Senior Analyst - Cyber Security Compliance Operations

Hyatt Hotels Corp. Chicago , IL 60602

Posted 2 months ago

Apply

This Job is not relevant Tell us why

This is an exciting, fully remote opportunity to join the Cyber Security organization at Hyatt. The Senior Analyst - Cyber Security Compliance Operations role will report to the Manager, Cyber Security Compliance Operations, leading Hyatt's Third-Party Risk Management (TPRM) enterprise program from a cybersecurity perspective.As a member of the Cyber Security Compliance Operations team, you will implement and manage formalized processes for evaluating, selecting, monitoring and auditing our third-party vendors, while also working with business partners to support their specific needs and timelines.

Position Responsibilities / Essential Functions

Support Hyatt's global Third Party Risk Management (TPRM) Program, which includes developing, enhancing and maintaining the process through the use of automation tools including third-party/GRC platform.
Create and maintain governance documentation on our global TPRM program, which includes policies, standards, procedures, risk definitions and requirements.
Plan and conduct third-party vendor assessments focusing on compliance with regulations, company policies and internal controls. Communicate risks and track remediation plans.
Identify key program metrics to measure the effectiveness of the program including creation of reports and scorecards.
Communicate TPRM initiatives with various stakeholders across Hyatt.
Work with Legal and Procurement to integrate TRPM processes for vendor selection and contract negotiations. Conduct contract reviews to ensure cyber security provisions are in place.
Participate in Cyber Security Governance, Risk and Compliance processes to provide guidance on security risks and improve security posture.
Be the champion of change and process improvements by actively seeking opportunities to automate and improve processes throughout the organization.
Work with various business owners to understand the challenges they face and how to improve efficiency throughout their organization through automation and process improvements.
Demonstrate a commitment to Hyatt core values (included in all job descriptions).
The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary (included in all job descriptions).

Experience

Minimum of 3-5 years or a combination of work experience within Cyber Security domains such as Governance Risk, & Compliance and Third Party Risk Management.
Deep understanding and experience on organizational process improvements, working with Governance Risk and Compliance (GRC) platforms, and workflow automation platforms.
Experience in risk assessment that includes third party and security assessments.
Deep understanding of risk frameworks and risk methodologies including, NIST, CIS, COBIT and ISO.
Knowledge of SOC reports, ISO certifications, PCI report on compliance and any independent attestation reports that may include compliance and privacy regulations.
Experience with creating and implementing cybersecurity policies, standards, and procedures.
Knowledge of information systems terminology, controls, and practices.
Proactive self-starter with the ability to work independently and as part of a larger team.
Strong verbal and written communication and presentation skill.
Ability to effectively interact with different areas and level of the organization (especially leadership).

Education

Bachelor's degree in Cyber Security, Information Systems, or related discipline.

Certificates, Licenses, Registrations

Certifications (Desirable): CISA, CISM, CISSP, Six Sigma, ITIL, PMP

Computer Skills Needed to Perform this Job

Expert user of Microsoft suite (Word, PowerPoint, Excel)
Experience with GRC and/or Workflow Automation Platforms (e.g. Archer, MetricStream, ZenGRC, LogicGate, etc.)

Additional Comments and Requirements

Ability and willingness to operate in a fast-paced, complex corporate environment
Travel may include approximately 5% of work time

Show Full Description

See how you match
to the job

Upload my resume

Download the
LiveCareer app and find
your dream job anywhere

Similar Jobs

View All

Want to see jobs matched to your resume?
Upload One Now!

