Menu

Sr Analyst, Technology Risk and Assurance

at Raymond James Financial, Inc. in Memphis, Tennessee, United States

Job Description

Description

Job Summary:

Coordinates audits, penetration tests, and vulnerability scans of PCI and SWIFT environments. Identifies and leads initiatives to resolve gaps in control environment. Validates and documents remediation of all identified audit findings and identified vulnerabilities through either manual validation, vendor retests, or obtaining evidence necessary to document any identified false positives. Is able to make judgements and recommendations based on the analysis and interpretation of data.

Essential Duties and Responsibilities:

  • Seeks understanding of risks and procedures sufficient to understand the reasons for tasks being performed.
  • Serves as a senior information risk and control advisor, participating in IT processes and activities (e.g., planning, systems development and product selection, etc.).
  • Advises process owners on design and implementation of IT controls (manual and automated) into processes and systems using knowledge of risks and company objectives.
  • Identifies, implements, and maintains processes and tools to support assurance, and compliance, and remediation tracking activities (e.g., testing, maintenance of controls documentation).
  • Managing, influencing and negotiating with senior stakeholders and external vendors.
  • Act as the primary intermediary between external auditors and internal support teams required to execute each audit. Coordinates the fulfillment of all evidence requests and schedules all interviews necessary.
  • Escalates potential audit findings identified during audits to management as appropriate for remediation prior to audit closure.
  • Conducts gap analysis between current control environment and updated PCI-DSS and SWIFT control frameworks as they are published.
  • Leads initiatives in a cross functional setting to close any identified gaps and maintain a continued state of compliance.
  • Coordinates the implementation of any process improvements noted during audits to ensure they are not noted as findings in subsequent audits.
  • Plans and coordinates penetration tests as required to comply with PCI-DSS and SWIFT Customer Security Controls Framework. Includes scoping engagements, ensuring vendors meet all requirements outlined in statements of work, and deconflicting with internal threat response teams.
  • Executes quarterly vulnerability scans per PCI requirements outlined in the PCI-DSS and PCI Authorized Security Vendor Program Guide.
  • Creates tickets for all validated vulnerabilities identified during penetration tests and vulnerability scans for tracking in the enterprise system. Assigns ownership for remediation and ensures action is taken within established SLOs.
  • Validates remediation of all identified vulnerabilities prior to ticket closure through either manual validation, vendor retests, or obtaining evidence necessary to document any identified false positives.
  • Performs other duties and responsibilities as assigned.

Qualifications

Education/Previous Experience:

  • Minimum of a Bachelor’s degree in Computer Science, Cybersecurity, MIS or related degree and five (5) years of relevant experience working with PCI-DSS, SWIFT, ISO 27001, CIS, or other control frameworks.
  • Ability to manage multiple ongoing initiatives necessary to maintain control environments
  • Must have strong analytical skills with the ability to map enterprise policies, standards, and procedures to multiple control frameworks.
  • Experience within a highly regulated environment like Financial Services preferred.
  • Background in audit, SOX compliancE, understanding of security controls based on ISO and NIST standards.

Licenses/Certifications:

  • Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), PCI QSA, or other comparable industry leading certification.

Job: Technology

Primary Location: US-FL-St. Petersburg-Saint Petersburg

Other Locations: US-MI-Southfield-Southfield, US-TN-Memphis-Memphis, US-CO-Denver-Denver

Organization Technology

Schedule Full-time

Job Shift Day Job

Travel No

Req ID: 2102250

Raymond James Bank is an EOE/AA and VEVRAA Federal Contractor

Priority will be given to protected veterans

EOE Protected Veterans/Disability

Copy Link

Job Posting: JC190550603

Posted On: Aug 21, 2021

Updated On: Oct 20, 2021