• Security Governance Analyst

    Location US-CA-Pasadena
    Category
    Information Technology
  • Overview

    Western Asset views information security as one of the top risks that the Firm must manage & has developed a program to identify, assess and address the information security challenges facing the Firm. This is achieved through deploying industry-leading technologies and a comprehensive program to safeguard Western’s information systems, assets & data.

     

    As an experienced Information Security Analyst you will be a key player in this program, responsible for ensuring that the governance and risk assessment elements of the program are operational and mature, providing key input to both the day-to-day operation of essential security oversight while expanding the scope and effectiveness of the controls.

    Responsibilities

    With broad involvement in the security program, this role is focused specifically on:

    • Risk assessment: conducting risk assessments and interfacing with the enterprise risk program. Holding risk owners accountable for remediation actions. Monitoring and assessing IT risk.
    • Collaboration: interacting with all parts of the organization including parent company and affiliated companies on cyber practices and projects
    • Third party security: Conducting due diligence of IT and business partner vendors
    • Security initiative coordination: coordination of security and business initiatives that impact Western’s security. Execution of ongoing security projects
    • Program and policy management: input and support into the overall security program. Drafting, reviewing and keeping current policies
    • Regulatory: staying current with legislation and regulatory requirements impacting security, including performing gap analyses between guidelines and practice
    • Audit: interface with audit process including internal audit, external audits and client based audits
    • Reporting: input and support into management reporting

     

    Competencies:

     

    • Must be familiar with:
      • International Standards Organization (ISO/IEC) 27001/27002
      • National Institute of Standards and Technology (NIST) Cybersecurity Framework
      • Other security frameworks and industry best practices
    • Must an excellent communicator and able to build and maintain effective working relationships
    • Must have experience conducting risk assessments
    • Must have experience developing information security policy
    • Familiarity with fixed income business processes, technologies and services and CISA/CISM/CISSP would be an advantage

    Qualifications

    Bachelor’s Degree in a relevant field is required. 

     

     

     

    How to Apply

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed