Information Technology

IT Security Controls Specialist - Risk Oversight  New York, NY  
Job Description

Job ID#:


Job Category:

Information Technology

Position Type:


A Financial Services and Technology client of ours is looking to grow their Information Security team by adding an IT Security Controls Specialist for Security Risk Oversight to their US team in the Greater New York City area.  This individual will join this high profile Info Sec / Risk team and have the opportunity to actively manage security risk within a Systemically Important Financial Market Utility Infrastructure (SIFMU), thus evolving the security posture across the enterprise.   The security team as a whole is committed to building out and formalizing their Three Lines of Defense framework and this position is a critical component working with the Second Line (IT Risk, IT Compliance).  The key for this role will be to find a balance between risks, order, control, innovation, and high quality performance to maximize their delivery and ensure effective protection and mitigation of security risks. We are looking for an astute information security professional with excellent communication skills, ability to assess the security landscape, identify challenges to be addressed and methods to resolve them.  

  • Support Security team Leadership in the interlock of the security control services with other key Security functions and the wider organization, while tracking delivery of security against Key Risk Indicators (KRIs), proactively identifying opportunities to address emerging risks.  
  • Form business relationships with key stakeholders and vendors to remove barriers and enable collaboration and effective delivery. Developing open relationships with teams and continually improving delivery against Security Controls.
  • Participate in many aspects of audit activities, including risk assessments, planning, testing, control evaluation, documentation, report drafting and follow-up/verification of issue closure.
  • Serve as the Security point of contact for regulatory compliance inquiries, documentation and testing
  • Organize responses to inquiries from internal and external stakeholders
  • Organize and collect evidence of regulatory compliance in coordination with compliance 
  • Support the preliminary assessment of control requirements in connection with new or updated regulatory requirements
  • Monitor for ongoing regulatory requirement changes in coordination with Compliance
  • Focus on creating and demonstrating a strong partnership with Technology teams and Vendors, ensuring execution against corporate objectives is achieved through effective collaboration and that the Security Strategy is executed in-line with the Technology strategy.
  • Establish and maintain operating procedures for the production of key reports for information security management and senior management requests. 
  • Assist information security team members with:
    •  Report design and templates
    •  Identification of systems of record for reporting
    • Administration of processes that collect critical reports for reporting to information security management and senior management
  • Develop and manage reporting of KRI and KPIs for use by information security management, senior management in coordination with the Second Line (IT Risk, Compliance)   
  • Support the Second Line in development of Enterprise level reports
  • Prepare reports based on test results in order to present the Second Line, senior management and the board.
  • Prepare security assessment reports for internal stakeholders to support regulatory compliance
  • Produce trend reports to identify potential emerging threats.

Job Requirements


  • Bachelor’s Degree in Computer Science, Business Administration or related discipline
  • Proven experience working within the Security Governance Risk and Control (GRC) field with recent experience working in the Banking, Financial Services and/or Capital Markets industry.  
  • Advanced knowledge of business processes for supported business groups
  • Knowledge of security methodologies, policies, standards and best practices
  • Knowledgeable of best practices in information technology governance and regulatory landscape for financial institutions
  • Knowledge of risk management, developing and maintaining key risk indicators
  • Proficiency with administrative tasks including: training, reporting and compliance
  • Significant experience in a large and complex business environment
  • In-depth knowledge of security frameworks (ISO 27000, NIST 800, FFIEC, etc…)
  • Advanced knowledge of information technology systems, infrastructure and operations
  • Ability to meet expected delivery dates and the tasks necessary to achieve objectives
  • Strong in the use of Microsoft Office software and MS Visio.
  • Ability to meet expected delivery dates and the tasks necessary to achieve objectives
  • Strong ability to analyze data using Excel for reporting and data mining purposes
  • Advance experience with data visualization concepts and tools. (Preferred experience with RSA Archer and reporting tools like Tableau)
  • Ability to effectively lead, organize, and supervise
  • Ability to work directly with senior level management and interact with staff at all levels
  • Excellent writing and speaking skills.  Strong people skills
  • Must be a self-starter and able to manage the investigations function with minimal supervision


Already have an account? Log in here