Senior Principal Cybersecurity Analyst, CAT

The Senior Principal Cybersecurity Analyst in FINRA CAT is responsible for leading, supporting, and promoting the development, deployment, operation, monitoring, documentation, and oversight of cybersecurity controls and processes.

Essential Job Functions:


* Manages and communicates cybersecurity threats, risks, and state of controls to the Chief Information Security Officer (CISO) and stakeholders.


* Implements and operates security controls and automation across multiple cybersecurity subdomains.

Ensures security controls are well designed, effectively implemented, and aligned with organizational policies.

Designs and implements automated solutions for efficiently managing cybersecurity risk.


* Utilizes a variety of tools and resources to identify cyber security threats, vulnerabilities, configuration defects, and other deficiencies to determine root cause and manage remediation strategies and countermeasures.


* Facilitates and supports security event and incident response activities.


* Defines, enforces, and promotes information security policies and related governance artifacts and processes.


* Ensures compliance with applicable regulatory and contractual requirements.


* Manages security vendor relationships; ensure vendors comply with contractual commitments.


* Demonstrates FINRA’s values.


* Collaborates, both in-person and virtually, in furtherance of FINRA’s mission of investor protection and market integrity.

Education/Experience Requirements:


* Bachelor’s degree in computer science, computer engineering, cybersecurity, or technical field preferred and a minimum of eight (8) years of related experience.


* Experience in multiple cybersecurity domains appropriate to the job description, including designing, implementing, operating, monitoring, and assessing security controls for cloud-based systems such as AWS required.


* Substantial experience designing, implementing, and operating a variety of tools and resources to identify cyber security threats, vulnerabilities, configuration defects, and other deficiencies to determine root cause and manage remediation strategies and countermeasures.


* Hands-on coding experience desired, especially as applied to creating tools and automation to customize, optimize, and enhance security controls.


* Understanding of common cybersecurity vulnerabilities and attack patterns and ability to explain how they are both exploited and countered.


* Experience supporting compliance with security frameworks, especially NIST 800, desirable.


* Must demonstrate intellectual curiosity and attention to detail, with strong verbal and written communication skills

Working Conditions:


* Hybrid work environment, with defined in-person presence requirements.


* Occasional travel and extended hours may be required.

For work that is performed in CA, CO, IL, Jersey City, NJ, New York City, NY, MA, MD, Washington, DC, NJ State an...