Info Security Analyst - Privilege Access Management
Ameriprise Financial, Inc.
Application
Details
Posted: 16-Sep-23
Location: Minneapolis, Minnesota
Type: Full Time
Salary: Open
Internal Number: 20271356
Responsible for effectively planning, designing, implementing and monitoring security technologies and projects that support the firms' underlying security policies and procedures. Technically design, document and implement appropriate security solutions that protect the firms' information assets. Utilize highly technical and physical forensics to ensure that security policies, standards and best practices are followed throughout the technology organization-including where vendors are utilized to provide services. Part of a team that establishes, supports and continuously improves the enterprise information security policies, practices and standards in regard to Privilege Access Management. Participate in on-going operational activities that serve to establish appropriate access to and provide the appropriate protection, confidentiality, integrity and availability of enterprise systems and data through effective security controls. Validate compliance with policies and standards that keep Ameriprise applications and infrastructure safe and secure from vulnerabilities.
Key Responsibilities:
Provide timely and effective operational support for the firm's information security tools, processes and practices with regards to Privilege Access Management solution (CyberArk). Partner with other support teams and vendors to resolve problems or implement new products or services. Use standard technology monitoring tools to monitor assigned environments and/or technical assets and identify/detect behavior outside of established standards. Escalate key security issues to the appropriate team to be addressed. Assist with security assurance testing activities.
Monitor compliance with information security policies and practices and any applicable laws. Assist with internal and external security risk assessments, risk analysis and application or system-level vulnerability testing and reviews. Participate in the assessment of compliance with security regulations such as PCI, GLBA, FFIEC, etc. Participate in periodic application security health checks. Monitor and document vendor compliance with Ameriprise security requirements.
Assist with the research, development, continuous improvement and implementation of security policies, procedures, standards and processes based on compliance requirements and industry best practices. Document the Ameriprise information security requirements, processes and procedures. Enforce information security policies and procedures by reviewing security violation reports, investigating possible security exceptions and documenting security controls.
Prepare status reports on information security matters that are used for a variety of purposes - tracking and monitoring security breaches, forensic investigative activities, remediation plan management and risk management and compliance reporting. Effectively manage and prioritize ad-hoc reporting requests, scorecards and standard departmental reporting. Coordinate with internal team and external auditors to provide documentation of compliance assessments, support and remediation activities.
Review, analyze and respond to security events triggered through automated security monitoring systems. Validate and track security breaches, along with threats to the firm's logical information, while still allowing for appropriate access. Coordinate responses to information security incidents. Work to reduce information security risks by effectively administering the information security processes across the vulnerability scanning, anomaly detection, intrusion detection, security policy and forensic functions.
Maintain and develop knowledge of regulatory security trends, new security technologies and best practices. Conduct security and industry specific research to keep self and the firm abreast of the latest security issues and regulatory developments that may impact existing policies, procedures and practices. Participate in information security education, training and awareness activities for technology and business teams.
Required Qualifications:
Bachelor's degree in information security, Computer Science, or related technical field; or equivalent work experience.
3-5 years of relevant experience required.
3+ years of experience in information security or related technical field.
Broad work experience that spans one or more of the information security functions - policy development, education, executing penetration testing and application vulnerability assessments, risk analysis and compliance testing.
Working knowledge of information security and computer network/system access technologies.
Experience working in the financial services industry or other highly regulated/compliance-oriented environments.
Effective verbal and written communication skills that include the ability to describe highly technical concepts in non-technical terms.
Preferred Qualifications:
Certifications preferred: CISSP, CISA, CISM, CRISC; or equivalent security certification.
Broad hands-on knowledge of firewalls, intrusions detection/prevention systems, anti-virus software, data encryption and other industry-standard techniques and practices.
Very good understanding of security controls, monitoring systems and regulatory/business drivers that impact security policies and practices.
Familiarity with technology risk assessment/SOX IT General Controls requirements and/or other related regulatory requirements.
Knowledge of Privilege Access Management (PAM) solutions such as CyberArk. Be able to answer questions about onboarding, decommissioning and managing secrets vaulted in a PAM solution. Experience working with partner teams supporting their credential retrieval and technical set up.
Experience scripting automation of tasks in PowerShell, Python or other similar languages. Knowledge of code development life cycle and quality assurance. Strong/diverse technical background in enterprise networking, firewall, storage options, server infrastructure, operating systems, database technologies, and desktop operating systems and security.
NOTE: The company does not offer L Visa sponsorship for this opportunity.
About Our Company We're a diversified financial services leader with more than $1 trillion in assets under management and administration. Our team of 20,000 people in more than 20 countries advise, manage and protect the assets and income of more than 2 million individual, small business and institutional clients. We are a long-standing leader in financial planning and advice, a global asset manager and an insurer. Our unwavering focus on our clients and strong financial foundation connects each of our unique businesses - Ameriprise Financial Services, Columbia Threadneedle Investments and RiverSource Insurance and Annuities. Here, we foster meaningful careers, invest in the future, and make a difference for clients, institutions and communities around the world.
Ameriprise Financial is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, national origin, genetic information, age, sexual orientation, citizenship, gender identity, disability, veteran status, marital status, family status or any other basis prohibited by law.
