Fulltime Information Security Analyst openings in Chicago, United States on September 02, 2022

Lead Information Security Analyst at Wells Fargo

Location: Chicago

About This Role

Wells Fargo is seeking a Lead Information Security Analyst with experience in maturing, transforming, and driving program initiatives for our organization’s security monitoring, application and software development, incident response, threat hunting, and other cyber security initiatives. The candidate will support large-scale enterprise technical projects with high visibility and will help automate activities between teams. This position will also be enlisted at times to assist incident responders to determine the risk and impact of a security threat, and possible mitigation strategies. A key component of this position will be to provide crucial metrics associated with our ability to discover and react to security threats, develop reports for senior leadership, and participate in strategic planning. The role will assist in all regulatory / compliance matters, support the team’s internal audit, engagement with first and second line of defense, assist in documenting validation, providing evidence for closure and assist in any questions or outstanding tasks for closure of any risk items. This position will also help track technology Audits and Corrective Actions to determine efficiencies across technology implementations from monitoring. Supports acquisitions including coordination with third party risk, vendor management, and supply chain. Partners with vendor management and supply chain to issue and evaluate RFPs and to ensure successful implementation of enterprise agreements and acts as focal point for coordinating sourcing efforts across business entities. This role will also interface with internal teams within Information Cyber Security and develop tactical and strategic plans and processes to integrate research and data collected into actionable activities and reports.

In This Role, You Will
• Provide advanced information security consultation for all aspects of information security compliance policy, risk management, and remediation
• Direct information security risk assessment and research, and recommend remediation plans and strategies
• Influence stakeholders on net new or on material changes to an asset to influence control decisions
• Provide consulting on security risk assessment and research, and recommend remediation plans and strategies
• Act as more experienced lead to the organization to develop security risk awareness and mitigating actions
• Consult the organization on complex security issues and findings
• Manage the most complex and critical information assets
• Evaluate and interpret internal and companywide information security policies, processes, standards, and participate with more experienced leaders in decision making on information security
• Serve as information security lead to advise on the development and delivery of Information Security Education and Awareness
• Collaborate and consult with peers, colleagues, and mid-level to more experienced managers to resolve issues and achieve goals
• Lead projects and teams
• Coordinate with vendor manager on third party assets to manage information security risks
• Serve as a mentor to less experienced staff
Required Qualifications, US:
• 5+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 2+ years of technical project coordinator experience
• 2 + years of experience in one or a combination of the following: strategic planning, initiative management or project management
Desired Qualifications:
• Knowledge and understanding of customer information systems development and implementation
• Knowledge and understanding of full life cycle software and application development
• Ability to manage projects or programs following a Standard Software Development Lifecycle (SDLC) approach, with scheduled release code deployments
• Vendor management experience
• Knowledge and understanding of banking or financial services industry
• Experience monitoring industry, technology, and regulatory trends to determine business impacts
• Relationship management experience delivering technology services between one or more internal technology organizations large internal lines of business
• Proven success in participating in multi-disciplinary teams with direct or matrixed management responsibilities to design and develop multi-channel threat mitigation strategies to including modeling/analysis, data analytics and visualization
• Ability to provide subject matter expertise on actual or perceived events as well as emerging technologies and tools and other line of business leaders
• Proven success in utilizing multiple methodologies to monitor key indicators for emerging threat trends.
• Proven success in participating in multi-disciplinary teams with direct or matrixed management responsibilities
• Ability to deal with ambiguity and drive decisions often based on limited information
• Industry recognized cyber security certifications such as SANS
Job Expectations:
• Ability to travel up to 10% of the time
We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.

Reference Number

R-206200-4
Apply Here
For Remote Lead Information Security Analyst roles, visit Remote Lead Information Security Analyst Roles

********

Staff Information Security Analyst at Fortinet

Location: Chicago

Job Description

Fortinet is looking for an Information Security Analyst to join a global Security Operations Center (SOC). This is a highly technical role, monitoring security events, identifying threats, assessing risks, providing incidence response, and working with leaders across Fortinet offices in the region to continue maturing Fortinet security posture and compliance. Fortinet SOC operates based on a follow the sun approach 24*7*365. Working hours for this position includes 5 days/40 hours per week, including Saturdays and Sundays and 3 weekdays of the candidate choice.

