דרושים Third Party Info Security Consultant ב-Bank Of America ב-Ireland, Dublin

Job Description:

Job Title: Info Security Threat Management Specialist

Corporate Title: VP

Role Description:

Global Information Security is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank’s Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities and operates a global security operations center that monitors, detects and responds to cybersecurity incidents. Within GIS, Identity and Access Management is a security discipline that enables the right individuals to access the right resources at the right times and in the right context. IAM addresses the mission-critical need to ensure appropriate access to the resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements.

Responsibilities:

• Assisting Authentication lead and partners with other technology SMEs to ensure that strategic and effectively authentication solutions are adopted across BAC and ensure compliance with IAM Standard.

• Support IAM Governance leads to ensure that all authentication related IAM requirements are appropriately measured, reported and governed.

• Appropriately assess identity and authentication related risks when business and technology decisions are made, demonstrating risk management mindset and practices to safeguard BAC’s reputation, its clients, and assets by driving compliance with applicable laws, rules, and regulations, adhering to BAC Policy and Standards.

• Monitors industry information security and Identify and Authentication trends and engages peer organizations to refine and enhance BAC’s strategy.

• Apply industry Identity and Authentication best practices, templates, and documentation while also proposing improvements based on practical knowledge.

• Partner with other Global Information Security (GIS) functions, Core Technology Infrastructure (CTI), Cyber Security Technology (CST), Third Party management, Global Compliance and Operations Risk (CGOR), internal audit, and regulatory agencies.

• Influence relevant tools owners to build/implement enhanced Identity and Authentication solutions that are efficient, effective, and modern and able to deliver material risk reduction in sustainable manner.

• Collaborate with stakeholders to develop Identity and Authentication requirements that iteratively support long term modernization and transformation (covers Process, Data and Technology aspects).

• Support engagement with Product Managers and Senior Architects to comprehend the strategic Identity and Authentication technology roadmap.

• Consult with the business to identify gaps and governance issues, leveraging own domain expertise to find effective solutions.

• Clearly articulate reasons and methods behind proposed changes through informative materials for educating others.

• Knowledge of identity and authentication methodologies, techniques and technologies,familiarity with laws, rules, and regulations within the financial services sector.

• Understanding and interpreting BAC’s established information security Policy, Standards, Procedure and Guides, and applying this knowledge to related identity and authentication decisions and responses. Serve as the Subject Matter Experts in advising BAC business and technology counterparts on effective ways to achieve or exceed compliance with applicable Policy, Standards, Procedures and Guides.

• Familiarity with security standards such as NIST, ISO/EC, FFIEC.

• Knowledge of PAM related tools which support MFA, vaulting, integration with service management tool would be an advantage.

• Experience in identify and authentication fields in a large and complex organization with deep security knowledge which covers core technology infrastructure (network, storage, servers, databases, etc.) identity management and application security practice.

• Experience with Linux, Windows, Cloud scale Identity, Access Management (Single Sign-On, Multi Factor Authentication), Authorization services or design and architecture of authentication services or Identity Store.

• Knowledge of authentication platforms and protocols such as Active Directory, LDAP, OIDC, Kerberos.

• Understanding of Federation platforms or protocols such as Oauth, OpenID, SAML, WS-Fed, etc.

• Experience with IAM platforms such as Ping Identity, Active Directory OpenLDAP, OpenDJ

• Proficient in data management which includes strong data analytical capability with advanced understanding of the collection and management of metadata

• Experience with report automation and aggregation tools (Tableau, Splunk) highly desirable

Skills that will help:

• Possession of CISSP certification would be an advantage.

• Knowledge of Compliance Certifications such as SOX, SOC, SOC2.

• Experience and involvement in large projects

• Bachelor’s Degree or equivalent work experience

Private healthcare for you and your family plus an annual health screen to help you manage your physical wellness with the option to purchase a screen for your partner

• Competitive pension plan, life assurance and group income protection cover if you become unable to work as a result of a disability or health reasons

• 20 days of back-up childcare and 20 days of back-up adult care per annum

• The ability to change your core benefits as well as the option of selecting a variety of flexible benefits to suit your personal circumstances including access to a wellbeing account, travel insurance, critical illness etc.

• Access to an Employee Assistance Program for confidential support and help for everyday matters

• Access to free counselling through the Employee Assistance Program and virtual GP services through our private health care plan

• Ability to donate to charities of your choice and the bank will match your contribution

• Opportunity to access our Arts & Culture corporate membership program and receive discounted entry to some of Ireland’s most iconic cultural institutions and exhibitions.

• Opportunity to give back to your community, develop new skills and work with new groups of people by volunteering in your local community.

We strive to ensure that our recruitment processes are accessible for all candidates and encourage any candidates to tell us about any adjustment requirements.

