There are two openings for a Senior Security Assurance Specialist in our Menlo Park office:
https://www.etradecareers.com/job/6004819/senior-security-specialist-security-assurance-menlo-park-ca/
https://www.etradecareers.com/job/6054494/senior-security-specialist-security-assurance-menlo-park-ca/
THE COMPANY
E*TRADE is a leading financial services company and a pioneer in the online brokerage industry. Having executed the first-ever electronic trade by an individual investor more than 30 years ago, the company has long been at the forefront of the digital revolution, offering easy-to-use solutions for individual investors and stock participants. Founded on the principle of innovation and determined to level the playing field for individual investors, E*TRADE delivers digital platforms, tools, and professional assistance to help investors and traders meet their near-and long-term investing goals. The Company provides these services both online and through its network of customer service representatives and financial consultants – over the phone at two national branches and in-person at 30 E*TRADE branches.
SUMMARY
The Sr. Security Assurance Specialist will help shape and support the Information Security Risk Management program within the Security Assurance group in E*TRADE Corporate Security. The job encompasses leading and participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects. The Sr. Security Assurance Specialist will identify, classify, and document control breaks in the E*TRADE computing environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly report on the information security posture of the organization.
RESPONSIBILITIES
- Lead application security and control assessments and leverage expertise, industry best practice, and corporate policies and standards to evaluate security and control effectiveness
- Effectively report and communicate results and appropriate corrective action to varying levels of management
- Initiate Risk Acceptance Forms for policy or control deviations and identify mitigating controls.
- Use GRC and desktop tools to conduct risk assessments and support various activities, initiatives, and projects.
- Research industry trends, identify ongoing security and control requirements, analyze security risk management tools for continuous improvement
- Contribute to the team knowledge base by participating in appropriate training and providing industry and best practice knowledge.
- Refine process documentation to align with Regulatory requirements and best practices as noted through organizations such as BITS SIG, ISO, NIST, CSA CCM, and COBIT.
- Provide reporting and metrics that ensure the quality of the program’s services are meeting business objectives
REQUIREMENTS
- BS/BA degree or an equivalent combination of education and experience required.
- 5 years of experience in an Information Security position or IT Audit role with a background in performing security risk assessments.
- Training in Risk Management or IT Audit Methodology strongly desired.
- Knowledge of ISO 27000 frameworks, BITS SIG, NIST, or COBIT/SOX IT control testing.
- Knowledge of security and IT general controls for application development and management
- Working knowledge of Agiliance RiskVision, Archer or other commercial GRC software
- High level of professionalism, self-motivation and a strong sense of urgency.
- Excellent organizational, collaborative, written, presentation and verbal skills.