Please see the below req and send me your updated resume in word document for one of the 20 positions that you fit in to work on our w2. Please confirm your minimum expected salary, visa status, current location, contact details and availability to start a new project. You can please email the resumes to firstname.lastname@example.org or call varma at 732-593-8453 Extn 202 for any questions.
Location: San Antonio, TX (remote until 10/1)
Duration: 12 months
No of positions: 10
Rate: plus expenses possible flex for strong candidate
Visa: Any Visa including H1B ok NO TRANSFERS (communication needs to be 10/10)
Second Line is definitely applied a bit inconsistently across the industry, but the basics here are that First Line own and operate the processes and controls that the business run on (so they write, implement, and operate the policies, procedures, and control environment), while Second Line looks over their shoulders to opine on whether those policies, procedures, and control environment are designed appropriately to cover all the relevant risks (all types of risk – compliance/regulatory risk, financial risk, and operational risk). If the whole Second Line function were to disappear, all the processes to safely operate the company should still be able to function. So Second Line is the group that’s performing checks (risk assessments and risk monitoring) as well as providing effective challenge (a risk-focused review) of the policies, procedures, and controls designed and operated by the first line.
- Demonstrated experience in applying IT/IS risk frameworks such as risk governance, control effectiveness measurement, process, risk and control analysis, and risk management coverage plan (monitoring, assessment and testing). Experience doing this at a highly regulated financial institution is important for this engagement.
- Strong knowledge of appropriate IT risk and control frameworks (FFIEC Handbooks, COBIT 2019, NIST, etc.)
Skills – hopefully visible in resume:
- FSI = Financial Services Industry background
o Measured in years, not months
o PCI experience itself is not being accepted for the FSI piece
- FFIEC handbooks (a framework or IT Security in the financial sector)
- Everything else listed in the JD for a particular role (you’ll see there is great overlap in the roles)
- San Antonio campus is closed until 10/1.
- After that, they would like you to be on site as much as 3 days a week, for 3 weeks out of the month
- Transportation to SA & hotel can be direct billed. Local transportation and meals (or a per diem) can be submitted for reimbursement
When submitting, please include:
o Provide a description of their background with second line at a financial services institution
o If higher level candidates (former management, CISO)
o Confirm they are open to hands-on roles where their day-to-day tasks will be directed and observed by a manager
o Include candidate’s response to following question: “How much of their cumulative experience was spent in the trenches doing the work?”
Communication – Must be 10/10
Experience performing second line effective challenge / risk assessment in FSI, along with solid Information Security technical experience (meaning hands-on technology work); Knowledge of FFIEC Handbooks, NIST CSF, NIST 800-53 risk frameworks and others. Experience designing and evaluating InfoSec processes, risks and controls.
- 50% - Solid Cyber/InfoSec Control Procedure, Control Development and Control governance framework experience (e.g. NIST CSF, COBIT 2019)
- 25% - Vulnerability Management, Security Configuration Management (e.g. Firewalls, Web Proxies, Intrusion Detection/Intrusion Prevention), Encryption, or Cyber Incident Response
- 25% - Cyber/InfoSec Process development/review and challenge (covering Process, Risk, Control Inventory work)