Cloud Security - Risk Analysis - Lead Associate

Cloud Security - Risk Analysis - Lead Associate

Vacancy expired!

Job Description

• Serve in a Lead role in the implementation of cyber security-related internal governance processes, including issue reporting, issue management, policy/standard review, risk identification, risk assessment, and risk monitoring
• Assess, respond to and escalate risks, potential gaps, and observations associated with ongoing cloud security controls monitoring as appropriate
• Identify risks, potential gaps and observations resulting from security control assessments and testing against cloud security controls as appropriate
• Refine governance processes as needed to achieve desired outcomes
• Demonstrate thought leadership and manage ambiguity by applying a thorough understanding of cyber security and risk management objectives to specific examples to determine desired outcomes
• Collaborate and interface with InfoSec, COO and risk partners to document, track, and manage cloud security vulnerabilities and issues
• Ensure organizational policies, standards and processes for managing and dispositioning risk are enforced
• Contribute to the requirements analysis and design of reports and tools used in security control assessments and ongoing control monitoring

Minimum Required Experiences

• 4 years

Desired Experiences

• Bachelor degree or equivalent

THE IMPACT YOU WILL MAKE
The Cloud Security - Risk Analysis - Lead Associate role will offer you the flexibility to make each day your own, while working alongside people who care so that you can deliver on the following responsibilities:
As a valued colleague on our team, you will provide expert advice on risk monitoring and reviews for the organization, coordinate risk mitigation activities, and provide risk mitigation assistance to other groups.

Qualifications

• One or more security-related industry certifications (Security+, CISSP, CCSP) required
• AWS Associate-level certification or equivalent experience with- and knowledge of the AWS Cloud environment required
• Prior experience in an information security-focused role using the AWS Cloud strongly preferred
• Familiarity with cyber security industry frameworks (FedRAMP, NIST SP 800-53, CIS Benchmarks, other compliance frameworks) required
• Strong working knowledge of NIST 800-53 security and privacy controls preferred
• Experience performing control assessments, identifying control gaps, and assisting management with conducting root cause analysis preferred
• Demonstrated vulnerability and risk management experience and strong knowledge of related best practices / frameworks (e.g., NIST Cybersecurity Framework and Risk Management Framework, COBIT 5, ISO) are a plus
• Strong written and oral communications skills and attention to detail are a must
• Demonstrated ability to work collaboratively with teams across an enterprise is a must
• Certifications and/or experience with Azure and/or Google cloud environments are a plus
• Prior experience creating and/or designing dashboards and reports which demonstrate compliance with internal and external/regulatory requirements is a plus

THE EXPERIENCE YOU BRING TO THE TEAM

• Guide team in monitoring and identifying risks to a group or the organization.
• Lead and coordinate team activities with regard to risks across groups.
• Analyze risks and lead discussions to brainstorm solutions.
• Lead teams and business groups on risk mitigation strategies.
• Implement plans or decisions to avoid risks or mitigate their impact.
• The group of skills related to Communication including communicating in writing or verbally, copywriting, planning and distributing communication, etc.
• Skilled in the graphical representation of information in the form of a charts, diagrams, pictures, and dashboards with programs and tools such as Excel, Tableau, or Power BI
• Skilled in presenting information and/or ideas to an audience in a way that is engaging and easy to understand
• The group of skills related to Operational Excellence including improving and overseeing operations
• The group of skills related to Risk Assessment and Management including evaluating and designing controls, conducting impact assessments, identifying control gaps, remediating risk, etc.
• Skilled in cloud technologies and cloud computing
• The group of skills related to Relationship Management including managing and engaging stakeholders, customers, and vendors, building relationship networks, contracting, etc.
• Adept at managing project plans, resources, and people to ensure successful project completion
• Experience identifying measures, or indicators of system performance, and the actions needed to improve or correct performance to achieve desired outcomes
• The group of skills related to Security including designing and evaluating security systems, identifying security threats, securing computers, assessing vulnerability, etc.
• Determining causes of operating errors and taking corrective action
• Experience in using and maintaining password management software such as Duo, IAG NuID, and/or Ping Identity
• Experience gathering accurate information to explain concepts and answer critical questions
• Experience in the process of analyzing data to identify trends or relationships to inform conclusions about the data
• Expertise in service management concepts for networks and related standards such as ITIL practices or SDLC
• Working with people with different functional expertise respectfully and cooperatively to work toward a common goal
• Experience identifying and determining levels of risk to an organization's networks and systems using cybersecurity techniques and tools such as penetration testing, application security, and intel
• Skilled in documentation and database reporting for the purposes of analysis, data discovery, and decision-making with the use of relevant software such as Crystal Reports, Excel, or SSRS
• Skilled in establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information
• The group of skills related to Governance and Compliance including creating policies, evaluating compliance, conducting internal investigations, developing data governance, etc.
• The group of skills related to Influencing including negotiating, persuading others, facilitating meetings, and resolving conflict
• The group of skills related to Programming including coding, debugging, and using relevant programming languages
• Ability to frame ideas as systems and analyzing the inputs, outputs, and process
• The group of skills related to Product Development including designing products, developing product roadmaps, translating design requirements, prototyping, etc.
• Skilled in Python object-oriented programming
• Experience using SIEM (security information and event management) software
• Experience using RiskWorks
• Skilled in Ping Identity
• Skilled in ServiceNow to manage digital workflows
• Skilled in Active Directory
• Skilled in Excel
• Skilled in using virtualization software such as Microsoft Hyper-V, VMWare vSphere, or Citrix XenDesktop
• Skilled in Amazon Web Services (AWS) offerings, development, and networking platforms
• Experience using APIs for developing or programming software
• Skilled in VPN software and encrypting data
• Skilled in Tableau
• Experience managing Google Duo
• Experience using scheduling software to book events
• Experience using CyberArk
• Skilled in SQL

Additional Information

The future is what you make it to be. Discover compelling opportunities at careers.fanniemae.com.

Fannie Mae is an Equal Opportunity Employer, which means we are committed to fostering a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, religion, national origin, gender, gender identity, sexual orientation, personal appearance, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation in the application process, email us at [emailprotected]