Job Description Our client, an international global bank located in NYC, is looking for a Cyber Security Information Risk Engineer to be responsible for ensuring that Information Security systems are configured, deployed, and maintained in accordance with the client's polices and standards. Participate in Cyber Security and Risk Management technical research, and development. Perform enhancements of existing security solutions, PoCs of new security solutions, engineering, implementation and detailed documentation of these solutions using industry's best practices and defining project requirements and documents. PLEASE NOTE Candidates must be able to work without Visa transfer. THE DAY TO DAY RESPONSIBILITIES Engineerarchitect cybersecurity solutions and best practices. Subject Matter expert with IAM, Cloud Security, Data Security, Network Security, Encryption, Privileged Access Management, Federation. Developmaintain log analysis solutions and data collection and aggregations, data normalization, and reporting. Reviewanalyze security logs and create Use Cases. Contribute to workflow or process changeredesign. Coordinateperform security audits and vulnerability assessments. Work with internal IT Application, Infrastructure, Network and Support teams. Development of security roadmap and communicate vision to senior management and technical departments. Developmaintain documentation for security system procedures and processes. Develop awareness training for new and existing employees. Testing to evaluate new products for network and system security controls. Create, maintain and execute required Test Case scenarios and Use Cases Develop project presentations for status reporting, negotiations, and decision making appropriate for a range of audiences. Monitor data quality, assist in collection of data for Risk Management Auditors. THE SKILLS YOU NEED TO GET THE JOB 7+ years architecture, implementation and design experience required of global scalable security solutions. Strong expertise with the following technologies and solutions Identity and Access Management Governance Endpoint Detection Response Privileged Access Management Implementation Information Security Risk Assessments of CloudThird-Party vendors Information Security Awareness Training Solutions Next Generation Firewalls Vulnerability Scanning Management Threat Hunting Incident Response Web and Email Security appliances GRC platform experience System vulnerability and Security monitoring tools Application security risk assessment tools Strong skills in the following Enterprise Information Security i.e. Perimeter security, Identity Management Governance, Privileged Account Management, Compliance, Penetration Testing, Encryption, Cloud Security, Incident Response, Vulnerability Management Implementing SANSCIS Top 20, NIST CSF, 800-53, ISO27001 controls. Incident Response using MITRE ATTCK and Cyber Kill Chain frameworks along with Threat modeling. Cloud and third-party risk assessments. Cloud Security - AWSAzure, Incident Response SIEM administration and management - create Use Cases and managing log sources. Packet analysis using wiresharktcpdump. Advanced in process documentation, flow charting, re-engineering. Unix, Linux and Windows Security principles and MS Active Directory PythonBashPowerShell scripting. Gap analysis - in depth understanding of regulatory guidelines, standards and best practices related to CIS Top 20, ISO and NIST CSF frameworks. Certifications - one of the following CISSP, CISM, CCSP, OSCP, GIAC GCIH, GCTIA, GDSA or equivalent. Bachelor's degree in Information Security, Computer Science or related field required DESIRED Experience with ELK stack a plus. Understanding of OWASP Top 10 highly desired.