Cyber Security specialist

This is a contract position for a Cyber Security Specialist that will be part of the CISO function and will support Clients US Consumer Banking Business with the acquisition of Best Egg. The role will support Best Egg Integration and will be responsible to work on the legal day 1 and beyond Cyber deliverables for the Project that includes, completion of the gap analysis against Client's standards, alignment with Client's tech and cyber policies and standards and determine and co-ordinate post legal day 1 integration and control enhancements/deliverables. This will include requirements related to penetration testing, third party security, data security, vulnerability management, secure configuration, and other cyber domains. Additionally, the role will support the Business Information Security Office with governance activities for Best Egg Cyber function in the first year.

Key Accountabilities:

• Support gap assessment against Clients Cyber policies and standards and help define remediation plans to address the gaps

• Ensure gaps and risks are recorded as per Client's governance framework and are tracked to closure.

• Co-ordination of penetration testing of Best Egg networks and applications, and security reviews related to third party security, data security, vulnerability management, secure configuration, and other cyber domains.

• Support Cyber Security activities and other related activities to ensure the organization's assets and IT systems are appropriately protected against unauthorized activities including deliberate or accidental loss.

• Execution of security risk assessments during the change & development lifecycle to identify vulnerabilities within Best Egg systems, applications and infrastructure, ensuring compensating security controls and countermeasures are embedded to enhance security posture and resilience against cyber threats.

• Support and provide guidance to Chief Information Security Office (CISO), Business information Security Office (BISO), Chief Information Office (CIO) and Product Team functions providing security reviews and recommendations for risk mitigation.

• Contribute to the design of security solutions

• Work with the business and project team(s) to ensure residual risks are adequately mitigated to the degree that meets the risk appetite of the business.

• Handling complex information. 'Complex' information could include sensitive information.

• Influence or convince stakeholders to achieve outcomes.
  

Person/Skillset Specification:

• Has 5 to 7 years of experience in cyber and information security domain preferably in CISO or Security consultancy roles

• Broad domain expertise across network security, cloud, IAM, data protection, application security, third-party security and artificial intelligence.

• Understanding of security strategies and technologies including secure network design, e-Channels, remote computing, desktop and server hardening, secure web services, Compliance Auditing, Penetration Testing, Security Monitoring, Access Controls (identification, authentication and authorization) and Encryption.

• Expertise in Technology and cyber standards and control framework and experience performing gap assessments against these framework as well as recommending risk mitigation measures.

• Working knowledge of NIST CSF, ISO/IEC 27001/27002, PCI DSS/PED and CIS Controls, and their application into diverse environments.

• Understanding of the security mechanisms associated with Windows or Unix operating systems, switched networks, web-based applications and databases.

• Competent to discuss the underlying technology with product developers.

• Contribute to formulation of controls and best practices for security management.

• Can describe all key Cyber Security functions, major roles, responsibilities and their inter-dependencies.

• Has contributed to the creation of technology-related security best practices and processes.

• Understands security operations from a people, process and technology perspective.

• Understands routine Cyber Security monitoring and administration tools.

Risk and Control Objective:

• Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise-Wide Risk Management Framework and internal Clients Policies and Policy Standards
  

The pay range that the employer in good faith reasonably expects to pay for this position is $41.61/hour - $65.01/hour. Our benefits include medical, dental, vision and retirement benefits. Applications will be accepted on an ongoing basis.

Tundra Technical Solutions is among North America’s leading providers of Staffing and Consulting Services. Our success and our clients’ success are built on a foundation of service excellence. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable law, including the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. Unincorporated LA County workers: we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: client provided property, including hardware (both of which may include data) entrusted to you from theft, loss or damage; return all portable client computer hardware in your possession (including the data contained therein) upon completion of the assignment, and; maintain the confidentiality of client proprietary, confidential, or non-public information. In addition, job duties require access to secure and protected client information technology systems and related data security obligations.

Salary : $42 - $65