Cyber Security Strategy And Business Analyst

Bank Of America Corporation

Posted 3 days ago

VIEW JOBS Job Description: Are you passionate about working with the best information security team in the world? Bank of America is hiring top talent to join our innovative and forward thinking team. What We Do: At Bank of America, we handle the finances of over 67 million client relationships every day, including helping them save, borrow, and invest for today and for their future. We stand by our clients each and every day giving them the power to realize their personal financial goals and help make their financial lives better. The Global Information Security organization is responsible for protecting bank information systems, confidential and proprietary data, and customer information. The team: * Develops the bank's Information security strategy and policy * Manages the Information security program and identifies and addresses vulnerabilities * Develops, deploys and manages a risk-based controls portfolio * Manages and operates a global security operations center that monitors, detects and responds to cybersecurity incidents What We're Looking For: We're looking for the next generation of Cyber security experts - those with a passion for growing a long-term career, building relationships and working with a team of innovative and forward thinking information security professionals. Our cyber team is meant for those looking to make a real impact and build a career in information security. The role is ideal for those who have a passion to work with industry leaders to protect our brand and the customer/client experience by proactively detecting, disrupting, and mitigating cyber security across the organization. What You'll Get: From day one, you'll receive training including hands-on practice, personalized coaching and dedicated support throughout your on-boarding experience. With demonstrated success, you'll have the opportunity to advance into many different roles with Global Information Security - with unlimited opportunity to grow throughout your career. You will be supported with dedicated programs, tools, and resources throughout your career journey. We'll help you: * Build a successful career at Bank of America through world-class training and on-boarding programs that set you up for success * Grow in your current role through one-on-one coaching from managers who are invested in your success and training programs that help you excel, build new skills or take on additional responsibility * Continuously learn and advance your career goals through intentional career paths to the next best role * Use resources and innovative technologies to optimize the client experience * Expand your business knowledge and network by partnering with experts in Global Information Security, Global Technology and other lines of business * Become an expert in what you do What you can look forward to: * Ongoing professional development to deepen your skills and optimize your expertise as the industry evolves and changes * Resources and dedicated support to help you reach your full potential throughout your career * A benefits program designed to meet the diverse needs of our employees at every stage of their life and help them plan for tomorrow * Progressive workplace practices and initiatives that promote inclusion We're a culture that: * Believes in responsible growth and has a proven dedication to supporting the communities we serve. * Provides continuous training and developmental opportunities to help people achieve their goals, whatever their background or experience. * Believes diversity makes us stronger, so we can reflect, connect to and meet the diverse needs of our clients and customers around the world. * Is committed to advancing our tools, technology, and ways of working. We always put our clients first to meet their evolving needs. Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank's Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities and operates a global security operations center that monitors, detects and responds to cybersecurity incidents. Role Description: The Business Analyst will be a member of the CSA COO organization, responsible for capturing and refining business and/or system requirements for projects within in the CSA organization. With a need to bridge business and technology, you'll interact with leadership within CSA to learn about challenges and opportunities and translate that insight into high-quality solutions. Key responsibilities include working with stakeholders to understand their needs, analyze problems, capture their requirements, and then working closely with external development teams to refine the requirements into specifications that can be executed by the team. Individuals in this role possess a foundational understanding of the business/technical domains. Responsibilities include: * Facilitate calls stakeholders to understand their needs, analyze problems, and capture their functional and technical requirements * Work closely with internal and external development teams to refine the requirements into specifications that can be executed by the team * Document requirements in a business requirements document format and seek sign-off from key stakeholders * Develop templates and requirements gathering processes the team can leverage to improve efficiencies * Ability to learn key functions and tools of the CSA organizations and leverage knowledge gained in stakeholder meetings * Partner with CST and CTI to refine business requirements into technical requirements used for development or deployment of infrastructure * Ability to work collaboratively in teams and develop meaningful relationships to achieve common goals * Ability to develop PowerPoint presentations for executive level meetings Required Skills * Highly organized and motivated self-starter who can deliver results with minimal direction * Ability to influence and work collaboratively across peers and multiple levels of management both within and outside of the organization * Creative and proactive problem solver - ability to understand tech enablement concepts to improve new and existing business processes * Ability to communicate clearly and effectively with both technology/development and business partners - ability to translate between these two constituencies * Ability to liaison between lines of business and development teams, translating strategic goals into technology solutions, and vice versa * Strong technical background with a proven track record of documenting functional and technical requirements Desired skills: * Experience defining requirements used to developing business cases for initiative funding * Experience developing PowerPoint presentations for executive level meetings * Experience presenting in executive level meetings Enterprise Job Description: Responsible for defined work or projects of moderate scope and complexity to identify and mitigate third party information security risks. Works under the guidance of a more senior-level manager with limited direction. Possesses extensive technical or functional knowledge in third party risk management, information security, business continuity, and governance. Interacts extensively with internal or external stakeholders including business partners and/or external parties to identify, analyze, and resolve complex problems or security gaps. Typically has 3-5 years of relevant experience. Shift: 1st shift (United States of America) Hours Per Week: 40

