Cybersecurity Analyst- Risk

GM Financial Arlington , TX 76004

Posted 1 week ago

Overview

The Cybersecurity Analyst is responsible for executing a portion of the GM Financial (GMF) Cybersecurity Program designed to advise the organization on its management of third-party cybersecurity risk. The Cybersecurity Analyst is responsible for performing complex risk assessments which contributes to the overall success of the Cybersecurity department's initiatives. The Cybersecurity Analyst will develop strong partnerships with internal business partners and external vendors to ensure customer, empolyee, and company information is protected at the appropriate level.

Responsibilities

JOB DUTIES

  • Demonstrate proficiency conducting third party vendor assessments in accordance with NIST Cybersecurity Framework

  • Identify and assess risk, determine applicable controls which mitigate risk, and communicate opportunities for control improvements to third party vendors

  • Challenge security control design at third parties that use the latest information technology, from cloud to big data analytics

  • Develop process for assessing security controls within cloud environments

  • Serve as a subject matter expert and/or provides direction on process, projects, and issues pertaining to third party cloud security

  • Develop and managing third party operational (KPI) and risk (KRI) metrics

  • Track and manage remediation items and/or findings to completion

  • Demonstrate capability to collaborate with business partners to manage Cybersecurity needs

  • Develop security requirements to protect the company from external and internal threats

  • Build, deploy, and manage a vendor risk management solution

  • Serve as a mentor and shares knowledge with more junior team members and internal stakeholders

  • Keep abreast of the latest information security trends, apply them to risk analysis, and incorporate them into the team's risk assessments methodology

  • Perform other duties as assigned

Qualifications

Knowledge

  • Detail oriented

  • Local and wide area networking concepts, principles and protocols

  • Advanced knowledge in Infrastructure design and management

  • Working knowledge of management processes such as personnel administration, planning and budgeting

  • Strong working knowledge of Intel platforms, iSeries and pSeries servers

  • Advanced understanding of IT Service Management (ITSM) best practices and processes

  • Experience with UML Design Tools

  • Advanced knowledge of TCP/IP, OSI model and imp subnetting

  • High level understanding of technology infrastructure, security concepts and platforms

  • Demonstrated success in project management

  • Advanced knowledge of IBM pSeries hardware, operating systems and TSM backup infrastructure

  • Advanced knowledge of the OSI model and security that is associated with each layer

  • Understanding of routing and switching protocols as they relate to load balancing

  • Strong understanding of application layer protocols including HTTP, SSH, SSL, and DNS

  • Knowledge and stay abreast on the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities

  • Knowledge of IT security processes and controls as well as IT infrastructure and networking technical knowledge

  • Information Security Certifications strongly preferred

Skills

  • Ability to think strategically and make collaborative decisions

  • Ability to apply structured analysis methods to various types of data to establish trends, determine variability and business impact

  • Communicates quickly, clearly, concisely, appropriately, and intelligently

  • Foster open communication, speaks with impact, listens to others, and writes effectively

  • Experience with alternate management methods using SSH, serial connections, and the command-line interface TMSH

  • Ability to effectively negotiate with vendors on upgrades and acquisitions

  • Effective planning, time management, negotiation, and delegation skills

  • IT security processes and controls knowledge as well as IT infrastructure and networking technical knowledge

  • Ability to approach problems with an open-mind and create new and innovative ideas and methods

  • Experience with technical writing

  • Experience in documentation tools such as Visio and Microsoft Office products

  • Information security standards/frameworks (ie, NIST Cybersecurity Framework, ISO 27001) skills

  • Experience with Network and VLAN segmentation

  • Analytical skills

  • Ability to approach problems with an open-mind, use existing information and resources

  • Creative, Innovative, problem-solving and maximizing your potential to solve problems and improve methods

  • Think positively when faced with obstacles, build on others ideas, think logically and intuitively

Education

  • Bachelor's Degree or equivalent experience strongly preferred

Experience

  • Minimum of 1-5 years of experience in large and complex business environment with a successful track record working directly with senior level management with at least 1 year of experience in one or more of the following domains: Access Control, Telecom and Network Security, Cybersecurity Governance, Risk Management, Software Development Security, Cryptography, Security Architecture and Design, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, Physical (Environmental) Security, IT or Security Audit, IT or Security Compliance preferred

Work Conditions

  • Normal office environment
  • 0-20% travel may be required
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Cybersecurity Red Team

