Sr. Associate, Information Security

40%     Security Tool Administration & Technology Configuration Management

• Configure, tune, and manage HSAM’s cybersecurity toolset, including but not limited to endpoint detection and response (EDR), SIEM, vulnerability management, and data loss prevention (DLP) tools.
• Maintain and apply security policies and rules within cybersecurity platforms in alignment with HSAM standards and regulatory requirements.
• Conduct periodic security configuration reviews of technology systems and platforms against internal policies, industry best practices, and vendor hardening guidelines.
• Identify configuration gaps across technology systems, document findings, and coordinate with platform owners to remediate.
• Support a criticality-based review cadence for technology platform security configurations.
• Work cross-functionally to support security configuration needs and related enhancements.
• Support identity and access management (IAM) operations, including user access reviews, conditional access policy maintenance, and identity governance.
• Assist with the improvement of HSAM’s existing cybersecurity toolset and execute toolset enhancements, as appropriate

30%     Vulnerability Management & SOC / Monitoring Support

• Support vulnerability scanning operations, including scan execution, result triage, and remediation tracking.
• Assist with the management of patching cadence and remediation timelines, ensuring open findings are tracked to closure.
• Monitor SOC alerting and assist with tuning detection rules to reduce noise and improve signal quality.
• Assist with incident triage, investigation, and documentation under direction of the CISO.
• Help maintain and update incident response runbooks and playbooks.
• Assist with monitoring threats and taking preventative measures to protect HSAM’s environment.

20%     Security Program Technical Support

• Assist in maintaining a program aligned to applicable security standards, regulations, and industry best practices.
• Support the mitigation of information security risks within HSAM in a manner that meets compliance and regulatory requirements.
• Provide input to and assist with updates of policies, procedures, and other program-related documentation.
• Provide technical input into firmwide risk meetings and participate in security strategy meetings, as appropriate.
• Generate technical evidence and artifacts to support compliance audits and third-party assessments.
• Assist with technical writing, internal communications, and documentation related to security controls and configurations.

10%     Cross-Team Support & Professional Development

• Provide technical support for third-party assessments as needed.
• Attend meetings and serve on committees, as requested.
• Maintain and increase knowledge and skills through attendance at meetings, conferences, training seminars, and in-service training sessions.

• 3-5 years of experience in information security with hands-on experience administering security tools and infrastructure in a regulated environment.
• Bachelor’s Degree in a technical discipline such as Information Security, Computer Science, Information Systems, or related field.
• Experience administering and troubleshooting enterprise security platforms (e.g., EDR, SIEM, vulnerability management, DLP tools).
• Working knowledge of cloud and SaaS security administration (e.g., Microsoft 365, Azure, GCP, AWS).
• Knowledge of data communications, network security fundamentals, and identity and access management concepts.
• Security certifications such as CompTIA Security , GIAC certifications (GSEC, GCIH), or equivalent preferred.
• Knowledge of security frameworks, standards, and industry best practices preferred.
• Familiarity with scripting languages (e.g., PowerShell, Python) for automation and reporting preferred.
• Experience working in financial services, asset management, or other regulated industries preferred.
• Must be able to evaluate technical problems and determine solutions.
• Must have strong written and verbal communication skills.
• Must be able to follow and apply established security policies, procedures, and standards.
• Must be able to read and understand technical manuals and vendor documentation.
• Must be able to manage multiple technical workstreams independently.
• Must be able to maintain professional and effective working relations with supervisors and co-workers.
• Must be able to work flexible hours, including weekends and evenings.
• Must be able to learn new skills and technologies.