Cyber Cloud Security Senior Consultant (Nationwide)

Deloitte

Posted 5 days ago

VIEW JOBS Position Summary As a Cloud Security Senior Consultant, you will be at the front lines with our clients supporting them with their cloud security needs to securely navigate their journey to the cloud on the leading cloud platforms, by implementing industry leading practices around cyber risks and cloud security for clients. You will execute on cloud security engagements during different phases of the lifecycle - assessment, design, implementation, and post-implementation reviews, particularly you will: * Serve as a subject matter expert on cloud cyber risk for at least one of the leading cloud platforms (AWS, Microsoft Azure/ Office 365, GCP, Alibaba Cloud, Oracle Cloud). * Guide clients on their transition from on-premise security technologies to cloud-native options (e.g., Azure Sentinel, Azure Monitor) and assist clients with the deployment of cloud-native and third-party technologies to secure cloud platforms, including cloud access security broker (CASB), cloud workload protection (CWP), and cloud security platform management (CSPM) solutions. * Conduct cloud security assessments and provide recommendations on required configurations for client cloud platforms (such as AWS, Azure, GCP, Alibaba Cloud, Oracle Cloud) and environments based on Deloitte's Cloud Cyber Risk Framework. This can include cloud-native or third-party solutions including directory services (e.g., LDAP, Azure Active Directory (AAD)), infrastructure (compute/networking/storage) services, data protection services, security monitoring, logging, PaaS services, and SaaS services (e.g., 0ffice 365). * Provide technical security support for cloud-native (e.g., AAD) and third-party security services and resolve service-related issues through research, troubleshooting, and working with cloud service providers and third-party security solution vendors. * Support proof of concept and production deployments of these cloud technologies. * Perform technical health checks for cloud platforms/environments prior to broader deployment and assist clients with configuration of cloud platform scanning tools, and delivery of cloud security and compliance reports. * Design and develop cloud platform-specific security policies, standards, and procedures for management group and account/subscription management and configuration (e.g. Azure Policy, Azure Security Center, AWS Config), identity management and access control, firewall management, auditing and monitoring, security incident and event management, data protection, user and administrator account management, SSO, conditional access controls and password/secrets management. * Troubleshoot problems with cloud infrastructure (e.g., domain name service, virtual network peering, dedicated cloud connectivity services - Azure ExpressRoute, AWS DirectConnect, Google Cloud Dedicated Interconnect) and resources (e.g., virtual machines, virtual networks, cloud databases) in a multi-cloud vendor environment and document technical platform issues, analysis, client communication, and resolution as part of cyber risk mitigation steps. * Assist clients in the selection and tailoring of approaches, methods, and tools to support cloud adoption for secure migration of existing workloads to a cloud vendor. This may cover services such as tenant setup and service configuration focused on cloud cyber risk mitigation, IAM (e.g., PIM/PAM, MFA, SSO, Conditional Access), data protection (e.g., DLP, encryption, PKI), network security (e.g., firewalls, WAF), etc. * Perform cloud orchestration and automation (Continuous Integration and Continuous Delivery (CI/CD)) in single and multi-tenant environments using tools like Terraform, Ansible, Puppet, Chef, Salt etc. * Design, implement, manage, and automate DevSecOps capabilities in cloud offerings using CI/CD toolsets and automation (e.g., Boto3, Lambda, Azure Functions, Google Functions, Python, JSON). * Support and enable junior team members across both technical and management leadership capacities. * Provide internal cloud security technical training to Advisory personnel as needed. * Support the team on proposals, whitepapers, proof of concepts, technical eminence materials and firm initiatives. The team Deloitte Advisory's Cloud Cyber team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals provide advisory and implementation services that integrate risk, regulatory, and