Security Operations Center Analyst III

Exceed the expectations of our residential mortgage borrowers & business partners through superior service, simple processes, and effective communications.

We deliver on this mission by empowering our employees by encouraging and recognizing superior performance and innovative solutions, by promoting teamwork and divisional cooperation.
 

POSITION SUMMARY

The Security Operations Center Analyst III provides the first line of defense IT Security services, consultation, leadership and subject matter expertise to businesses and functions on Information Security related matters. Reviews, designs, and develops security operational processes, standards, and procedures utilizing current and new technologies to improve security controls and business performance.  Provides input on strategic information security direction that is aligned with corporate business objectives and regulatory requirements.

Direct Reports

• N/A

Principal Duties

• Subject Matter Expertise – Serves as information security subject matter expert to business areas, project teams and vendors to apply and execute appropriate use of technology solutions and participates in efforts to examine technology vision, opportunities and challenges contributing input with regard to security standards and the impact of the technology.
• Security Trends - Continually works to enhance breadth and depth of knowledge and experience. Benchmarks technology strategies and architectures. Monitors and anticipates trends and investigates organizational objectives and needs. Provides guidance on security solutions and prepares benchmarking reports and presentations.
• Project Oversight - Assesses project risk and complexity. Performs project handoffs including preparing documentation, educating, and supporting to ensure smooth transitions. Assists with the selection and design of tools that allow reuse of design components and patterns between projects.
• Vendor/Tool Selection – Participates in the research, evaluation, proof-of-concept, selection, and implementation of technology solutions. Negotiates with vendors. Provides detailed analysis of pros and cons and build vs buy options. This includes interaction with vendors, IT, and business area contacts to facilitate flexible, and scalable solutions. Ensures that the technical design considers security controls, performance, confidentiality, integrity, availability, access, and total cost. Develops working solutions or prototypes and resolves any issues that arise.
• Strategy & Architecture - Implements security strategy, architecture, and tools in accordance with company standards, policies, procedures, and other formal guidance, ensuring security technology standards and best practices are maintained across the organization.
• Process Improvement - Promotes implementation of new technology, solutions, and methods to improve business processes, efficiency, effectiveness, and value delivered to customers. Maintains operational, architectural and design documentation including procedures, task lists, and architecture blueprints.
• Information Security Risk Management - Assists with information security risk management processes, program, and strategy. Aligns information security activities with NYDFS, SOX, and GLBA regulatory requirements and internal governing enterprise risk management policies. Identifies security gaps and deficiencies by conducting risk assessments; recommend corrective action of identified vulnerabilities and weaknesses. Assists with the planning, testing, tracking, remediation, and risk acceptance for identified security risks. Assists with the creation and publication of internal controls. Ensures requisite compliance monitoring is in place to identify control weaknesses, compliance breaches and operational loss events. Ensures adequate compliance resources and training, fostering a risk and compliance focused culture and optimizing relations with corporate compliance members and regulators.
• Due Diligence – Assists with enterprise due-diligence activities including security monitoring and security metrics to evaluate effectiveness of the enterprise security program and established controls.
• Incident Response - May assist in conducting security incident response activities and post-event reviews of security incidents. Creates clear and professional documentation of root cause and risk analysis of all findings. Troubleshoots and/or executes action plans for issue resolution. May participate in investigation and contribute to reports of security threats and incidents.
• Secure Testing - Assists with security testing projects according to a structured process, including writing test plans, test cases and test reports. This may include configuration and deployment of security testing software and application of results to security analysis. Demonstrates basic proof-of-concept exploits of vulnerabilities.
• Mentoring – Interfaces with peers and senior leadership, communicates at all levels. Provides guidance to less experienced Information Security team members.

Education and Experience Requirements  

• Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s) or equivalent demonstrated work experience.
• 5+ years of experience in the areas of Information Technology, Information Security, and/or Information Risk Management.

Knowledge, Skill, and Ability Requirements 

• Working knowledge of:
  • Windows-based platforms, application, and TCP/IP network security technologies
  • Information security concepts, principles, and components of a comprehensive information security program

• Application Security concepts including common application security issues such as OWASP Top 10
• Control frameworks and control objectives
• Aptitude for and interest in information and application security
• Self-motivated and results-oriented, including ability to prioritize conflicting demands.
• Exceptional organizational skills to balance work and lead projects.
• Demonstrable leadership and interpersonal skills with experience in mentoring team members 
• Strong initiative, consensus-building, and ability to collaborate directly and build strong relationships with a variety of internal and external stakeholders (business, development, compliance, etc.)
• Strong written communication (writing sample may be requested) and professional verbal communication skills, experienced facilitator, and presenter
• Ability to adapt and apply information to new scenarios and technologies.

Additional Information:

While this description is intended to be an accurate reflection of the position’s requirements, it in no way implies/states that these are the only job responsibilities. Management reserves the right to modify, add or remove duties and request other duties, as necessary.

All employees are required to have smart phones that meet Company security standards with the ability to install apps such as Okta Verify and Microsoft Authenticator. Employment will be contingent on this requirement.

Company Benefits:

Newrez is a great place to work but we are only as strong as our greatest asset, our employees, so we believe in rewarding them!

• Medical, dental, and vision insurance

• Health Savings Account with employer contribution

• 401(k) Retirement plan with employer match

• Paid Maternity Leave/Parental Bonding Leave

• Pet insurance

• Adoption Assistance

• Tuition reimbursement

• Employee Loan Program

• The Newrez Employee Emergency and Disaster Fund is a new program to support our team members

Newrez NOW:

• Our Corporate Social Responsibility program, Newrez NOW, empowers employees to become leaders in their communities through a robust program that includes volunteering, philanthropy, nonprofit grants, and more

• 1 Volunteer Time Off (VTO) day, company-paid volunteer day where all eligible employees may participate in a volunteer event with a nonprofit of their choice

• Employee Matching Gifts Program: We will match monetary employee donations to eligible non-profit organizations, dollar-for-dollar, up to $1,000 per employee

• Newrez Grants Program: Newrez hosts a giving portal where we provide employees an abundance of resources to search for an opportunity to donate their time or monetary contributions

Equal Employment Opportunity 
We're proud to be an equal opportunity employer- and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.

CA Privacy Policy

CA Notice at Collection