Lead Security Engineer
About us @Symphony
We’ve spent the last 10 years building the financial markets largest, most trusted communication network. Over 500 market participants across the buy-side, sell-side, securities servicing, and beyond. Over half a million users from trading desks to operations and custody teams interacting securely and in real-time on Symphony.
But that was only chapter one. We’re now using our technology foundation to accelerate far beyond secure collaboration to become the standard connective layer that enables more efficient and automated workflows across the industry to bring the future to financial markets.
The opportunity and our ambition are huge. But we need passionate, dedicated individuals to get there. At Symphony we work hard and fast. Our unique blend of technology and financial services makes it an environment you won't get elsewhere.
Role Description:
As a Lead Security Engineer, this resource will be responsible for assessing information risks, identifying opportunities for reducing risk, and facilitating remediation of identified vulnerabilities within organization’s network, systems, and applications.
Reports on findings and recommendations for corrective action. Perform regular Risk and Vulnerability Assessments utilizing various IT Security Tools and Methodologies and reports on findings and recommendations for corrective action. Identify opportunities to reduce risk and document remediation options regarding acceptance or mitigation of risk scenarios.
Facilitate and monitor performance of risk remediation tasks, changes related to risk mitigation & reports on findings. Maintain oversight of IT and vendors regarding the security maintenance of their systems and applications. Provides regular status reports, including metrics and outstanding issues. Assist in all internal and external audits, and regulatory examinations.
Responsibilities:
- Provides oversight and governance of the organization’s Information Security/Cyber Security Program and communicates progress and issues to the Sr. Management;
- Initiates and develops innovative concepts to solve complex challenges with little or no precedent; creates new opportunities to enable the use of new solutions. Serves as a consultant to disseminate specialist information security knowledge and provide conceptual guidance to other senior and high-level technical experts.
- Develop an externally focused view of the evolving threats facing organization.
- Promote awareness of applicable regulatory standards, upstream risks and industry best practices across the organization.
- Primary contact for all internal and external audits, and regulatory examinations.
- Primary contact for customer due diligence and risk assessment inquiries.
- Serve as project manager/lead of risk/compliance related security projects.
- Examine systems and procedures to identify potential adverse events, including but not limited to hardware and software crashes, physical disasters, malicious intruders, malware, denial of service attacks and employee misconduct.
- Identify and manage risks which might occur;
Required Qualifications:
- 7+ years working in IT Risk Management
- Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
- Required: deep knowledge of well-known standards and frameworks (e.g. ISO 27002, NIST Cybersecurity Framework, COBIT, COSO, GDPR). Additionally, knowledge of rules and regulations related to information/cybersecurity (e.g. DFS, FRB, and FFIEC etc.)
- Required: 7+ years’ experience in conducting IT Compliance Assessments (e.g. DFS, FFIEC, ISO, SOC)
- Required: 7+ years’ experience in administering IT Security Controls in an organization
- Required: 7+ years’ experience in performing security reviews and risk assessments
- Understanding of malware, emerging threats, attacks, and vulnerability management
- Experience assisting the development and maintenance of tools, procedure, and documentation
- Prior experience working within a financial service organization preferred.
Compensation:
- Competitive salary
- Bonus Plan
- Benefits and Perks vary based on location.
Benefits and Perks:
- Regional specific competitive benefits
- Build your own Benefits (BYOB) perk
- Many other fun and exciting benefits and activities!
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.
Symphony reserves the right of ownership for all unsolicited resumes submitted for this requisition and is not responsible for any fees associated with unsolicited resumes.