Job Responsibilities

Description for Internal Candidates
• As a member of the Global Security Operations team, you will monitor logs, review alerts and investigate events and security incidents leveraging SIEM, SOAR and other tools
• Develop SOC processes and playbooks, and implement alerts, reports and dashboards to identify threats and incidents.
• Collect, review, and analyze security logs, identify abnormalities and violations.
• Coach and assist system administrators, product and application developers and users to ensure that appropriate controls are implemented and operating effectively in accordance with policies.
• Ensure compliance to required standards, procedures, guidelines and processes.

Skills And Qualifications
• 3+ years of experience in Information Technology or Information Security role.
• SOC/NOC experience desired. Excellent verbal, written and interpersonal communication skills as well as attention to detail.
• Knowledge of Internet threat landscape and attacker motivations (phishing, malware, APT, DoS, etc.)
• Previous experience in an information systems or network administration role.
• Previous experience of at least one scripting language (e.g. Python, Groovy, Perl, Ruby, Shell scripting, etc.).
• Knowledge and experience working with various information security frameworks (ISO/IEC 27001, NIST 800-53, COBIT, etc) and regulatory frameworks (SOX, PCI-DSS 3.2, HIPAA, GDPR, etc.)
• Working knowledge of information security control technologies including access control, cryptography, vulnerability management, SIEM/log management, ID/IPS, and penetration test.
• Working knowledge on information technologies including Linux, Windows, VMWare, MySQL, MSSQL, Oracle, etc.
• Working knowledge of network protocols, DNS, and networking devices – routers, VPNs, proxies, firewalls.
• Demonstrate ability to engage and collaborate with employees, presenting a friendly, approachable demeanor to leverage security to help others succeed.
• Proficient in English verbal and written. Proficiency in regional languages, a plus.

Educational & Certification Requirements
• Bachelor’s degree in Computer Science, Information Security or related field;
• A certification in one or more of the following desirable:
• CISSP, CCSP, CISA, CISM, CRISC, CCNA
• GIAC GCFE, GCFA, GCIH would be a plus

#GD

About Us

Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network – today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.

We are committed to providing reasonable accommodations for all qualified individuals with disabilities. If you require assistance or accommodation due to a disability, please contact us at accommadations@fortinet.com.

Fortinet is an equal opportunity employer. We value diversity in our company, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.
Apply Here
For Remote Staff Information Security Analyst roles, visit Remote Staff Information Security Analyst Roles

********

System/Data Security Analyst – Global Information Security at 94-1687665 Bank of America, National Association

Location: Chicago

Job Description:

This role will be focused on ensuring the data and process quality of the Access Management Monitoring and Control area is rationalized using supporting data. Streamlining and automating new and existing QA/QC routines, working closely with peer groups, and producing quality metrics are also implied in this role.

A person in this role will be responsible for:
• Maintaining existing QA/QC processes
• Evaluating GIS controls for QA/QC needs
• Creating new QA/QC processes
• Enhancing existing QA/QC processes through automation and streamlining
• Analyzing data for risk indicators and trends
• Creating and publishing information views to peer teams and senior management
• Participating in regulatory and audit inquiries

Skills and Experience required of this position are:
• SQL coding and data normalization in RDBMS platforms (Oracle, MSSQL, MySQL, DB2)
• Tableau or other visualization tool experience is a plus
• Ability to design processes from the ground up and translate those into requirements
• Ability to apply analytical skills in a heterogenous data environment
• Creating testing plans for processes that ensure processes are functioning within acceptable ranges
• Quality Assurance and Quality Control fundamentals
• Phantom/Python experience is a plus
• Cloudera experience is a plus

Enterprise Role Overview:

As an experienced professional, provide advice to client management with regard to moderately complex security issues. Assists in the review, development, testing and implementation of security plans, products and control techniques. Coordinates the reporting data security incidents. Provides technical support to the client and management and staff in risk assessments and implementation of appropriate data security procedures and products. Monitors existing and proposed security standard setting groups. State and Federal legislation and regulations. Identifies and escalates changes that will affect information security policy, standards and procedures. Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs. Researches attempted efforts to compromise security protocols. Administers security policies to control access to systems and maintains the company firewall. Works on complex problems where analysis of situations or data requires an in-depth evaluation of various factors. Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.

