Information Security Analyst

Location: 
Morristown, NJ/ New York, NY/ Pittsburgh, PA
Division/Department: 
ACA Risk

ACA Compliance Group (“ACA”) is a leading provider of regulatory compliance products and solutions, cybersecurity and risk assessments, performance services, and technology solutions to regional, national, and global firms in the financial services industry. With offices worldwide, ACA clients include leading investment advisers, private fund managers, commodity trading advisors, investment companies, and broker-dealers.

Position Objective:

The individual will be primarily responsible for supporting the vendor management programs of clients and assisting with the completion of cybersecurity assessment-related tasks. The individual in this position is also responsible for supporting senior colleagues with information security risk assessments, reporting, and related client activities.

Summary of Responsibilities:

• Under supervision, assist with conducting technical reviews of IT systems and audit security controls

• Analyze responses and submitted IT audit and related documentation, and align responses to various risk frameworks (COBIT, NIST, SANS)

• Identify controls gaps, vulnerabilities, exploits, patches to generate issue lists and mitigation recommendations

• Develop Visio diagrams for data flow, process mapping and related documents

• Facilitate vendor due diligence workflow, including initiation, follow-ups, and completion of questionnaires

• Execute ongoing testing, gap analysis of information security-related policies, practices, and procedures, as well as perform tasks related to monitoring a vendor’s IT infrastructure according to established guidelines

• Generate initial draft of vendor risk baseline report

• Assist with vendor on-site reviews and draft reports documenting the on-site findings

• Document and generate comparison matrices between IT/cyber vendors and services

• Coordinate vendor product demos

• Assist with the research, review, development and/or enhancement of client-facing information security policies and technical risk documentation, as well as white paper content and/or training programs

• Assist with creating content for cybersecurity and IT-risk related email alerts

• Assist with the design of and production of phishing campaign email templates

• Assist with content generation for division webinars, in-person sales, training, and marketing technical presentations

Qualifications: 

Summary of Minimum Qualifications and Knowledge Requirements:

• Associate degree in information technology, computer science, information security and assurance, or similar program; relevant certification (ISC(2), SANS GSEC/GICSP or CompTIA Security+/A+/Network+); or equivalent combination of education, training, and experience preferred

• At least one year of practical experience in the areas of information security

• Knowledge in network architecture and security controls as well as current and emerging information security threats

• Ability to identify information security risks to the confidentiality, integrity and availability of information systems and client data

• Familiarity with compliance regulations and security frameworks (SOX, PCI, GLBA, COBIT, FINRA, ISO, NIST,)

• Experience with risk and threat assessment, control auditing, vulnerability analysis, information gathering, correlating and reporting

• Experience with information technology systems: Windows Server 2003/2008, Windows 7/8/10, Mac OS, Active Directory, LINUX/AIX/UNIX, TCP/IP, LAN/WAN, VPN, NAC

• Knowledge of operation risk assessment methodology, mitigation development, monitoring and reporting

• Technical knowledge and experience in network architecture, design, and configuration as well as network routing, firewalls, intrusion detection systems, VPN, internet filtering, anti-virus technology, application security, secure email gateways, and PCI and GLBA compliant environments

• Familiarity with compliance regulation, tools, and technology vendors used in the investment banking space preferred

• Ability to discuss complex technical issues

• Demonstrated professional integrity

• Dependable, flexible, and adaptable to new ACA initiatives and changing client needs

• Ability to work well in a fast-paced, small-team environment

• Ability to work independently, multi-task and prioritize effectively

• Ability to establish and maintain effective working relationships with colleagues and clients

• Highly motivated and goal oriented; proactive in one’s own education and career progression; volunteers for and shows initiative on both internal and external projects and tasks

• Dedicated to upholding ACA’s high quality standards and customer service focus

• Strong organizational and problem-solving skills with attention to detail

• Strong oral and written communication skills • Proficient with Microsoft Office applications, Adobe Acrobat, Visio and the Internet

• Willing to travel - up to 20 percent

• Available for client work and/or travel Monday through Friday on a general basis, including occasional nights and weekends

Compensation and Benefits: 

Compensation:

Compensation, which will be competitive and commensurate with experience, will include a base salary and may include a discretionary bonus.  ACA offers a comprehensive benefits package.

Application: 

Interested candidates should apply to the ACA ADP Workforce Now Career Page

ACA is an equal opportunity employer and does not unlawfully discriminate against current or prospective employees on the basis of race, color, religion, sex, age, national origin, pregnancy, familial status, marital status, sexual orientation, gender identity, disability, veteran status, citizenship, ancestry, genetic information, or any other characteristics prohibited by law.