Role Description:

This job is responsible for performing information security reviews of third parties that provide services to the bank. Key responsibilities include working with third parties to review their information security technical controls, collect and review documentation during an assessment to determine if they meet Bank of America information security controls. This could include working from their offices (on site) in EMEA or virtually from the bank’s office using collaboration tools. Following assessment, documenting gaps and areas of non-compliance in workpapers and generating summary assessment reports. Key responsibilities span pre-assessment, assessment and reporting

Responsibilities:

• Partners with third parties to ensure they are prepared for information security assessments including answering detailed questions from them and describing the bank’s assessment process

• Evaluates a third party’s information security risk and technical control with a holistic lens to determine if they meet Bank of America requirements

• Discusses information security gaps in the third party’s program with their Subject Matter Experts

• Escalates issues and risks identified during the assessment

• Manages the Global Information Security relationship with third parties and the bank’s Enterprise Vendor Managers (EVMs)

• The role will require travel within the EMEA region (up to 20% of the time)

• The ability to interact with internal or external stakeholders including business partners and/or external parties to identify, analyse, and resolve complex problems or security gaps

• The ability to objectively assess risk information from various sources and synthesize it towards making a reasoned and supportable judgment

What we are looking for:

• Technical skills relating to the domains of information security including:

• Information Security Controls (Infrastructure Security, Logical Access Management, Application Security, Threat and Vulnerability, Network Security Management.)

• IT Compliance, SOX Compliance

• Change Management and Business Continuity

• Enterprise Risk Management

• Experience in Information Security and/or IT Audit

• Solid grasp of NIST, ISO, SDLC, COBIT standards

• Technical writing and verbal communication skill

• Ability to coordinate multiple assessment activities in parallel

Skills that will help:

• Information Security certifications, including ISO27002 / CISSP / CEH / CISM / CISA

• Knowledge of NIST guidelines

• European business and technical language skills

Ireland

• Private healthcare for you and your family plus an annual health screen to help you manage your physical wellness with the option to purchase a screen for your partner

• Competitive pension plan, life assurance and group income protection cover if you become unable to work as a result of a disability or health reasons

• 20 days of back-up childcare and 20 days of back-up adult care per annum

• The ability to change your core benefits as well as the option of selecting a variety of flexible benefits to suit your personal circumstances including access to a wellbeing account, travel insurance, critical illness etc.

• Access to an Employee Assistance Program for confidential support and help for everyday matters

• Access to free counselling through the Employee Assistance Program and virtual GP services through our private health care plan

• Ability to donate to charities of your choice and the bank will match your contribution

• Opportunity to access our Arts & Culture corporate membership program and receive discounted entry to some of Ireland’s most iconic cultural institutions and exhibitions.

• Opportunity to give back to your community, develop new skills and work with new groups of people by volunteering in your local community.

UK

• Private healthcare for you and your family plus an annual health screen to help you manage your physical wellness with the option to purchase a screen for your partner

• Competitive pension plan, life assurance and group income protection cover if you become unable to work as a result of a disability or health reasons

• 20 days of back-up childcare including access to school holiday clubs and 20 days of back-up adult care per annum

• The ability to change your core benefits as well as the option of selecting a variety of flexible benefits to suit your personal circumstances including access to a wellbeing account, travel insurance, critical illness etc.

• Access to an emotional wellbeing helpline, mental health first aiders and virtual GP services.

• Access to an Employee Assistance Program for confidential support and help for everyday matters

• Ability to donate to charities of your choice directly through payroll and the bank will match your contribution

• Opportunity to access our Arts & Culture corporate membership program and receive discounted entry to some of the UK’s most iconic cultural institutions and exhibitions.

• Opportunity to give back to your community, develop new skills and work with new groups of people by volunteering in your local community.

We strive to ensure that our recruitment processes are accessible for all candidates and encourage any candidates to tell us about any adjustment requirements.

U.S. Bank is seeking anInformation Security Analysttoutilize security tools to monitor the U.S. Bancorp network to identify, analyze and respond to cyber security alerts to determine whether a security incident has occurred.

RESPONSIBILITIES

• Remediate serious attacks escalated from Tier 1

• Perform in-depth triage of security incidents

• Assist with the development of incident response plans, workflows, and SOPs

• Assist with the development of automation playbooks

• Work with cyber intelligence analysts to convert intelligence into useful detection

• Collaborate with detection team to build and/or tune detection rules and signatures as needed

• Identify root cause and implement proactive/mitigation steps

• Develop and implement detection use cases

• Assist Cyber Security Incident Response (CSIRT) Team with response efforts if/when needed

• Track and report on security metrics

• Utilize IDS, SIEM, SOAR, Endpoint Detection & Response, etc. to monitor the network of USB

• Identify, analyze, and respond to security incidents

• Research security events and incidents to provide details and recommendations

• Follow standard operating procedures (SOPs) to perform internal and external escalations

• Review incidents to assess their urgency and escalate if necessary

EXPERIENCE SHOULD INCLUDE

• Common ports and services

• IPv4 and IPv6 basic packet structure

• HTTP methods (GET/POST)

• DNS resolution

• SSL/TLS

• Common malware strategies (recon, exploit, callback)

• Types of Security Threats

• MITRE ATT&CK Framework

• 2 Years I.T. experience (System Administration, Network Administration, Pen Tester, Security Administrator, etc.)

• Fundamental networking, TCP/IP understanding

• Strong analytical skills

• 1st/2nd shift flexibility

• Strong written and verbal English communication skills

• Advanced Threat Actors

• Lateral Movement

• Root causes & Attack vectors

• SIEM Platforms

• SOAR Technologies

• Scripting Languages (Python, PowerShell, etc.)

PREFERRED QUALIFICATIONS

• Bachelor’s Degree

• At least one Industry accepted security certification.

• 5+ years of total IT related experience

• 2+ years’ experience working in a Security Operations Center