Senior Information Security Specialist (offline)
About the client:
The Questrade Technology Group (QTG) is home to a unique environment, where our culture thrives and, most importantly, we get stuff done! Questrade is continuing with its digital transformation initiative, and our infrastructure footprint is growing beyond our data centers and into the Google Cloud Platform, on an exciting strategy that is driven by business value. Join us to help leverage the data we have, as we solve exciting challenges such as building out new models, algorithms and solving complex business problems to grow and deliver customer-centric solutions in a multi-product/multi-channel financial services environment.
Responsibilities:
• Lead and improve Threat and Vulnerability Management (TVM) Program including scanning solution design improvements, implement processes for vulnerabilities prioritization, distribution and remediation tracking, ensure asset inventory validation and full coverage by the scanning solution
• Analyze issues and assess the risks associated for identified vulnerabilities, and facilitate remediation activities across the enterprise
• Collect and analyze metrics and provide reports to management
• Coordinate Penetration Testing activities with third party vendors
• Manage endpoint protection solutions including malware protection and DLP
• Review Incident Response (IR) plan and procedures, IR playbooks, prepare for table top exercises
• Perform TPRAs (Third party risk assessments) for existing and new products and vendors
• Support compliance activities primarily achieving SOC 2 compliance
• Analyze key data issues, patterns, and trends to identify implications
• Execute procedures, perform detailed data analysis, reach conclusions, document results, and suggest ideas for efficiencies, identify opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios
• Perform assessments of the IT security/risk posture within the IT network, systems and software applications, in addition to assessments within the Vendor Management Program
• Take full responsibility for tasks including constantly reviewing your own work to identify and improve your own approach for producing quality work products. Complete work in a timely manner and take responsibility for all work outputs
• Develop rapport with others by demonstrating an understanding of their concerns, needs and issues and focus on developing an internal network of relationships that can provide advice and support
• Provide feedback to the broader IT team about new or emerging technologies, threats and relevant solutions. Seek, develop, and present ideas to the team
• Utilize technology and tools to continually learn and innovate, share knowledge with team members and enhance security posture
Requirements:
• Bachelor’s Degree, Information Systems, Computer Science, Information Security or related field required
• 7-10 years IT security or information security experience with a proven ability to engage with Senior Management and auditors
• 4+ years experience in administering IT security controls in an organization. Prior experience working within a financial service organization preferred
• Certified Information Systems Security Professional (CISSP), or related certification
• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk
• Must possess capabilities in one or more of the following vulnerability scanning solutions (Nessus, Rapid 7, Qualys)
• Previous experience in implementing Vulnerability Management program, Threat collection, Analysis & Management and Situational Awareness
• Experience with endpoint protection solutions, firewalls, IPS/IDS, content filtering
• Experience in defining metrics and KPIs, implementing cybersecurity/risk dashboards
• Strong written and verbal communication, presentation and technical writing skills, coupled with a strong interest in further developing Cyber Security skills
• Ability and comfort level researching current and emerging issues, including regulations, industry practices, and new technologies
• Excellent teamwork skills
• Multi-task with minimum supervision, uphold commitments made
• Self-learner capable of independent study of new concepts and tools
We offer:
• Flexible working hours
• A competitive salary and good compensation package
• Best hardware
• A masseur and a corporate doctor
• Healthcare & sport benefits
• An inspiring, comfy, clean and safe office
Professional growth:
• Challenging tasks and innovative projects
• Meetups and events for professional development
• An individual development plan
• Mentorship program
Fun:
• Corporate events and outstanding parties
• Exciting team buildings
• Memorable anniversary presents
• A fun zone where you can play video games, foosball, ping pong, and more
The Questrade Technology Group (QTG) is home to a unique environment, where our culture thrives and, most importantly, we get stuff done! Questrade is continuing with its digital transformation initiative, and our infrastructure footprint is growing beyond our data centers and into the Google Cloud Platform, on an exciting strategy that is driven by business value. Join us to help leverage the data we have, as we solve exciting challenges such as building out new models, algorithms and solving complex business problems to grow and deliver customer-centric solutions in a multi-product/multi-channel financial services environment.
Responsibilities:
• Lead and improve Threat and Vulnerability Management (TVM) Program including scanning solution design improvements, implement processes for vulnerabilities prioritization, distribution and remediation tracking, ensure asset inventory validation and full coverage by the scanning solution
• Analyze issues and assess the risks associated for identified vulnerabilities, and facilitate remediation activities across the enterprise
• Collect and analyze metrics and provide reports to management
• Coordinate Penetration Testing activities with third party vendors
• Manage endpoint protection solutions including malware protection and DLP
• Review Incident Response (IR) plan and procedures, IR playbooks, prepare for table top exercises
• Perform TPRAs (Third party risk assessments) for existing and new products and vendors
• Support compliance activities primarily achieving SOC 2 compliance
• Analyze key data issues, patterns, and trends to identify implications
• Execute procedures, perform detailed data analysis, reach conclusions, document results, and suggest ideas for efficiencies, identify opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios
• Perform assessments of the IT security/risk posture within the IT network, systems and software applications, in addition to assessments within the Vendor Management Program
• Take full responsibility for tasks including constantly reviewing your own work to identify and improve your own approach for producing quality work products. Complete work in a timely manner and take responsibility for all work outputs
• Develop rapport with others by demonstrating an understanding of their concerns, needs and issues and focus on developing an internal network of relationships that can provide advice and support
• Provide feedback to the broader IT team about new or emerging technologies, threats and relevant solutions. Seek, develop, and present ideas to the team
• Utilize technology and tools to continually learn and innovate, share knowledge with team members and enhance security posture
Requirements:
• Bachelor’s Degree, Information Systems, Computer Science, Information Security or related field required
• 7-10 years IT security or information security experience with a proven ability to engage with Senior Management and auditors
• 4+ years experience in administering IT security controls in an organization. Prior experience working within a financial service organization preferred
• Certified Information Systems Security Professional (CISSP), or related certification
• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk
• Must possess capabilities in one or more of the following vulnerability scanning solutions (Nessus, Rapid 7, Qualys)
• Previous experience in implementing Vulnerability Management program, Threat collection, Analysis & Management and Situational Awareness
• Experience with endpoint protection solutions, firewalls, IPS/IDS, content filtering
• Experience in defining metrics and KPIs, implementing cybersecurity/risk dashboards
• Strong written and verbal communication, presentation and technical writing skills, coupled with a strong interest in further developing Cyber Security skills
• Ability and comfort level researching current and emerging issues, including regulations, industry practices, and new technologies
• Excellent teamwork skills
• Multi-task with minimum supervision, uphold commitments made
• Self-learner capable of independent study of new concepts and tools
We offer:
• Flexible working hours
• A competitive salary and good compensation package
• Best hardware
• A masseur and a corporate doctor
• Healthcare & sport benefits
• An inspiring, comfy, clean and safe office
Professional growth:
• Challenging tasks and innovative projects
• Meetups and events for professional development
• An individual development plan
• Mentorship program
Fun:
• Corporate events and outstanding parties
• Exciting team buildings
• Memorable anniversary presents
• A fun zone where you can play video games, foosball, ping pong, and more
The job ad is no longer active
Job unpublished on
1 August 2021
Look at the current jobs Security Kyiv→
Average salary range of similar jobs in
analytics →
Similar jobs
Security Engineer SOC at Raiffeisen Bank
Ukraine
Information Security Specialist at ТОВ "ІТ Капітал"
Ukraine
Windows Security Engineer at TemaBit Fozzy Group
Ukraine
All jobs Security Kyiv All jobs N-iX