Shift:
1st shift (United States of America)

Hours Per Week:
40
Apply Here
For Remote System/Data Security Analyst – Global Information Security roles, visit Remote System/Data Security Analyst – Global Information Security Roles

********

Sr. Lead Information Security Analyst – File Integrity Monitoring at Wells Fargo

Location: Chicago

At Wells Fargo, we are looking for talented people who will put our customers at the center of everything we do. We are seeking candidates who embrace diversity, equity and inclusion in a workplace where everyone feels valued and inspired. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

About this role:

Wells Fargo Information and Cyber Security (ICS) File Integrity Monitoring is looking for a Sr. Lead Information Security Analyst. Learn more about the career areas and lines of business at wellsfargojobs.com .

Wells Fargo is seeking a Senior Lead Information Security Analyst that will be responsible for leading the design and adoption of File-Integrity Monitoring/Unauthorized Change Detection capabilities within the Information & Cyber Security organization. The individual will engage with teams across Technology to understand the requirements, identifying appropriate tooling, and define a roadmap for adoption. The individual will work to tailor engagement based on needs and measure and report adoption to senior management.

In this role, you will:
• Define a process to on-board ins-cope assets to File Integrity Monitoring/Unauthorized Change detection tool(s).
• Document requirements for asset owners to review and respond to unauthorized change alerts, including appropriate escalation procedures by risk
• Define requirements and work with metrics team to create meaningful metrics that measure the adoption/successful onboarding and alert resolution
• Define procedures for reporting and escalation of non-compliance to onboarding.
• Work with technical engineers to tune detection capabilities.
• Define communications plan to engage with application teams to support understanding of FIM and expectations for unauthorized change detection review.
• Develop roadmap for onboarding applications.
• Provide vision, direction, and expertise to senior leadership on implementing innovative ways to perform unauthorized file detection.
• Ensure impacted teams have the necessary training to be successful
• Serve as an advisor to senior leadership and professionals and managers at different levels of the organization.
Required Qualifications, US:
• 7+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years designing and implementing security controls
Desired Qualifications:
• Certified Information Systems Security Professional (CISSP) certification
• Certified Information Security Manager (CISM) certification
• Prior experience implementing technical controls
• Demonstrated ability to influence key stakeholders
• Familiarity with technology used to perform File-integrity monitoring
• Familiarity with key technology platforms including Windows and Linux Operating Systems
• Clear, concise communicator
• Motivated, self-starter
• Ability to communicate technical concepts to individuals not as technical
• Experience in Financial Services sector preferred
Pay Range

$120,400.00 – $250,000.00 Annual

Benefits
• Information about Wells Fargo’s employee benefits
We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Apply Here
For Remote Sr. Lead Information Security Analyst – File Integrity Monitoring roles, visit Remote Sr. Lead Information Security Analyst – File Integrity Monitoring Roles

********

Cyber Security Analyst at Bank of America

Location: Chicago

Cyber Security Analyst (Data at Rest)

Denver, Colorado;Washington, District of Columbia; Chicago, Illinois
Job Description:
This role will be responsible for analyzing and escalating Data at Rest security events within a defined business SLA. The role requires someone who will be proactive in furthering the control’s maturity.

The candidate should possess a high degree of intellectual curiosity and have a strong desire to find and mitigate risks.
Candidate must be willing to enroll in Associate Investment Monitoring due to the nature of the role and access.

