POSITION SUMMARY The Financial Services Information Sharing and Analysis Center (FS-ISAC) is a non-profit corporation that was established in 1999 and is funded by its member firms. The FS-ISAC is a member-driven organization whose mission is to help assure the resilience and continuity of the global financial services infrastructure and individual firms against acts that could significantly impact the sector’s ability to provide services critical to the orderly function of the global economy. The FS-ISAC shares threat and vulnerability information, conducts coordinated contingency planning exercises, manages rapid response communications for both cyber and physical events, conducts education and training programs, and fosters collaborations with and among other key sectors and government agencies.
As one of the premier ISAC’s, the FS-ISAC has a history of innovation and delivering valuable products and services to our members to help achieve our mission. To ensure our members are continuously aware and prepared for today’s threats and tomorrow’s challenges, the FS-ISAC is seeking a CONSULTANT, INFORMATION SECURITY to provide information security consulting for the organization.
JOB DESCRIPTION The position of Consultant, Information Security ensures the appropriate operational security posture is maintained for specific information systems; developing and updating system security plans; managing and controlling changes to specific systems and assessing the security impact of those changes; incident handling; and development of information system security documentation, policies, and procedures.
RESPONSIBILITIES • Responsible for assisting the CISO with building security operations, administration of logical and physical access, monitoring of threats against the organization and membership, vulnerability management, intrusion detection/prevention, malware detection/prevention/analysis, data loss prevention, forensics, incident response, key management, and event logging/correlation. • Responsible for assisting the CISO in the management and refinement of the continuity of business/disaster recovery program of the organization working closely with the IT and Business Resiliency to facilitate. • Assist with development of information security policies, processes and procedures in support of the information security office.
DESIRED SKILLS AND EXPERIENCE: • Current certification with CISSP, CISM, GSEC, etc. • Exceptional knowledge of cyber security practices and capabilities. • Knowledgeable of security standards (NIST, COBIT, ISO 27001, etc.) • Security operations experience working in/leading a SOC, Fusion Center, NOC, etc. • Strong working knowledge of global threat landscape from both a physical and cyber perspective. • Ability to manage outsource providers in a MSSP relationship (Vendor Management) to include contract management, SLA management, event resolution, escalations, etc. • Working knowledge/experience in developing cloud security capabilities • 5+ years of experience of developing information security policies and procedures. • 5+ years of use of end point solutions, firewall configuration, and CISecurity baselines. • Knowledgeable in primary risk management philosophies. • Exceptional ability to manage multiple projects and priorities across multiple time zones and countries in a fast-pace and dynamic environment. • Superb interpersonal skills and ability to work with a highly diverse and global staff. • Global work experience & Multi-cultural knowledge a plus.
REQUIRED EXPERIENCE: • Cyber Security, Threat Intelligence, Vulnerability Management, Business Continuity, Security Operations, Security Architecture and Design, Identity & Access Management, Risk Management, Compliance & Audits, Business Enablement: +5years
REQUIRED EDUCATION: • Bachelor's Degree in Computer Science, Business, Engineering, or related field. • Master's degree or equivalent work experience preferred.
LOCATION: • This position will be based in our Reston, VA global headquarters
FLSA: This is a full time exempt position.
Financial services company that provides information to the financial sector relating to cybersecurity and sharing.