Job Description
What you’ll do:
The Lead Security Engineer is responsible for managing the Security Engineering team, overseeing their work, and engaging with stakeholders outside the immediate group. This role involves promoting Baseline Security Configuration requirements for on-premises applications, cloud services, and SaaS applications. This individual will leverage their expertise in security and technology, along with strong communication and problem-solving skills, to guide the team and effectively collaborate with stakeholders.
How you’ll make an impact:
- Enhance Security Protocols: Develop and implement advanced security measures to protect sensitive financial data, ensuring compliance with industry standards and regulations. This will significantly reduce the risk of data breaches and cyber threats.
- Team Leadership and Development: Mentor and lead a team of security engineers, fostering a culture of continuous improvement and professional growth. By providing guidance and training, they will enhance the team’s overall effectiveness and capability to respond to security incidents.
- Strategic Security Planning: Collaborate with senior management to design and execute a comprehensive security strategy that aligns with the institution’s goals. This proactive approach will help anticipate potential threats and ensure the Bank’s long-term security posture.
What you can expect:
- Provide direction, guidance, instruction, and leadership to members of the Security Engineering team.
- Effectively coach and manage the individual performance of team members, including conducting regular performance reviews and identify/provide professional development opportunities.
- Collaborate with different areas of IT in order to provide security and business technology solutions for the Bank.
- Develop and enforce security policies, standards, and procedures.
- Act as a point of escalation for issues relating to security controls or tools
- Collaborate with second and third line of defense teams to identify, assess and remediate security risks in a timely and effective manner.
- Assess, communicate and provide expert analysis of vulnerability risk
- Effectively lead agile and scrum practices, such as sprint reviews, refinements and standups.
- Plan out work with team utilizing agile frameworks
- Ensure compliance with industry standards and regulatory requirements.
- Stay updated with the latest security technologies, threats, and industry trends.
- Provide technical guidance and support for security-related projects.
- Educate employees on information security best practices.
What you’ll bring:
- 7+ years experience in Cybersecurity as a practioner, with at least 2-3 years exposure with AWS or Microsoft Azure.
- Experience writing documentation ranging from deep technical write-ups to end user guides.
- Experience with leading team through coaching and by example
- Bachelor’s degree or equivalent experience in Computer Science, Information Technology, Cybersecurity, or related field. Relevant security certifications (CISSP, GSEC, CCSP, etc.) are highly desirable
- Strong leadership and team management skills.
- Initiative-taking and self-directed, well-organized, and able to position controls in anticipation of threats.
- Experience with scripting languages such as Python, Ruby, PowerShell, and JavaScript.
- Experience and understanding of various regulatory requirements and laws, including but not limited to: Sarbanes-Oxley Act (SOX), and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in one or more of the following: CIS, ISO 27001/2, ITIL or NIST.
- History of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
- Gives and receives effective feedback across all interactions.
- Ability to address conflict with peers and others in the organization.
- Strong attention to detail and commitment to delivering quality solutions.
- Knowledge of IT security controls and IT infrastructure, especially IAM processes.
- Outstanding communication skills (verbal, written, visualization). This role requires the ability to communicate difficult concepts clearly and the desire to listen to understand.