Key responsibilities include:
• Daily analysis of Data at Rest alerts accurately within the defined business SLA
• Identify and escalate risk
• Identify process improvement opportunities and possible solutionsQualifications:
• 3-5 years of experience in Information Security and/or related technology field
• Broad knowledge of information security technologies, techniques, and processes
• Python or other development language experience
• Experience identifying threats, vulnerabilities, and exploitations
• Excellent time management/ organization
• Strong communications both written and verbal with the ability to present control topics to a broad audience
• Analytical mindset with aggressive curiosity and critical thinking
• Information Security experience with an understanding of information security concepts/ principles
• Computer/ Cyber networking awareness with an understanding of collaboration spaces
• Strong problem solving with demonstrated proactive correction capabilities
• Understanding of industry leading Data Loss Prevention Technologies
• Self-starter with an ability to navigate and collaborate effectively within a geographically complex and dispersed global corporation
• Ability to conduct ongoing review of existing DLP business rules/ processes, make recommendations for enhancements, and build automation processes to facilitate incident response and incident remediation
• Regex writing- create rulesSharePoint/ SharePoint Online/ OneDrive administration
Job Band:H5Shift:1st shift (United States of America)
Hours Per Week:40
Weekly Schedule:*Referral Bonus Amount:**0

Job Description:This role will be responsible for analyzing and escalating Data at Rest security events within a defined business SLA.
The role requires someone who will be proactive in furthering the control’s maturity.

The candidate should possess a high degree of intellectual curiosity and have a strong desire to find and mitigate risks.
Candidate must be willing to enroll in Associate Investment Monitoring due to the nature of the role and access.

Key responsibilities include:
• Daily analysis of Data at Rest alerts accurately within the defined business SLA
• Identify and escalate risk
• Identify process improvement opportunities and possible solutionsQualifications:
• 3-5 years of experience in Information Security and/or related technology field
• Broad knowledge of information security technologies, techniques, and processes
• Python or other development language experience
• Experience identifying threats, vulnerabilities, and exploitations
• Excellent time management/ organization
• Strong communications both written and verbal with the ability to present control topics to a broad audience
• Analytical mindset with aggressive curiosity and critical thinking
• Information Security experience with an understanding of information security concepts/ principles
• Computer/ Cyber networking awareness with an understanding of collaboration spaces
• Strong problem solving with demonstrated proactive correction capabilities
• Understanding of industry leading Data Loss Prevention Technologies
• Self-starter with an ability to navigate and collaborate effectively within a geographically complex and dispersed global corporation
• Ability to conduct ongoing review of existing DLP business rules/ processes, make recommendations for enhancements, and build automation processes to facilitate incident response and incident remediation
• Regex writing- create rules
SharePoint/ SharePoint Online/ OneDrive administrationShift:1st shift (United States of America)
Hours Per Week:40Learn more about this role
Full timeJR-22080118Band:
H5
Manages People:
No
Travel:
Yes, 5% of the time
Manager:
Talent Acquisition Contact:
Nick Skaric

Referral Bonus:0Colorado pay and benefits informationColorado pay range:$86,700 – $129,900annualized salary, offers to be determined based on experience, education and skill set.Discretionary incentive eligibleThis role is eligible to participate in the annual discretionary plan.

Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group; and the overall success of the Company.BenefitsThis role is currently benefits eligible .

We provide industry-leading benefits, resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.

Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity and affirmative action, in accordance with all applicable federal, state, provincial and municipal laws.

The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.
To view the “EEO is the Law” poster, CLICK HERE ) .To view the “EEO is the Law” Supplement, CLICK HERE \_EEO\_Supplement\_Final\_JRF\_QA\) .Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse.

Our Drug-Free Workplace and Alcohol Policy (“Policy”) establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.
To view Bank of America’s Drug-free workplace and alcohol policy, CLICK HERE .
Apply Here
For Remote Cyber Security Analyst roles, visit Remote Cyber Security Analyst Roles

********

Senior Cyber Security Analyst at James Hardie

Location: Chicago

Sr. Cyber Security Analyst

Hybrid from Chicago or S. CA or Remote possible

James Hardie is the world’s #1 producer and marketer of high-performance fiber cement and fiber gypsum building solutions. We employ a diverse global workforce of over 5,000 employees across operations in North America, Europe, Australia, New Zealand, and the Philippines, and generated more than $2.9 billion in net sales during our 2021 fiscal year. We believe that home is a sanctuary and a canvas for self-expression without compromise.

