Senior Director, Technical Information Security Officer
- 51 Mercedes Way, Edgewood, NY
Broadridge, a global fintech leader with over $9 billion in market capitalization, provides communications, technology, data and analytics solutions. We help drive business transformation for our clients with solutions for enriching client-engagement, navigating risk, optimizing efficiency and generating revenue growth.
Broadridge employs approximately 10,000 full-time associates globally with a significant presence in North America, Europe, and Asia. Please visit our website at www.broadridge.com to learn more.
Broadridge is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other status protected by law. Click here to view the -EEO is the Law- poster.
-Our Associates Matter.
Everyone Benefits from Diversity - Inclusion.
Diverse - Inclusive Teams Drive Growth.-
Broadridge is hiring a Technical Information Security Officer in our Long Island, NY location. This is an indivdiual contributor role and you will manage compliance with corporate information and data security policies for the Investor Communication Solutions business unit.
Are you a self-starter and passionate about joining a talented and diverse team? Are looking for a growing and dynamic firm where you can make an immediate impact? If so, we encourage you to read below.Responsibilities:
- You will provide oversight and review for operational risk and application vulnerabilities and propose recommendations for mitigation through the utilization of appropriate information security controls.
- You will also ensure that the business unit complies with all mandated security standards and provide security-related risk assessments and gap analysis.
- Responsible for the execution of information security (IS) risk assessments for applications and infrastructure products and provide feedback on relevant IS documentation and assist with the Software Development Life Cycle integration.
- Deliver security awareness and train associates on technical Information security practices (ex. -train the trainer-, training of developers)
- You will provide weekly / monthly reporting of Open Vulnerabilities to Business, IT Dev, Tech Services, and SSO team with emphases on driving timely remediation
- Address Security Architectural questions from a Security Design Standpoint and guidance on addressing Security risk remediation as well as user and system access.
- Will be point of contact in connection with IT risk assessments and audits (Internal, Client, Third party audits etc.). Assist in establishing and implementing control frameworks (ex. ISO, GDPR, NIST, SSAE, HIPAA, PCI) capturing evidence, and reporting the state of information security within the business.
- Act as a liaison between the Information Security Governance, Risk and Compliance organization and their respective IT/business unit
- Assist in collecting metrics of security initiatives in the respective IT/business areas
- Coordinate among IT Development group the annual Application Inventory update in Archer
- Assist in closing Critical, High and medium White Hat and Executive Summary Scan Vulnerabilities with IT Dev group
- Set up new applications for comprehensive security assessments including CheckMarx scanning and third party scanning.
- You have a Bachelor's degree in Computer Science with a minimum 10 years' experience with either Big 4 Consulting Firm or in a Corporate Information Security function
- Experience developing and communicating security vision, strategy, standards, and roadmap.
- Must have sound knowledge in application security weaknesses and vulnerabilities, remediation and mitigation techniques, and secure coding practices
- Prior work experience on application security tools such as Checkmarx, Fortify, HP Web Inspect, web proxies (Web Proxies, and at least one SAST and DAST tool)
- Familiarity with SDLC (Waterfall and Agile), DevOps, Cloud Security and Enterprise Architecture models as they pertain to security.
- Comprehensive knowledge of at least two programming languages -- ASP, .NET, Java, C# etc.
- Strong understanding of OWASP (Open Web Application Security Project) Testing methodologies
- Analysis of scan results and vulnerability triage
- Conduct manual code reviews and provide vulnerability analysis (manual secure code review experience is must)
- Practical knowledge across multiple security domains, such as identity and access management (IAM), Log Correlation tools, DLP, public-key encryption, secure network and system architecture, threat - vulnerability management.
- Ability to quickly and succinctly review technical solution documentation and provide solution maturity recommendations from a security standpoint.
- Work with development teams to review findings and provide code level remediation advice (if required)
- Consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, etc.).
- Desired, one or more of the following certifications: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), plus Certified Information Systems Security Professional (CISSP).
All your information will be kept confidential according to EEO guidelines.