GM Financial

Posted 2 weeks ago

VIEW JOBS 11/30/2018 12:00:00 AM 2019-02-28T00:00 Overview GM Financial is the international captive finance company and wholly owned subsidiary of General Motors. With more than 9,000 hard-working team members, we're always looking for new people with diverse talents. GM Financial is a workplace where dedicated people have the opportunity to work together and celebrate our successes. We offer a comprehensive benefit package that is above industry standards as well as offer a great work-life balance. We have built our culture based on respect, integrity, innovation and personal development. To find out more about us and how to start your career at GM Financial visit our website at www.gmfinancial.com/careers. GM Financial encourages our Cybersecurity professionals to transform and revolutionize. Our Cybersecurity professionals are encouraged to break traditional approaches. GM Financial' s Cybersecurity program is an agile environment where prudent security controls are implemented and matured, through our forward thinking security organizations, and with support of engaged and industry respected executive leadership. The Cybersecurity Red Team is dedicated to performing 'objective-based' assessments replicating known threat actors, with known tactics, techniques and procedures. The AVP Cybersecurity Red Team will coordinate and oversee execution of ethical hacking and penetration tests of the General Motors Financial (GMF) information environment including both physical and logical security controls and systems. The goal will be to assess and analyze GMF's security posture as well as its ability to respond to hacker-simulated attacks. This position requires an established expert responsible for scoping engagements, presenting results and methodologies, and working with stakeholders across Cybersecurity, ITS, and business units to remediate findings. This position requires a professional who works well with others, and performs in challenging situations, is pragmatic, and is motivated by long-term results. Additionally, the GMF Red Team will be responsible for identifying and testing new tools, techniques and methods used for penetration testing activities. Finally, the AVP Cybersecurity Red Team will be responsible for communicating testing methodologies and findings to executive leadership in Cybersecurity, ITS, and other business units. Responsibilities JOB DUTIES * The Cybersecurity Red Team will conduct GM Financial's internal penetration testing and red team exercises which includes, penetration testing, Red/Blue teaming programs, Cybersecurity Tabletop exercises; summarizing the exercise for senior leadership, including areas of success and areas of opportunities * The Cybersecurity Red Team integrates the team's identification and remediation of any findings, which are produced by the associated programs, with the other Cybersecurity departments, as well as Cybersecurity's business and information technology partners * The Cybersecurity Red Team works closely with other groups within the Global Technology organization in order to develop the strong partnerships required to meet cybersecurity technology goals integrating the a designs for secure application, network, and product development supporting business intelligence REPORTING RELATIONSHIPAVP Cybersecurity US Qualifications Knowledge * Deep understanding of penetration testing and red teaming frameworks and concepts * Passion for protecting networks, systems and data from cyber attacks * Strong understanding of cybersecurity concepts and related technology solutions * Experience leading an enterprise wide cybersecurity internal assessment, including a knowledge of control strategies for a global organization * Strong consultative skills required to work directly with other technology teams with appropriate influence * Building strong networks within the firm to spot and capitalize on opportunities to get involved in projects that others are leading across a number of different business units and sectors * Manage and deliver large projects by developing the project team, assessing engagement risks throughout, driving conclusions, and reviewing / challenging the output produced by the team * Helping to grow and develop our team through hands on training and coaching * Programming experience in on or more languages such as Python, Ruby, Perl, Bash, Java * Advanced knowledge of operating and database security (Windows, UNIX/Linux, SQL, Oracle, etc) Skills * Must be able to effectively communicate to anyone in the organization, from the most technical operator to the least technical business partner * Must be proficient with the common penetration testing tools (Metasploit, Burp Suite, Cobalt Strike, etc) * Ability to interpret and document business and technical requirements * Good interpersonal, verbal and written communication skills * Detail oriented with good time and analytical skills * Ability to exercise prudent judgment and offer knowledgeable advice * Ability to work both independently and in a team environment * Ability to manage multiple projects and tasks * Ability to manage production sensitive situations * Demonstrated level of integrity when dealing with confidential and sensitive information * Demonstrated knowledge of tactics used by malicious insiders, techniques and procedures associated with state sponsored threat actors * Must be able to examine an organization from the standpoint of a threat actor and articulate risk in clear, precise terms * Ability to effectively code in a scripting language (Python, Perl, etc) * Demonstrated knowledge of internal penetration testing tactics, techniques, and procedures * Experience performing application security source code reviews * Experience developing custom exploits * Hands-on experience in the security aspects of multiple platforms, operating systems, software, and network protocols * Hands-on experience with commercial and open-source network and application security testing tools Education * High School Diploma required * Bachelor's Degree in Computer Science, Computer Engineering, Information Technology, Information Security, Information Assurance, Information Management or equivalent experience required Experience * 3-5 years of experience in penetration testing, vulnerability management, or ethical hacking required Licenses and Certifications * Cybersecurity and ethical related (e.g OSCP, OSCE) upon hire preferred GM Financial Arlington TX

Cybersecurity Analyst- Risk

GM Financial