The Senior Cyber Security Analyst role is part of the Global Cyber Security team and will be responsible for working closely with all global business teams in maturing the Cyber Security program. You will ensure ensure close coordination with technology and business partners in continuous risk remediation efforts and be responsible for the timely reporting on issues and risks to Cyber Security leadership. You will work closely with the Global Cyber Security and IT teams on controls deployment, coverage, and effectiveness. You’ll be conducting research and analysis in support of identifying and understanding cybersecurity risks to James Hardie and deliver solutions to appropriately safeguard data and services across platforms, technologies, services, architectures, and use cases; researching technologies, protocols and standards, practices, products and solutions that will meet corporate security control requirements for the enterprise and its customers and partners; contributing to the development and maintenance of cybersecurity strategy and architecture.

Responsibilities
• Coordinate response actions to identified business risks as a result of internal audits, third party risk assessments, and vulnerability assessments.
• Proactively promote the enhancement of technology-related internal controls awareness and training across IT and business units.
• Create and maintain technical documentation for existing security tools and solutions.
• Ensure continuous improvement of security operations processes and procedures.
• Ensure incident response tabletops are conducted on a regular basis and plans are updated using lesson learned.
• Identify, monitor, and present data points into the IT risk management activities, including daily dashboards, metrics, and reporting.
• Serve as the primary business liaison to existing security services providers.

Education & Experience
• 4+ years of work experience in Incident Response, Threat Intelligence, or Security Operations.
• Extensive knowledge in three or more of the following Security tools: Firewalls and firewall management systems, Web Content Filtering (URL Filtering), Web Application Firewalls, Intrusion Prevention System (IPS), SSL Decryption, Email Security, Endpoint Protection, Threat Management (APT), Vulnerability Scanning & Remediation, Identity Management, Data Loss Prevention, and Security Information and Event Management
• Bachelor’s degree in computer science, Information Systems, Management Information Systems, or Business Administration or another related field. Significant and relevant technical experience meeting the job description may be substituted for degree requirements.
• 4+ years of work experience in Incident Response, Threat Intelligence, or Security Operations.
• Experience developing operational and monitoring processes and documentation is required.
• Hands on experience with any scripting language in existing role, Python is a plus
• Relevant or vendor certifications in the above security tools is preferred.

This job description provides general information about the nature and levels of work, knowledge, skills, abilities, and other essential functions expected of an incumbent. It is not designed to be a comprehensive listing of all duties or responsibilities required of an incumbent. Nothing in this job description restricts management’s right to modify these duties and responsibilities at any time. This job description does not constitute a contract of employment or modify your status as an at-will employee.
Apply Here
For Remote Senior Cyber Security Analyst roles, visit Remote Senior Cyber Security Analyst Roles

********

Network Security Analyst at Koch Industries

Location: Chicago

Description

If you are looking for a technically diverse and dynamic environment where you can apply your cyber security knowledge, our Network Security Analyst role is the right fit for you. The Network and Security Team at Koch Global Services is responsible for the critical operations firewalls, proxies and other critical platforms designed to keep the Koch enterprise network secure. That includes developing and implementing security tools, procedures, and controls.

What You Will Do In Your Role
• Ensure Internet proxy and remote access services are stable and well maintained, including firmware upgrades, policy configuration, and auditing
• Serve as a subject matter expert for Internet proxy and remote access capability and supporting operational issue resolution
• Consult with other teams and internal customers on projects to appropriately leverage tools
• Ensure security best practices are applied
• Drive strategy and innovation that aligns to long-term business objectives
• Apply strong communication, collaboration, and critical/economic thinking skills when working with customers and peer teams
• Become sufficiently knowledgeable in cross-functional tools and services
• Must be willing to carry a company-provided smart phone, have home high-speed Internet capability, and participate in an on-call rotation.

The Experience You Will Bring

Requirements
• 3+ years’ experience working in a complex enterprise environment
• 2+ years’ work experience with proxy technology and/or perimeter security such as perimeter firewalls, reverse proxy, SSL VPN

What Will Put You Ahead
• Experience with Zscaler or other proxy tools such as Blue Coat or Websense
• Experience supporting complex enterprises
• Experience with product pricing, vendor management, economic modeling of products/decisions

Our goal is for each employee, and their families, to live fulfilling and healthy lives. We provide essential resources and support to build and maintain physical, financial, and emotional strength – focusing on overall wellbeing so you can focus on what matters most. Our benefits plan includes – medical, dental, vision, flexible spending and health savings accounts, life insurance, ADD, disability, retirement, paid vacation/time off, educational assistance, and may also include infertility assistance, paid parental leave and adoption assistance. Specific eligibility criteria is set by the applicable Summary Plan Description, policy or guideline and benefits may vary by geographic region. If you have questions on what benefits apply to you, please speak to your recruiter.

