May 11, 2021

Senior Information Security Engineer

[easy-social-share buttons="facebook,twitter,google,mail" morebutton_icon="plus" counters=0 style="icon"]

Company Description

HedgeServ is a fast-growing service-driven global administrator. We feature a unique technology platform with one of the most experienced service teams in the industry. HedgeServ provides a service solution for front office, risk, valuations, middle office, fund accounting, investor services and fund administration. Our services are completely customized for the needs of our individual hedge fund, fund of hedge funds and private equity fund clients. HedgeServ employs professionals globally across offices in New York, Dublin, London, Boston, Grand Cayman, Luxembourg, Sydney and Cork.

To find out more information about HedgeServ, please visit www.hedgeserv.com.

Job Description

The Senior Information Security Engineer is responsible for the development, implementation and operations of a comprehensive, enterprise-wide information security strategy and program for HedgeServ. S/he sets security policies, standards and processes and leads the development of enterprise-wide risk profiles; utilizes a risk-based methodology to inform work; anticipates threats and identifies potential impact; and serves as HedgeServ’s representative regarding security strategy and execution of HedgeServ’s security roadmap. The Senior Information Security Engineer will be responsible for utilizing and onboarding cutting edge security tools leveraging AI, ML, and adaptive analysis. Reporting to the Chief Information Security Officer, the Senior Engineer has duties that include but are not limited to:

  • Develops and implements a risk management program for security and privacy-related areas, which includes modeling threats, identifying risks and vulnerabilities, establishing a risk analysis and mitigation plan, and reporting to executive management on both a regular and event-driven basis
  • Leads a cross-functional security organization that may draw upon the resources and technical expertise from IT and other technology organizations
  • Provides strategic and tactical security guidance for programs and projects that may involve security controls, including the evaluation of the enterprise architecture, hardware, software and technical controls
  • Leads an enterprise information security incident response organization, provides oversight over security investigations, and assists with disciplinary and legal matters associated with security breaches and policy violations as necessary
  • Works proactively with the IT Leadership team and their direct reports to assure strategic plans, security programs, and technical controls are aligned with their respective business strategies and in compliance with policies, applicable laws and regulations
  • Coordinates the development and delivery of a security awareness training program for employees, contractors, and other parties.
  • Coordinates the use of external third-party resources involved in the development, implementation and monitoring of the information security program, including performing penetration tests.
  • Establishes a metrics-driven dashboard to evaluate the effectiveness of the Information Security program.
  • Serves as a key thought leader in the field of Information Security, which includes working with key partners and vendors to develop thought leadership around policies, process, and capabilities that can help change or enhance the security strategy at HedgeServ
  • Keeps informed of new technologies or application methodologies through publications, membership in professional organizations and contact with other IT organizations and institutions.
  • Manage the Day-to-day administration of end-point protection / HIDS systems
  • Security Analytics / event correlation systems administration, rules development, etc.
  • Participate in the design and day to day administration of security systems that reflect state-of-the-art security best practices and compliance, ensuring a focus on balancing security effectiveness without introducing material operational friction – strong focus on DevOps and team enablement
  • Developing, managing, and maintaining a posture of security practice / technology modernity with all systems under the purview of the global IT portfolio, includes, a server portfolio comprised of Windows and Linux systems on a range of X86/64 servers, the .NET and Java stacks, firewalls, ID/P (NIDS&HIDS), DLP, network-based AV, etc.

Requirements

Pre-requisite knowledge, skills and experience:

  • Bachelor’s degree or higher with a major in computer science, information technology, business or public administration, or related disciplines
  • 10+ years of management experience in the information technology field or similar experience
  • Excellent interpersonal, verbal and written communication skills
  • Experience contracting and managing vendor relationships
  • Strong Project Management Experience
  • Detail orientated and strong documentation experience
  • Securing communications, applications and business systems
  • Performance of risk IT assessments
  • Strong cloud (AWS) and security background
  • Oversee drafting of policies and procedures for secure daily operations
  • Physical and technical security implementation
  • Security education methodology and campaign
  • Selection, testing deployment and maintenance of security hardware
  • Planning, testing and managing disaster recovery and security breaches
  • Incident Management and investigation
  • Understanding of threat landscape and ability to manage risk across a dispersed portfolio
  • Familiarity with Cyber Security frameworks, including NIST and ISO Security Architecture/Engineering
  • Forward thinking, pro-active approach to security
  • Self-starter, resolution-minded, outside the box thinker and doer
  • Must have a sense of urgency and the ability to shift priorities as needed

Technical Responsibilities/Qualifications:

  • Securing communications, applications and business systems
  • Performance of risk IT assessments
  • Strong cloud (AWS) and security background
  • Oversee drafting of policies and procedures for secure daily operations
  • Physical and technical security implementation
  • Security education methodology and campaign
  • Selection, testing deployment and maintenance of security hardware
  • Planning, testing and managing disaster recovery and security breaches
  • Incident Management and investigation
  • Understanding of threat landscape and ability to manage risk across a dispersed portfolio
  • Familiarity with Cyber Security frameworks, including NIST and ISO Security Architecture/Engineering
  • Forward thinking, pro-active approach to security
  • Self-starter, resolution-minded, outside the box thinker and doer
  • Must have a sense of urgency and the ability to shift priorities as needed

Information Security Technical Focuses:

  • Focus around AWS and Azure security
  • Layer 7 Firewall implementation, management, and investigation
  • Knowledge and usage of Enterprise Discovery and Response platforms
  • Threat intelligence platforms
  • Security Operations Center creation and operation
  • Vulnerability management platforms
  • Privileged Access Management frameworks, creation, and implementation
  • Signatureless antimalware
  • IPS/IDS systems (preferably with AI)
  • Strong grasp of NIST SP800-53, ISO27001, ISO27002, ISO27017
  • Certified Information Security Systems Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)

Preference for any of the following certifications:

  • Certified Information Security Systems Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)

Benefits

  • Attractive compensation package including extensive set of benefits
  • Professional environment with great development opportunities
  • Enjoy a start-up like environment on the back of a well-established and profitable company
  • Work in a culture that rewards results
  • Be free to make many of your own decisions
  • Flexibility in working hours
  • Brand new office in the heart of Sofia