experience managing security technology for a minimum of three years.
- AWS Security (a plus).
- Microsoft Security (a plus).
- Security assessments of products, vendors, and new/modified technology.
- Basic security architecture skills.
- Must be able to manage time and budget time to tasks appropriately, across several simultaneous events
- Clearly and effectively communicates with individuals from a variety of backgrounds and experience. Speaks clearly in positive or negative situations; listens and gets clarification
- Ability to maintain competent and calm composure in high-stress and/or problem situations.
- Strong interpersonal skills, enjoys working with people and contributing to company goals.
- Self-starter with attention to accuracy and quality in time-driven environment.
- Demonstrate critical thinking skills to solve problems and/or pivot plans as needed.
- Enjoys being part of a team, asks for support and provides support to team.
EDUCATION AND EXPERIENCE
- Bachelor’s Degree in Computer Science or related field (preferred).
- 3-10 years of professional experience in Information Security
- 1-2 years of experience working on AWS and Microsoft security technology.
- Experience working with an MSSP and managing work and relationships.
- Experience with security incident management.
This position is seated in the Reston Headquarters Office with a hybrid office schedule, or remote. The position requires a professional work environment and candidate must be able to meet the physical demands associated with the professional environment. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
FS-ISAC has reviewed this position description to ensure that essential functions and basic duties have been included. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate.
All employees must be authorized to work in the US. FS-ISAC provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, FS-ISAC complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.
- Citizenship: Not Provided
- Incentives: Bonus
- Education: Not Provided
- Travel: Not Provided
- Telework: Full Telecommute