At Koch companies, we are entrepreneurs. This means we openly challenge the status quo, find new ways to create value and get rewarded for our individual contributions. Any compensation range provided for a role is an estimate determined by available market data. The actual amount may be higher or lower than the range provided considering each candidate’s knowledge, skills, abilities, and geographic location. If you have questions, please speak to your recruiter about the flexibility and detail of our compensation philosophy.

Equal Opportunity Employer, including disability and protected veteran status.

Except where prohibited by state law, all offers of employment are conditioned upon successfully passing a drug test.

This employer uses E-Verify. Please visit the following website for additional information: www.kochcareers.com/doc/Everify.pdf
Apply Here
For Remote Network Security Analyst roles, visit Remote Network Security Analyst Roles

********

Consultant, Information Security at CIBC US

Location: Chicago

We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients.

At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are and what they contribute.

To learn more about CIBC, please visit CIBC.com

Job Description

The Consultant, Information Security is responsible for delivering technical expertise in the development and support of activities, processes, procedures and tools for protecting technology based information. The role works on complex issues involving one or more technical areas, mentoring employees and performing tasks of advanced technical depth and breadth. The Consultant, Information Security troubleshoots complex issues for all levels while reviewing, developing, testing and implementing security plans and control techniques. The role exercises independent judgement and decision making within ownership of projects, defining and supporting the implementation of the minimum security configuration for all IT hardware and software and ensuring that industry best practices are maintained. Using strong analytic and inductive thinking, the role assesses projects for security risks, identifying the potential exposures, and presenting recommendations that are practical and achievable, enabling the business to make informed risk decisions.

What You’ll Be Doing

As an Information Security Consultant, you’ll assess projects for security risks and present recommendations that allow the business to make informed conclusions. You’ll provide insight and support to assemble policies and procedures that safeguard our clients, enhance risk management, and enable our success.

How You’ll Succeed
• Security assessments – Leverage your expertise in Information Security Management to prepare and conduct assessments for both planned initiatives and unplanned instances. Perform clear and thorough threat and vulnerability scans of internal and external devices. Use your knowledge of processes, tools, techniques, and practices for assuring consistency to standards associated with accessing, altering, and protecting organizational data.
• Risk reviews – Examine and interpret requirement documents and architecture diagrams. Collaborate with senior leaders and make informed, risk-based recommendations to enhance information system security. Weigh business needs against security concerns to help guide the business to make practical and informed risk choices.
• Governance support – Proactively contribute to governance initiatives, providing technical and business advice, as well as insight on management processes. Contribute to the development of governance and risk-related company policies.

Who You Are
• You know that details matter. You notice things that others don’t. Your critical thinking skills help to inform your decision making.
• You give meaning to data. You enjoy investigating complex problems and making sense of information. You communicate detailed information in a meaningful way.
• You’re digitally savvy. You seek out innovative solutions and embrace evolving technologies. You can easily adapt to new tools and trends.
• You have a degree/diploma in Computer Science, Engineering, or a related field. You have at least five years of experience as an Information Security Consultant or a similar role.
• You’re a certified professional. It’s an asset if you have your CISSP, CIA, or CISM designation.
• Values matter to you. You bring your real self to work and you live our values – trust, teamwork, and accountability.

What CIBC Offers

At CIBC, your goals are a priority. We start with your strengths and ambitions as an employee and strive to create opportunities to tap into your potential. We aspire to give you a career, rather than just a paycheck.
• We work to recognize you in meaningful, personalized ways including a competitive salary, incentive pay, banking benefits, a health benefits program, defined benefit pension plan, an employee share purchase plan and MomentMakers, our social, points-based recognition program
• Our spaces and technological toolkit will make it simple to bring together great minds to create innovative solutions that make a difference for our clients
• We cultivate a culture where you can express your ambition through initiatives like Purpose Day; a paid day off dedicated for you to use to invest in your growth and development

Risk & Compliance:

Our CIBC risk culture is based on employees striving to exceed the expectations of ourselves and our leadership’s identification and mitigation of risks in their daily responsibilities, not just in quarterly or annual monitoring/assessments. We all are accountable for managing risk.

