IT Risk and Security Specialist
New York, NY 10007
High Profile International Bank has an immediate need for a bilingual English/Chinese IT Risk and Security Specialist on a contract to hire basis.
You will be be responsible for the IT compliance with all related rules, regulations, guidance from regulatory entities or committee such as OCC, FFIEC and other applicable regulatory requirements; conducting periodic reviews, analysis and managing the implementaiton of the recommendations or alerts from regulatory entities.
- Responsible for evaluating and drafting the policies, procedures and standard to meet the regulatory requirements.
- Monitoring IT operations and activities to comply with internal policies, procedures and standard, reporting of IT risk profiles and status, proposing and implementing IT risk mitigation actions.
- Developing, enhancing and implementing IT risk management program including identification, measurement, assessment, mitigation and monitoring.
- Assisting in the management of IT governance, system operation, information security, network and infrastructure maintenance, software acquisition, third party management, incident response, BCP and Contingency Plan, and project management.
- Communicating and coordinating with the U.S. regulators or examiner, internal and external auditors to ensure the concerns of examiner or auditor can be fully understand and addressed.
- Act as the key resource for disaster recovery design, planning and execution for standing up strategic virtual workloads at the DR site ahead of the upcoming data center move to a co-location facility.
- Lead Virtualization infrastructure DRP improvements, implementation and testing to ensure compliance to standard procedures and regulatory requirements.
- Provide escalation technical support and issues resolution of Windows-based servers and MS Active Directory environments. Support group policy creation and deployment across domains.
- Ensure team is complying with patching standards for IT Infrastructure along with Windows servers and Network Devices across the enterprise.
- Interact with business and local technical resources to ensure their understanding and participation, as needed, in upcoming changes
- Participate in Change Management and Problem Management.
- Strong knowledge of IT management, IT risk management framework, IT risk assessment and testing, cyber security, third party management, IT operation, inventory and patch management, BCP, incident response, and etc.
- Extensive professional experience in IT management, IT risk management, IT compliance risk assessment and testing, cyber security, third party management, and etc.
- Rich experience in communicating with regulators of OCC, Federal Reserve and implementing the corrective action plan for regulator’s concerns with satisfactory results.
- Familiar with the regulation, laws and regulatory guidance related to IT such as OCC guidance, Federal Reserve, NIST, FFIEC, COBIT5, and etc.
- Experience in virtualization/virtual system administration in a VMware environment.
- Experience using Veeam to create and maintain robust Backup and Recovery capabilities that deliver backup, recovery and replication for VMware environments, applications and data,.Substantial experience with Veeam 9.0 or better strongly preferred. Experieince in Data Center moves that involved using Veeam and/or DR tools as part of the data and infrastructure move activities is preferred. Experience in executing a DR Strategy in a real-world situation is a plus.
- Strong knowledge of Microsoft server 2003/2008/2012. Experience with Microsoft AD environment,MS Exchange Mail System. Must be knowledgeable of shares, folders and permissions. MCSE and MCITP certifications preferred.
- Experience with storage architecture and administration (EMC, Dell Equallogic is preferred)
- Expertise in implementing, administering, and troubleshooting network infrastructure devices, including: firewalls, routers, switches,, and monitoring applications
- Must be bilingual English and Chinese (Mandarin)
- Professional certifications such as CISSP, CISA, and/or ISACA