technology skills to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory's Cyber Risk Services practice. Required: Working experience in at least two of the areas listed below. * 4+ years of hands-on technical experience with at least one cloud platform in security or infrastructure implementation and operations. * 4+ years of hands-on technical experience with infrastructure systems such as networking (e.g. WAF, Firewall and load balancing), operating systems, SCCM and endpoint engineering, and infrastructure automation implementation or operations. * 4+ years of hands-on technical experience with Cloud Identity and Access management solutions in implementation and operations. * 4+ years of experience with Big Data and advanced analytics, or AI/ML services (such as Amazon Aurora/Azure SQL/Google Cloud SQL, Amazon EMR/Azure HDInsight/Cloud DataProc, Key management solutions, Storage and backup, Load balancing, Security Management, Databases and EC2 or VM machine hosting Databricks, Data Factory, Amazon Athena/Data Lake Storage/BigQuery, Azure Analysis Services, Synapse Analytics, Machine Learning, etc.) Ideally the following cloud-related technical experience: * 2+ years of working with different Cloud platforms (Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS)) and environments (Public, Private, Hybrid) in a security role. * 2+ years of hands-on technical experience implementing security solutions for leading Cloud service providers e.g., Amazon AWS, Microsoft Azure, Google Cloud. * 2+ years of full stack development and strong experience with either one of these Python, Java, Angular, R, Go. * 1+ years of hands-on technical experience enterprise-level security incident and event management (SIEM) implementation or operations. * 1+ years of infrastructure automation (such as PowerShell, Terraform, Puppet) or DevOps/DevSecOps experience. * 1+ years of containerization experience (Kubernetes, Docker). * 2+ years of consulting experience. * 1+ years of PowerShell, ARM and JSON programing. Additional Requirements: * BA/BS Degree is required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology. * Ability to travel up to 50% (While 50% of travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice). * Limited sponsorship available. Preferred: * Previous Consulting or Big 4 experience preferred. * Experience with previous cloud migrations is a plus. * Depth of experience and knowledge in cloud platform technologies such as Amazon's VPC, Elastic Load balancing, Global Accelerator, Transit Gateway, Security Groups, Identity and Access Management IAM, Route 53, Key Management Service (KMS), PrivateLink Direct Connect, Virtual Private Network, CloudFront and API Gateway. * Experience with cloud automation and container tools like bash scripting, Ansible, Docker, Chef or Puppet. * Experience with JSON, Python, XML and ability to write cloud automation scripts desired. * Certifications such as: CCSP, AWS Certified Security, Microsoft Azure Security, Azure Security Engineer Associate * AWS Certified Architect, Microsoft new role-based certifications (Azure), GCP Cloud Architect, GCP Cloud Security Engineer CCSP, CISSP. * Knowledge of security and privacy-related industry standards and frameworks (e.g., ISO 27001/2, NIST 800-53, NIST CSF, CSA CCM) is a plus. * Experience with IP networking, VPNs, DNS, load balancing and firewalling concepts - (Focus on cloud native networking, Palo Alto and Cisco DMVPN). * Experience with Centrify, MFA, McAfee AV, Tenable/Nessus, Trend Micro, Splunk, STIG Hardening. * Experience with data security tooling (such as Voltage / Informatica) integration with cloud-based storage and data warehouse (DWH) solutions including, but not limited to, EMR / BigTable / BigQuery / DataProc. * Experience with Security Governance solutions like Redlock or Prisma. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our diverse, equitable, and inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our client most complex challenges. This makes Deloitte one of the most rewarding places to work. Learn more about our inclusive culture. Professional development From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. As used in this posting, "Deloitte Advisory" means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. These entities are separate subsidiaries of Deloitte LLP. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available. Requisition code: 102705