As an employee of CIBC the incumbent must conduct themselves (and foster an environment for others) in a manner consistent with our strong risk culture. This includes:
• Following all aspects of the CIBC Code of Conduct, as well as all applicable CIBC policies, frameworks, guidelines, processes and controls
• At all times acting in accordance with our Purpose and shared values, to achieve our Bank’s strategic goals
• Understanding and following the qualitative and quantitative components of our Risk Appetite Statements
• Completing all annual Corporate Mandatory Training and Testing modules, as well as any additional business-specific modules, as required and employing the learnings in daily activities and undertakings
• Escalating matters through one of the appropriate channels identified in the CIBC Code of Conduct (i.e., HR, management, Ethics Hotline, Whistleblower, etc.) upon observing activities that may be inconsistent with CIBC’s policies, frameworks, guidelines, processes and controls
• Speaking up if witnessing behaviors that drive poor or unfair outcomes for clients, team members or other stakeholders
• Escalating matters that can result in adverse market practices and outcomes, thereby negatively impacting CIBC’s reputation as a leading financial institution

What You Need To Know
• CIBC is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. If you need accommodation, please contact Mailbox.careers-carrieres@cibc.com
• You need to be legally eligible to work at the location(s) specified above and, where applicable, must have a valid work or study permit.

Job Location

IL-70 W Madison St, 8th Fl

Employment Type

Regular

Weekly Hours

40

Skills

Communication, Critical Thinking, Decision Making, Information Security, Information System Security, Systems Security, Taking Initiative, Teamwork
Apply Here
For Remote Consultant, Information Security roles, visit Remote Consultant, Information Security Roles

********

Senior Information Security Analyst II at OppFi

Location: Chicago

As a leading financial technology platform, OppFi powers banks to bring credit access to millions of everyday consumers who are locked out of mainstream financial options. We go beyond our mission – to help people rebuild financial health – and go further to ensure we keep the customer at the center of everything we do. We are creating a Customer-obsessed culture, with the capital “C”.

And it starts with our team here. We are a team of caring, innovative, and inclusive individuals who thrive in being immersed in diverse talents, expertise, perspectives and backgrounds. Our employees approach every new challenge with an unparalleled ability to see what could be rather than settle for what is. We welcome individuals who want to make a difference in the financial system through creating and building simple, transparent products that facilitate credit access, enable savings, and build wealth.

A few other fun facts about us. OppFi is an Inc. 5000 company for six straight years, a Deloitte’s Technology Fast 500™, the seventh fastest-growing Chicagoland company by Crain’s Chicago Business, and was named on Built In’s 2022 Best Places to Work in Chicago.

What you get to do:
• Manage the process and tools for Information Security & Risk Management, and process IT due-diligence requests and ensure compliance to policies, procedures and regulations.
• Function as a central third-party risk management subject matter expert looking to involve third parties in processes that interact with data. Support completion of information security review process for all new third parties, and annual reviews for all other relationships, that receive and/or interact with data.
• Maintain inventory of third parties who possess and/or interact with data, including key risk information about the relationship, data attributes involved, and regulatory compliance. Monitor open third party security issues and remediation actions associated with security control gaps to ensure timely closure.
• Educate and build cybersecurity awareness across the enterprise
• Identify and analyze new requirements for policy impacts; develop and update policies, procedures and guidelines.
• Improve compliance with security standards and policies across the enterprise.
• Be the primary point of security risk management activities, including analyzing, quantifying, and tracking identified information security risks and reviewing and documenting risk exception requests.
• Work with the Technology Process Owners to create, modify, validate, and decommission policies/procedures.
• Create dynamic dashboards and scorecards for visibility of Information Security Governance activities.

