Information Security Lead

A major client of ours, in the financial industry, has a need for an Information Security Lead for their Hauppauge, NY office. This is a permanent position and it is onsite.

Information Security Lead

• Work with IT and Risk Management departments and various business units to plan, coordinate and develop recommendations for all aspects of information security policies and procedures in order to oversee that system monitoring activities of the IT NSOC (Network Security Operations Center), comply with company information security policies.
• Fulfill security monitoring oversight functions in support of company information security program.
• Oversee log and entitlement reviews of critical systems to protect company information assets from internal and external threats.
• Ensure standard operating procedures are maintained within control environment to effectively protect company information
• Oversee regular vulnerability testing/assessment, social engineering testing, and security evaluations are performed to evaluate the effectiveness of existing controls, including periodic penetration testing of critical information systems.
• Use metrics to measure, monitor and report on effectiveness and efficiency of information security controls and compliance with information security policies, in order to support the annual information security risk assessment.
• Assist in development, maintenance, and testing of policies, standards, processes, and procedures to assess, monitor, report, escalate and remediate information security risks and related compliance issues.
• Work with business units, Internal Audit, vendors, and other systems professionals to ensure policies and procedures are being complied with and to develop recommendations for improvements, ensure that compliance issues and other variances are resolved in a timely manner, and actively apply innovative solutions to advance companies information security goals.
• Participate and help coordinate the implementation and roll-out of Information Security systems and software within to verify that company systems are in compliance with Information Security Policies.

• 3+ years of related experience
• Bachelor's degree
• Knowledge of financial services regulatory requirements (FFIEC, GLBA, NYSDFS), and industry standards (NIST, ISO 27001/2).
• Hands-on experience with DLP Prevention tools such as enterprise security tools (i.e., SIEM, vulnerability scanners, firewalls)
• Knowledge of banking operations and bank policy and procedure development.
• CISSP (or comparable certification) preferred or expected within one year of hire.
• Hands-on experience with enterprise DLP tools (i.e., Varonis, O365 Defender) a plus.
• Experience with Palo Alto, FortiNet EDR, and Darktrace technologies a plus.
• Proficiency with industry standard information security testing and evaluation techniques. Use of Vulnerability Management and Penetration testing tools, (e.g., Rapid 7, Nessus, NMAP, Kali Linux,) a plus.
• Excellent oral and written communication skills.
• Ability to work outside of normal business hours on occasion.
• Superior knowledge of Microsoft Office and database management software.
• Knowledge of computer programs, databases, and systems used in the banking/financial services sectors.

Nesco Resource offers a comprehensive benefits package for our associates, which includes a MEC (Minimum Essential Coverage) plan that encompasses Medical, Vision, Dental, 401K, and EAP (Employee Assistance Program) services.

Nesco Resource provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.