12 days old

Director of Information Security

Rockville, MD 20850
  • Job Code

CAT (Consolidated Audit Trail) is a comprehensive system allowing regulators to efficiently and accurately track all activity throughout the U.S. markets in National Market System (NMS) securities. CAT is one of the largest data repositories globally, containing a complete record of all equities and options traded in the US and customer and account information for all US-based investors. The Director of Information Security is responsible for managing cyber and information security of the CAT system. This includes managing compliance with security-related regulatory and contractual requirements, ensuring that security controls are well designed and effectively implemented, and creating and enforcing policies, standards, and procedures that ensure the security of CAT and the sensitive data maintained within. The Director of Information Security reports to the FINRA CAT CISO.

The successful candidate will be responsible for, and will exhibit knowledge and experience with:

  • Driving the selection, implementation, and operation of security controls necessary to achieve confidentiality, integrity, and availability goals all layers of the technology stack, to include specific experience securing systems built on AWS.
  • Managing and driving implementation of security controls and resolution of security defects in an agile, DevOps environment across multiple independent project development and operations teams.
  • Ensuring compliance with applicable security laws, rules, regulations, contract provisions, policies, standards, procedures, and guidelines, including NIST SP800. Ensuring that security controls are implemented and operated consistent with these compliance objectives.
  • Monitoring security controls in a continuous manner across all system layers and effectively addressing alerts and discrepancies. Defining indicators of compromise and responding to potential and confirmed security incidents. Ensuring that security controls and processes operate as intended and in compliance with established policies and standards, as well as identifying and respond to security anomalies including misuse or abuse of access to sensitive data.
  • Identifying, tracking, and managing security risks at all system and organization layers, and driving their timely resolution, in accordance with established risk management policy.
  • Evaluating, recommending, managing, and monitoring third parties to ensure security risks arising from third party dependencies are well managed.
  • Monitoring the evolution of industry best practices related to cyber and information security and making compelling recommendations for security enhancements.
  • Other duties and obligations as assigned by the CISO.

Education/Experience Requirements:

  • Advanced working knowledge of cyber and information security standards, frameworks, technologies, control strategies, and compliance practices, with special emphasis on control strategies applicable to AWS-based architectures.
  • Direct practical experience specifying, configuring, and monitoring technical security controls for a variety of AWS services, such as S3, EC2, EMR, RDS, and Lambda. Candidate should have thorough knowledge of and experience with applying AWS security best practices, the security features available in AWS services, and third-party security controls that can be effectively employed in the AWS ecosystem.
  • Direct practical experience with secure SDLC controls and processes, including threat modelling, security requirements specification, static code analysis, and software vulnerability testing. Experience should include defining software security requirements and corresponding test criteria.
  • Threat hunting experience, including experience with SIEM tools such as Splunk, and behavioral analytics.
  • Knowledge of and experience working with government and industry security standards frameworks commonly used in the financial services industry, especially NIST SP800.
  • Demonstrated success with managing projects dependent on a complex set of stakeholders.
  • Strong verbal and written communication skills
  • Excellent judgment and interpersonal skills

Required Experience

  • 10+ years of cyber and information security experience with preference for financial services industry experience.
  • Significant experience defining and implementing security controls for AWS-based systems.

Required Education / Certifications

  • Bachelors degree in a related discipline
  • ISC2 Certified Information System Security Professional (CISSP) certification (or commitment to obtain within 6 months.)

Working Conditions:

Normal office environment located in Rockville, Maryland. Work outside of business hours and some travel may be required.

To be considered for this position, please submit a cover letter and resume. A writing sample may be required as part of the submission.

The information provided above has been designed to indicate the general nature and level of work of the position. It is not a comprehensive inventory of all duties, responsibilities and qualifications required.

Please note: If the Apply Now button on a job board posting does not take you directly to the FINRA Careers site, enter www.finra.org/careers into your browser to reach our site directly.

FINRA strives to make our career site accessible to all users. If you need a disability-related accommodation for completing the application process, please contact FINRAs accommodation help line at 240.386.4865. Please note that this number is exclusively for inquiries regarding application accommodations.

In addition to a competitive salary, comprehensive health and welfare benefits, and incentive compensation, FINRA offers immediate participation and vesting in a 401(k) plan with company match. You will also be eligible for participation in an additional FINRA-funded retirement contribution, our tuition reimbursement program and many other benefits. If you would like to contribute to our important mission and work collegially in a professional organization that values intelligence, integrity and initiative, consider a career with FINRA.

Important Information

FINRAs Code of Conduct imposes restrictions on employees investments and requires financial disclosures that are uniquely related to our role as a securities regulator. FINRA employees are required to disclose to FINRA all brokerage accounts that they maintain, and those in which they control trading or have a financial interest (including any trust account of which they are a trustee or beneficiary and all accounts of a spouse, domestic partner or minor child who lives with the employee) and to authorize their broker-dealers to provide FINRA with duplicate statements for all of those accounts. All of those accounts are subject to the Codes investment and securities account restrictions, and new employees must comply with those investment restrictionsincluding disposing of any security issued by a company on FINRAs Prohibited Company List or obtaining a written waiver from their Executive Vice Presidentby the date they begin employment with FINRA. Employees may only maintain securities accounts that must be disclosed to FINRA at one or more securities firms that provide an electronic feed (e-feed) of data to FINRA, and must move securities accounts from other securities firms to a firm that provides an e-feed within three months of beginning employment.

You can read more about these restrictions here.

As standard practice, employees must also execute FINRAs Employee Confidentiality and Invention Assignment Agreement without qualification or modification and comply with the companys policy on nepotism.

Search Firm Representatives

Please be advised that FINRA is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, a valid written agreement and task order must be in place before any resumes are submitted to FINRA. All resumes submitted by search firms to any employee at FINRA without a valid written agreement and task order in place will be deemed the sole property of FINRA and no fee will be paid in the event that person is hired by FINRA.

FINRA is an Equal Opportunity and Affirmative Action Employer

All qualified applicants will receive consideration for employment without regard to age, citizenship status, color, disability, marital status, national origin, race, religion, sex, sexual orientation, gender identity, veteran status or any other classification protected by federal state or local laws as appropriate, or upon the protected status of the persons relatives, friends or associates.

FINRA abides by the requirements of 41 CFR 60-741.5(a). This regulation prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.

FINRA abides by the requirements of 41 CFR 60-300.5(a). This regulation prohibits discrimination against qualified protected veterans, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified protected veterans.

2019 FINRA. All rights reserved. FINRA is a registered trademark of the Financial Industry Regulatory Authority, Inc.

Posted: 2020-01-08 Expires: 2020-02-06
Sponsored by:
Farm Credit Services of America Logo
Sponsored by:
Bank of America Logo

Featured Jobs[ View All ]

Featured Employers

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Director of Information Security

Rockville, MD 20850

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast