Contribute to leading-edge security and resilience efforts, advancing protective strategies and propelling continuous improvement.
Job responsibilities
- Lead effective end-to-end planning, design, conduct, and evaluation of both internal and external resiliency simulations in accordance with the firm’s business and technology standards as well as global regulatory frameworks
- Conduct post-exercise after-action analysis, reporting, and assessment, synthesize corrective actions, implement tracking/monitoring of progress, and design future simulations to validate improvements
- Lead engagement with key stakeholders across the firm to develop tailored, all-hazards simulation scenarios that achieve business, resiliency, technology, and/or cyber incident response objectives
- Provide leadership across all aspects of exercise project management, spanning the entire engagement lifecycle (i.e., plan, design, conduct, and assess) to include scheduling meetings, reserving venues, facilitating discussions, and providing senior leader project updates
- Design and execute testing and simulations – such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations, and contribute to the development and refinement of assessment methodologies, tools, and frameworks to ensure alignment with the firm’s strategy and compliance with regulatory requirements
- Evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation
- Collaborate closely with cross-functional teams to develop comprehensive assessment reports – including detailed findings, risk assessments, and remediation recommendations – making data-driven decisions that utilize continuous improvement
- Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to enhance the firm's assessment strategy and risk management. Engage with peers and industry groups that share threat intelligence analytics
- Support overall team strategy and capability uplift initiatives to drive rapid maturity
Required qualifications, capabilities, and skills
- 5+ years of experience in cybersecurity or resiliency, with demonstrated exceptional organizational skills to plan, design, and coordinate the development of offensive security testing, assessments, or simulation exercises
- Demonstrated ability to manage multiple, parallel, complex engagements collaboratively with a diverse set of stakeholders, subject matter experts, and senior leaders to build requirements and execute across a core set of project milestones
- Familiarity with how key international financial systems operate, to include an understanding of the current threat landscape, operational resiliency considerations, and possible systemic risk scenarios
- Experience formulating and/or interpreting threat and risk analyses of cyber adversary techniques, technology disruptions, terrorist attacks, severe weather, and other major hazards
- Experience developing and presenting briefings to senior leaders in addition to large group meeting facilitation and logistics planning
- Excellent written skills and ability to communicate effectively. Proficiency in the use of Microsoft Office and related technologies
- Knowledge of US financial services sector cybersecurity or resiliency organization practices, operations risk management processes, principles, regulations, threats, risks, and incident response methodologies
- Ability to identify systemic security or resiliency issues as they relate to threats, vulnerabilities, or risks, with a focus on recommendations for enhancements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resiliency testing equivalents
- Excellent communication, collaboration, and report writing skills, with the ability to influence and engage stakeholders across various functions and levels
Preferred qualifications, capabilities, and skills
- Experience in planning, developing, and coordinating incident response playbooks, runbooks, or other key operational processes across a large organization
- Background in metrics development, risk analysis & visualization, and/or automation
- Background in /knowledge of financial institutions and the banking sector
- Hold relevant industry certifications – such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Offensive Security Certified Professional (OSCP), Associate Business Continuity Planner (ABCP) or Certified Business Continuity Planner (CBCP)– showcasing advanced expertise in cybersecurity and offensive testing methodologies or resiliency
- Knowledge/experience in modern programming languages