Senior Security & Compliance Specialist
New York, NY
Onsite - IT - Security - Contract - Job ID: 24-00593
Title: Security/Compliance Specialist
Location: New York City (On Site)
Duration: 6+ month contract
Interested and qualified candidates should send an updated resume to firstname.lastname@example.org
- Manage risk assessment, scheduling, scoping, and execution of assessments.
- For all IT security control domains, measure compliance with both external requirements (e.g., contractual requirements with business partners; the SWIFT Customer Security Program) and internal policies and standards. Sample domains include: Logical Access Control, Data Protection (e.g., Encryption), Logging and Monitoring, and System Hardening.
- As part of scoping, identify and justify key control attributes for testing.
- Conduct informational walkthroughs to clarify processes and architectures. Swiftly grasp the underlying technology stack and end-to-end service delivery flows.
- Obtain artifacts to support the assessment of security controls and procedures, using a robust "trust but verify” approach. Proactively send and follow up on all requests.
- Present assessment findings and recommendations to management, concluding on the effectiveness and efficiency of control mechanisms.
- Document assessment results and cogent control process narratives in workpapers.
- Advise IT, Segment, and business partners on security-related risks and control weaknesses. For identified security gaps, contribute to performing business impact analyses and determining appropriate remedies that minimize security threats.
- Articulate the elements of effective and sustainable control design to IT and business partners.
- Design and implement continuous control monitoring mechanisms, collaborating with IT, Segment, and business partners to source and interpret data that reflects the current state of the control environment.
- For targeted controls and systems, facilitate the collection of control attestations and questionnaires.
- Manage inventories and tracking of remediation efforts and compensating controls.
- Stay abreast of compliance and assessment trends within the organization, at suppliers, and from legislators and regulatory bodies.
- IT Auditing experience – In this position, you will audit for regulatory compliance and for contractual compliance.
- Testing the controls against the requirements, if not met work with the owner of the control and provide oversight on the remediation plan and timeline
- This person will audit and test all IT security controls.
TAKE THE NEXT STEP.