What you will bring to the team:
• Experience with security and control frameworks, such as FFIEC, NIST, COBIT, ITIL, and ISO control framework
• Background in Information Security, IT Risk Management, or third party risk management
• 8+ years of experience supporting Information Technology compliance programs to meet regulatory or compliance requirements
• Experience identifying potential IT controls risks and opportunities through and offering sustainable recommendations that address cause rather than symptoms
• Experience with information security standards, best practices for securing computer systems within applicable laws and regulations
• Experience with Governance Risk & Compliance (GRC) tools and procedure development
• Experience working in a regulated industry (financial services or health care)

Reports to: Chief Information Security Officer

Job Level: Lead

The minimum salary for this role is $110,000. The total compensation package includes eligibility for performance-based bonuses as well as a 1-time equity grant based on level.

The actual offer, reflecting the total compensation package and benefits, will be at the company’s sole discretion, and determined by a myriad of factors including, but not limited to, years of experience, depth of experience, and other relevant business considerations.

Total Rewards and Benefits

OppFi offers a flexible remote environment, 401(k) matching program, and flexible paid vacation. Other benefits include medical benefits, dental and vision coverage, and tuition reimbursement. To support your wellness & growth, we provide monthly meditation and yoga classes and access to all LinkedIn Learning courses. We also offer Fringe, which is a lifestyle benefits platform that lets you decide how you want to spend your rewards from dozens of vendors like Uber, Doordash, and Urban Sitter. Dress code is casual.

EEOC Statement:

OppFi is an equal opportunity employer and does not discriminate based on any actual or perceived legally recognized protected bases under local, state, or federal law or regulations. Our goal as a company is to build an equitable workplace that actively works to dismantle systems of oppression in our processes, procedures, and interactions. We aim to help our employees thrive where they work and beyond. Check out our Culture page here.

OppFi is committed to the full inclusion of all qualified individuals. As part of this commitment, OppFi will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact our People team at recruiting@oppfi.com.

Pursuant to the requirements of the California Consumer Privacy Act, OppFi is providing the “OppFi California Employee Privacy Policy”, which details the categories of personal information collected and your rights under the policy. If you are a California resident, please review the policy here: https://www.oppfi.com/careers/
Apply Here
For Remote Senior Information Security Analyst II roles, visit Remote Senior Information Security Analyst II Roles

********

Lead, Cyber Security IT Risk Management at Northern Trust Asset Management

Location: Chicago

• You will work with Northern Trust’s Technology Risk and Control team to perform risk assessments on a wide range of technology domains and oversee implementation of technology controls in adherence to company policies and standards.
• You will work with global information technology partners to advise on control design and measurement of control maturity and gaps.
• You will work with risk, compliance and audit partners to manage technology control-related issues to ensure proper resolution, escalation and reporting.
• Using advance data analytics methods, you will work with the Control Assurance team and the Control Officers to analyze large amount of transaction and behavior data to identify early warning, prevent major control gaps or failures.
• You will be part of a dedicated and outstanding team that focuses on promoting control awareness and properly manage risks within the global information technology organization.
• Advise Global Information Technology teams on technology risks and controls and comply with company’s technology policies and standards
• Perform control testing and risk assessment for various technology areas, including critical financial transaction systems and its supporting infrastructure.
• Use data analytics and automation to analyze performance of controls and identify early warinings
• Support Control Officers to manage executive reporting, issue tracking and resolution, and measurement of risk appetite
• Facilitate governance committees, working groups and owners as a trust risk and control advisor.
• Influence behaviors to reduce risk and foster a strong technology risk management culture throughout the enterprise.
• Experiences with technology operations, security assessments, and security processes.
• In-depth understanding and experiences of information security, risk assessments, security risk management principles.
• Strong collaboration and relationship management skills, including experiences in executive management relationship
• Strong written and verbal communication skills
• Your Employment Experience
• A Bachelor’s degree in a related technical field or equivalent practical experience
• At least 5 or more years of experiences in managing technology risk, control functions, audit services experience, or similar experience with transferable skills.
Apply Here
For Remote Lead, Cyber Security IT Risk Management roles, visit Remote Lead, Cyber Security IT Risk Management Roles

********

The Tech Career Guru
We will be happy to hear your thoughts

Leave a reply

Tech Jobs Here
Logo