Information Security & IT Risk Engineer


: $116,400.00 - $187,860.00 /year *

Employment Type

: Full-Time


: Information Technology

Loading some great jobs for you...

Our client, a global investment bank, located in mid-town NYC is looking for a Full Time Information Security & IT Risk Engineer, responsible for ensuring IT Security systems are configured, deployed, and maintained in accordance with polices and standards. The position requires participation in technical research and development to enable continuing innovation for Security and IT Risk Management. The candidate will be responsible for monitoring regular vulnerability scanning and penetration testing and will participate in incident response and investigations.


  • Focus on Cybersecurity solutions and ways to protect the firm from virus and malware vulnerabilities.
  • Develop and maintain IT Risk log analysis solutions, including data collection and aggregations, data normalization, and reporting.
  • Review and analysis of long-term comprehensive security data from a wide variety of sources.
  • Assist with project management and responsible for development/management of ongoing Information Security and Corporate Governance training programs. Develop and maintain a secure forum for all Information Security related activities.
  • Responsible for following established guidelines and identifying and resolving problems.
  • Contribute to workflow or process change and redesign, and to form a strong basic understanding of the specific product or process; may also be accountable for regular reporting or process administration as owner.
  • Coordinate and perform security audits and vulnerability assessments to assess internal security procedures and compliance requirements.
  • Work with relevant internal IT Application, Infrastructure, Network and Support teams to ensure that security controls are implemented at all significant and relevant phases of all IT processes.
  • Ensure IT systems are compliant with applicable regulations, group policies, codes and industry guidance, e.g. performing gap analyses between standards such as SANS Top 20, NIST 800-53, ISO 27001, and the firm's Information Security Framework.
  • Where gaps are identified, assist in implementation of controls.
  • Collate and quality assure data provided to other departments - Risk Management and Internal Audit.
  • Review security event log data and investigate anomalies.
  • Perform monitoring activities and risk assessments. Respond to, and where appropriate, resolve or escalate reported security incidents.
  • Manage security related events and tracking of remediation process.
  • Implement/support information security solutions - security architectures, change/configuration management, and integration of security products.
  • Develop/maintain documentation for security systems and procedures and processes. Develop security awareness training for new employees.
  • Perform testing to evaluate new products for network and system security controls.
  • Maintain logging and monitoring standards, technical investigative techniques and reporting.
  • Maintain project scheduling and task follow on security initiatives.


  • 7+ years of strong expertise with the following technologies and solutions:
  • Cybersecurity solutions and protection
  • Identity and Access Management
  • Endpoint Security
  • Privileged Management
  • IT Risk Assessments
  • IT Risk and Security Training
  • Next Generation Firewalls and End Point Detection
  • Vulnerability Scanning
  • Threat Hunting
  • Web and Email Security
  • GRC
  • System vulnerability and Security monitoring tools
  • Application security risk assessment tools
  • Perform Gap Analysis within different environments coupled with an in depth understanding of regulatory guidelines as well as standards and best practices related to ISO and NIST.
  • Ability to multi-task and work on several projects concurrently and to translate business requirements into technical solutions
  • Ability to analyze vulnerabilities within the internal infrastructure and oversee timely remediation
  • Ability to recognize/remediate issues within the internal infrastructure.
  • Ability to communicate Information Security concepts across a broad range of technical & non-technical staff.
  • Good influencing, relationship and stakeholder management skill
  • One of the following certifications is a plus - SSCP, CISM, CISA, or CISSP.
  • Weekend and night work may be needed at times based on project, support, and business needs.

Associated topics: attack, cybersecurity, forensic, identity, identity access management, idm, leak, security officer, violation, vulnerability * The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.

Launch your career - Upload your resume now!

Upload your resume

Loading some great jobs for you...