Information Security Consultant

OTC Markets Group, a regulated fintech company, is seeking an Information Security Consultant for a period of 6 months in a full time capacity.

Applicants for this role should have capability to travel to the NYC office whenever required. Responsibilities :

Policy and Procedure Management : Review, update, and enhance all relevant policies and procedures to ensure the company’s compliance with SEC Regulation SCI and ISO 27001 requirements.

Develop and implement new policies as needed to address emerging security threats and regulatory changes.

Risk Management : Assist with organizing and running external risk assessments, ensure proper documentation of identified risks, develop risk mitigation plans and follow through on their implementation.

Implement continuous monitoring strategies with regular reports to senior management.

Access and Identity Management : Enhance and implement procedures for reviewing access authorizations, especially during personnel transfers and third-party engagements.

Enhance controls around privileged system accounts and administrative access. Conduct regular audits to ensure access controls are effective and compliant.

Incident Response and Business Continuity : Enhance and formalize incident response plans, including regular testing and integration with other organizational plans.

Enhance business continuity and disaster recovery plans, ensuring detailed procedures and roles are defined.

Data Protection and Encryption : Implement data loss prevention controls and encryption protocols. Help improve policies for data classification, retention, and destruction.

Conduct regular audits to ensure data protection measures are effective.

Training and Awareness : Maintain a comprehensive security awareness training program, including insider threat and incident response training.

Update training content to address new threats and compliance requirements.

• Vendor and Third-Party Management : Establish and enforce security requirements for third-party vendors. Conduct periodic assessments of vendors and review of applicable CUICs Complimentary User Entity Controls.
• Governance, Risk, and Compliance (GRC) : Enhance and implement a comprehensive GRC framework that integrates governance, risk management, and compliance activities across the organization.

Ensure alignment with industry standards and regulatory requirements and facilitate regular GRC audits and assessments to identify and mitigate potential gaps.

Security Operations : Assist with maintaining the firm’s security tools and daily processes such as security reviews, applications approvals, and change management approvals.

Ensure security operations are aligned with organizational goals and regulatory requirements.

Security Monitoring and Incident Detection : help manage security information and event management (SIEM) systems to monitor network and system activities for signs of security breaches.

Ensure timely detection and response to potential security incidents.

Threat Intelligence and Vulnerability Management : Continuously gather and analyze threat intelligence to stay ahead of emerging threats.

Conduct regular vulnerability assessments and penetration testing to identify and remediate security weaknesses.

Security Incident Response : Assist with the response to security incidents, including investigation, containment, eradication, and recovery.

Maintain detailed incident logs and conduct post-incident reviews to improve response processes.

Security Metrics and Reporting : Enhance and maintain security metrics to measure the effectiveness of security operations.

Provide regular reports to senior management on security posture, incident trends, and areas for improvement. Use metrics to drive continuous improvement in security practices. Requirements :

• Bachelor's degree in Information Security, Cybersecurity, or a related field. Advanced degree preferred.
• Relevant certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Implementer are highly desirable.
• At least 5 years of experience in cybersecurity, information security, information technology, engineering, risk management, compliance or a related field, preferably within the financial services industry.
• Demonstrated experience with regulatory compliance such as SEC Regulation SCI requirements.
• Proficiency with ISO 27001 standard, CIS Benchmarks, risk assessment methodologies, and implementation of security controls.
• Proven successful track record of developing, documenting, and implementing security policies and procedures.
• Excellent risk assessment and management skills.
• Strong knowledge of access and identity management best practices.
• Experience in incident response, business continuity planning, capacity planning and stress testing.
• Demonstrated expertise in managing third-party vendor relationships, including conducting security assessments.
• Familiarity with data protection and encryption technologies.
• Excellent communication with the ability to present complex security issues to senior management and stakeholders.
• Excellent analytical skills with the ability to identify security gaps and develop effective remediation plans.
• High level of attention to detail in documenting and implementing security policies and procedures. The compensation for this position is anticipated between $130-170 / hr.
30+ days ago