My client is a pioneer in the electronic trading industry and is located in New York. I have highlighted the thumbnail sketch , but included a thorough description as well. The salary ranges from 80k - 130k Policy and Control Analyst, Information Risk Management (Security specialist #1404) Description: Reporting directly to the Global Head of Information Risk Management, the position will be responsible for providing strategy on control frameworks and policy throughout The client's Information Risk Management life-cycle. The position will required extensive experience in executing policy-based security programs and implementing information security control frameworks based on international standards, such as ISO17799 (BS7799), or NIST 800-12/14/18, in the Financial Services Industry, but preferably in the Capital Markets industry. The position also requires strong problem solving and communications skills, with the ability to work with a wide variety of people in different areas of competency. This is a significant role, with considerable responsibility and exposure to senior levels within the firm and the candidate will be required to represent the department in a variety of roles. Duties will include: 1. Working with the head of Information Risk Management, experts within Global Risk Management, and beyond, to research, develop and synthesize a definitive information risk management and mitigation strategy for The client; 2. Developing policies and policy frameworks that will form the foundation of The client's Information Risk Management Program; 3. Evaluating, amending and augmenting current information security policies, guidelines and procedures to meet The client's overall risk management requirements; 4. Working with our legal department to develop an understanding of the relevant state, federal and international laws (including EU laws) and co-develop an effective legal strategy for the Information Risk Management program; 5. Working with our Compliance department to analyze regulations for information security implications; 6. Researching current and emerging security management standards, frameworks and best practices, for inclusion into The client's existing framework; 7. Working with our business units and sales divisions to determine customer expectations for information security; 8. Facilitating information risk assessments of new and existing applications and systems; 9. Acting as an IRM representative for incident management; 10. Conducting assessments and evaluations of security management procedures and practices. Skills: The successful candidate will be experienced not only in information security, but also in general information systems control frameworks. An understanding of ISO17799 or equivalent standards is a requirement for this position. An understanding of Internet security issues is expected, as is familiarity with security issues in UNIX-based n-tier client-server environments. Experience in information security management and administration, information systems audit and control and risk assessment is desirable, as is familiarity with laws governing computer misuse, intellectual property and electronic espionage. An understanding of EU Data Protection laws, safe harbor principles and OECD data protection frameworks is particularly sought after. Experience: Experience of information security management within n-tier client server, Internet and e-commerce environments is required, preferably within the Capital Markets industry sector. Education: The successful candidate will most likely have an Information Systems degree or equivalent education/experience. A recognized certification, such as CISSP or CISA would be beneficial. Thank You , James Whittle Digital Market Research Inc 2 Penn Plaza Suite 1500 New York, New York 10121 (212) 292-4990 Phone (212) 292-4992 Fax (732) 618-0595 Cell jwhittleat_private
This archive was generated by hypermail 2b30 : Fri Jun 22 2001 - 15:22:30 PDT