Senior Information Security Auditor (HA-12349719) Manhattan, New York

The Information Security Auditor will join the IT Audit and Compliance team and will be responsible for handling Information Security Audits, ensuring security compliance, and serving as a link to security to the business and clients. This individual will conduct internal business unit risk assessments and vendor/third-party audits. You will also partner with Legal and Compliance on possible regulatory issues and proper use of the client’s product line, which involves working with business units to determine security measures and monitor/follow up on policy violations. Successful candidates will stay current on security and privacy legislation, regulation, and advisories.

Required Skills:

5-7 years of experience within IT/audit/ information security in the financial industry.

Experience in information security architecture, technical and business compliance controls assessments

Knowledge on the appropriateness of Segregation of Duties in financial applications and conducting such reviews.

Identifying and assessing security controls within financial trading systems including front and back office operations

Experience with Business Continuity and Disaster Recovery Planning and Audit.

Excellent written, oral communication and presentation skills

Ability to communicate and interact with senior management in an advisory/consultative manner

Some business travel required to accommodate onsite audits and/or reviews

FISMA, HIPAA, Payment Card Industry Data Security Standard (PCI DSS), GLBA, SOX, etc

Working knowledge and experience in policy and regulatory environment of information security

Virtualization and Cloud technology

Strong project management skills and be able to work in a fast-paced environment

Ability to work well in a team environment as well as independently

Duties

Perform a risk assessment from a technical and business process standpoint based on a gap analysis of the current state of the company’s transactional trading products.   

Organizing and leading walkthroughs with technical and business personnel to understand the flow of data 

Document the walkthroughs and identify the key technical and business controls.

Assess the key controls identified during the walkthroughs

Document and evaluate automated and manual application controls within the financial applications

Create findings and recommendations based on the controls assessment

Summarize the findings and present the results of the audit to executive management

Education/ Certifications/ Experience

Bachelors with 5-7 years of work experience or 5 years with advanced degree (MIS, Information Security, or related)

 Minimum of 3 years in Information Security Audit / IT Audit /Compliance

Technical: CISSP, CISA or CISM 

 Financial: FINRA (i.e. Series 7, Series 63 or other) a +

If you meet the above requirements, please apply to Shelley Leeman at Huxley Associates.