Information Security Analyst-2
Part of a team that establishes, supports and continuously improves the enterprise information security policies, practices and standards. Participate in on-going operational activities that serve to establish appropriate access to and provide the appropriate protection, confidentiality, integrity and availability of enterprise systems and data through effective security controls. Validate compliance with policies and standards that keep Ameriprise applications and infrastructure safe and secure from vulnerabilities. Responsibilities
• Partner with other support teams and vendors to resolve problems or implement new products or services.
• Escalate key security issues to the appropriate team to be addressed.
• Assist with security assurance testing activities.
Information Security Governance
• Monitor compliance with information security policies and practices and any applicable laws.
• Assist with internal and external security risk assessments, risk analysis and application or system-level vulnerability testing and reviews.
• Monitor, assess and document vendor compliance with Ameriprise security requirements.
• Assist with the research, development, continuous improvement and implementation of security policies, procedures, standards and processes based on compliance requirements and industry best practices.
• Document the Ameriprise information security requirements, processes and procedures.
• Prepare status reports on information security matters that are used for a variety of purposes - including vendor security assessment and risk management & reporting.
• Effectively manage and prioritize ad-hoc reporting requests, scorecards and standard departmental reporting.
• Coordinate with internal team and external auditors to provide documentation of compliance assessments, support and remediation activities.
• Maintain and develop knowledge of regulatory security trends, new security technologies and best practices.
• Conduct security and industry specific research to keep self and the firm abreast of the latest security issues and regulatory developments that may impact existing policies, procedures and practices.
• Participate in information security education, training and awareness activities for technology and business teams. Required Qualifications
• Bachelors degree in Information Security, Computer Science, or related technical field; or equivalent work experience.
• 3-5 years of relevant experience required.
• 3+ years of experience in information security or related technical field.
• Broad work experience that spans one or more of the information security functions - policy development, education, executing penetration testing and application vulnerability assessments, risk analysis and compliance testing.
• Working knowledge of information security and computer network/system access technologies.
• Experience working in the financial services industry or other highly regulated/compliance oriented environments.
• Effective verbal and written communication skills that include the ability to describe highly technical concepts in non-technical terms. Preferred Qualifications
• Certifications preferred: CISSP, CISA, CISM, CRISC; or equivalent security certification.
• Broad hands-on knowledge of firewalls, intrusions detection/prevention systems, anti-virus software, data encryption and other industry-standard techniques and practices.
• Very good understanding of security controls, monitoring systems and regulatory/business drivers that impact security policies and practices.
• Familiarity with technology risk assessment/SOX IT General Controls requirements and/or other related regulatory requirements. About Our Company
With the right company, life can Be Brilliant®. The Ameriprise Financial Technology team mission is to create innovative technology solutions and engaging digital experiences for our clients, advisors, and employees. We embrace an inclusive and collaborative culture that allows us to partner across the business and lend our expertise in the areas of corporate computing, network infrastructure and security. We celebrate the unique qualities and reward the contributions of our talented, passionate employees. If you're motivated and want to work for a strong, ethical company that cares about you and your community, take the next step with Ameriprise Technology and we can Be Brilliant® together.
Ameriprise Financial is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, national origin, genetic information, age, sexual orientation, citizenship, gender identity, disability, veteran status, marital status, family status or any other basis prohibited by law.