This Senior Cyber Security and Information Risk Engineer supports front office is a market maker for swaps, including interest rate, currency and commodity swaps and related derivative products in NYC. It maintains its own middle and back-office functions, including Risk Management, Compliance, Systems, Finance, and Operations. The Senior Cyber Security Information Risk Engineer will be responsible for ensuring that Information Security systems are configured, deployed, and maintained in accordance with our polices and standards. This position requires participation in technical research and development to enable continuing innovation for Cyber Security and Information Risk management. Responsibilities Focuses on hands on engineering and architecting cybersecurity solutions and ways to protect the firm from various threat actors. Performs as the Subject Matter expert focused in multiple technologies within the Security arena (IAM, Cloud Security, Data Security, Network Security, Encryption, Privileged Access Management, Federation etc.). Establishes a strategic security architecture vision, including standards and frameworks for medium to large enterprises. Develops and maintains log analysis solutions, including data collection and aggregations, data normalization, and reporting. Review and analysis security logs from a wide variety of sources. Creating use cases to ensure visibility across various logs sources for potential incidents. Experience with ELK stack a plus. Contribute to workflow or process change and redesign, and to form a strong basic understanding of the specific product or process May also be accountable for regular reporting or process administration as owner. Coordinate and perform security audits and vulnerability assessments to assess internal security procedures and compliance requirements. Work with relevant internal IT Application, Infrastructure, Network and Support teams to ensure that security controls are implemented at all significant layers, test those controls and perform gap analysis to find areas of improvement. Strong understanding and hands on implementation experience with SANSCIS Top 20, NIST CSF, 800-53, ISO27001 controls. Strong Incident Response skillset using MITRE ATTCK and Cyber Kill Chain frameworks. Being able to conduct threat modeling in order to determine major threats facing the firm. Good understanding of Zero Trust principles. Strong Information Security Risk Assessment experience conducting cloud and third-party risk assessments. Develop and maintain documentation for security systems procedures and processes. Develop security awareness training for new and existing employees. Participate in information security working groups. Perform testing to evaluate new products for network and system security controls. Maintain logging and monitoring standards, technical investigative techniques and reporting. Supporting offensive architecture analysis and design of defense-in-depth solutions. Participate in the development of the security roadmap and communicate the Technology Security vision to senior management and technical departments. Works with and or leads internal implementation teams and internal business organizations to define, document, and present project requirements. Coordinates with project team the implementation, upgrade and maintenance of security solutions. Assists in the coordination of troubleshooting activities to resolve business process issues and the successful transition of implementations from development and testing through production and post-implementation support. Throughout project lifecycle, tracks and manages project progress against plan schedules, budgets, technical needs, resource requirements, capacity plans and the goals of the business. Creates, maintains and executes required test case scenarios and use cases to verify requirements. Develops project presentations for status reporting, negotiations, and decision making appropriate for a range of audiences. Mentor junior team members and inspire them to take on challenging tasks within the department. Monitors data quality and assists in the collection of data for Risk Management and internal auditors. Qualifications 10-12+ Years of hands on architecting, implementation and design experience required, designing globally scalable security solutions. Strong knowledge of enterprise Information Security pillars (Perimeter security, Identity Management and Governance, Privileged Account Management, Compliance, Penetration testing, Encryption, Cloud Security, Incident Response, Vulnerability Management). Solid Technical hands on Cyber Security experience with implementation and management of core security solutions. Deep packet analysis experience required using wiresharktcpdump. Cloud security experience required (AWS, Azure), Incident Response in the cloud. Advanced experience in process documentation, flow charting and re-engineering. Deep understanding of Unix, Linux and Windows Security principles and Microsoft Active Directory. PythonBashPowerShell scripting required. Understanding of OWASP Top 10 highly desired. Good understanding of Zero Trust principles highly desired. Implementation experience of ELK stack highly desired. Elasticsearch, Logstash, Kibana Excellent communication skills, writing skills, and the ability to work with internal teams. Be a performance-driven team player with an excellent attitude. Strong expertise with the following technologies and solutions at a minimum o Identity and Access Management Governance o Endpoint Detection Response o Privileged Access Management Implementation o Information Security Risk Assessments of Cloud and third-party vendors o Information Security Awareness Training Solutions o Next Generation Firewalls o Vulnerability Scanning Management o Threat Hunting Incident Response o Web and Email Security appliances o GRC platform experience o System vulnerability tools o Security monitoring tools o Application security risk assessment tools Performing gap analysis within different environments coupled with an in depth understanding of regulatory guidelines as well as standards and best practices related to CIS Top 20, ISO and NIST CSF frameworks. One of the following certifications is required - CISSP, CISM, CCSP, OSCP, GIAC GCIH, GCTIA, GDSA or equivalent. Able to follow priorities set by management. Strong ability to deliver on time. Strong ability to deliver quality. Ability to multi-task and work on several projects at the same time. Ability to translate business requirements into technical solutions. Ability to analyze vulnerabilities within the internal infrastructure and oversee timely remediation. Ability to communicate information security concepts across a broad range of technical non-technical staff. Strong verbal and written communication skills. Ability to adapt information delivery based on audience. Ability to work in a fast-paced environment. Good influencing, relationship and stakeholder management skill.