Cyber Security Analyst Trading Technologies

Trading Technologies International, Inc.

Posted 1 week ago

VIEW JOBS Position summary. We are currently seeking a driven and talented Cyber Security Analyst to fill a role that requires a broad array of knowledge and skills working with team members to support TT's Cyber Security program and information systems life-cycle activities. Our team is looking for highly motivated individuals with impeccable work ethic and a strong ability to work in a collaborative dynamic team environment. This provides an environment to grow your expertise and sharpen your skills & knowledge. What you bring to the table. * A passion for security. * Worked in an InfoSec role for at least two years. * Relevant work experience in penetration testing or red teaming. * Software development experience in Python, Ruby and Bash scripting. * Technical knowledge of security engineering, computer and network security, authentication, security protocols and applied cryptography. * Excellent written & verbal communication skills. * Knowledge of Windows, MacOS and Linux operating systems. * Knowledge of core networking concepts & cloud infrastructures. * Experience with Security Information and Event Management (SIEM) products. * Experience with data analysis of even data in security related sources such as IPS, Web Security, Endpoint Protection, Event Logs. * Maintain awareness of advisories, alerts, data calls, directives and recommended practices. * Strong organizational skills and ability to effectively manage multiple projects with competing deadlines and priorities. * Familiarity with IT Security services such as encryption, authentication, and intrusion detection as well as the principles of confidentiality, integrity and availability. * Experience with one or more of the following tools: Kali Linux, BurpSuite, Bloodhound, Impacket, Metasploit, Empire, Covenant, Core Impact, Cobalt Strike, SQLmap, Hak5 tools. * Bonus: Advanced security accreditation such as CISSP, OSCP, CASP, Security+. * Bonus: Relevant and well-regarded certifications in cloud computing such as CKA (Certified Kubernetes Administrator), AWS Professional or Specialty levels, Google Professional level. What you can expect to be involved with. * Implement and make recommendations based on threat assessments at the network, server and endpoint levels. * Involved in Threat, Vulnerability Management and Attack Surface reduction exercises. * Create and execute red/purple team program * Assist in performing investigations of anomalous activity and creating actionable reports to senior management. * Monitor external intelligence and vulnerability feeds to determine company exposure to new threats. * Investigate and respond to security alerts; leverage security platforms for the identification of security events and triage and escalate security incidents. * Improve Security Operations through automation and technical controls. * Stay up to date with current security vulnerabilities and attacks. * Identify relationships, trends and patterns of security events. * Automate response and remediation of security events. * Develop new use cases to detect threats across multiple environments including network, endpoint and applications. * Develop impactful risk and threat metrics and provide investigation reports. * Support wider CTDS Information Security Officer initiatives. * Assist the team in system maturity, upgrades and expanded features. * Produce useful and actionable threat and risk dashboards, reports and metrics. * Uses a deep understanding of IT expertise to develop and implement security and compliance policies, guidelines, and safe practices for university-wide computing and networking systems. * Leads teams to conduct in-depth information technology risk assessments; makes recommendations and designs improvements to IT security procedures. ("Tabletop exercises") * Guides communications with users to understand their security needs and supports the implementation of procedures to accommodate them. Ensures that the user community understands and adheres to necessary procedures to maintain security. * Maintain Luna SA HSM clusters. What we bring to the table. * Competitive benefits, including: medical, dental, vision, FSA, 401(k) and pre-tax transit/parking * Flexible work schedules - with some remote work * 22 PTO (paid time off) days per year with the ability to roll over days into the following year, robust paid holiday schedule with early dismissal, generous parental leave (for all genders and staff, including adoptive parents) and backup child care as well as tutoring services * Tech resources, including, a "rent-to-own" program where employees are eligible for a company-provided Mac/PC laptop and/or mobile phone of your choice; and a tech accessories budget for monitors, headphones, keyboards, office equipment, etc. * Stipends and subsidy contributions toward personally-owned cell phones and laptops, gym memberships and health/wellness initiatives (including discounted healthcare premiums, healthy meal delivery programs or smoking cessation) * Casual dress code and inspiring, motivating office environment * Forward-thinking, culture-based organization with collaborative teams that promote diversity and inclusion * Office is conveniently located above Union Station and close to various public transportation Company overview. Trading Technologies (TT) creates professional trading software, infrastructure and data solutions for a wide variety of users, including proprietary traders, brokers, money managers, CTAs, hedge funds, commercial hedgers and risk managers. In addition to providing access to the world's major international exchanges and liquidity venues via its TT® trading platform, TT offers domain-specific technology for cryptocurrency trading and machine-learning tools for real-time trade surveillance. * ---------------------- Trading Technologies (TT) is an equal opportunity employer. Equal employment has been, and continues to be a required practice at the Company. Trading Technologies' practice of equal employment opportunity is to recruit, hire, train, promote and base all employment decisions on ability, rather than race, color, religion, national origin, sex/gender orientation, age, disability, sexual orientation, genetic information or any other protected status. Additionally, TT participates in the E-Verify Program for US offices.

Apply