Security Analyst

Join a team that values your ambition and empowers your growth
At Corient, we help high- and ultra-high-net-worth individuals, families and high achievers of all types enjoy a full life, while enabling them to preserve their wealth for future generations, and provide for the people, causes and communities they care about. We focus on exceeding expectations, simplifying lives, and establishing legacies that last for generations. We are always looking for talented and motivated individuals to join our team. If you want to work for a company that values your contributions and supports your growth, we would like to meet you.
The Security Analyst will operate risk management systems and controls to ensure the confidentiality, integrity, and availability of computer networks, systems, and applications. The Security Analyst's job requirements include but are not limited to managing vendor management system, performing due diligence; and assessing internal, external, and M&A security risk.
The Security Analyst is a Cybersecurity team member and reports to the Director of IT and Security Operations. This position will work closely with the broader Technology team and key business stakeholders across all departments to support a comprehensive security program. This person will be responsible for implementing and enhancing the existing vendor management program. This includes the distribution of initial and annual third-party due diligence and assessing vendor responses for due diligence. This role will work closely with the company's contract legal team to ensure that adequate Security protections are included in vendor contracts. This role will also be responsible for M&A risk assessments.
Responsibilities
Security Operations & Administration: 85% of typical work volume

• Perform initial and annual risk assessments, and other necessary reviews, to identify, measure, and manage third-party information security risks based on company standards, leveraging demonstrated knowledge of industry security practices, standards, laws and regulations.
• Develop security compliance processes and/or audits for third parties, and external services (e.g., cloud service providers, data centers).
• Conduct security-based risk assessments of business and technology-sponsored projects and initiatives, including M&A.
• Provide dedicated support to the information security risk management processes for onboarding and oversight of all new and existing third-party vendor relationships.
• Define and document new system or interfaces and their impacts on the security posture of the current environment.
• Perform security reviews and identify gaps in security architecture.
• Review contracts, project documentation, system design documents, vendor security policies, and other vendor security references (i.e., SOC II type 2, SIG, PCI ROC, etc.) to determine the extent, type, and scope of risks of the vendor relationship.
• Communicate to business units and cross-functional teams regarding significant third-party information security events and escalate to incident management, when applicable.
• Coordinate with IT architects, project teams, and vendors to bring system designs into alignment with company security standards.

Security Governance, Risk & Compliance: 15% of typical work volume

• Identify and report opportunities for process improvements and solicit recommendations.
• Other duties and projects as assigned.

Qualifications & Requirements

• Bachelor's degree in IT, Management, or Leadership related fields.
• 3 or more years of relevant supply chain management, vendor/third-party risk management, or operations experience in financial services, information technology, or related industry.
• CISSP, CISA, CRISC or other security industry certifications.
• Functional knowledge of common information security controls, security frameworks and standards (e.g., ISO 27001, ISO 27018, SOC 1 / SSAE 16 & 18, SOC 2, NIST CSF, PCI-DSS, COBIT, CSA CCM, SIG) and ability to glean significance from findings identified in these reports and various deliverables.
• Strong analytical and problem-solving background; good project management skills with the ability to multitask and self-direct multiple ongoing tasks.
• Flexibility to adapt to changing assignments and ability to effectively prioritize.
• Effective written and verbal English communication at all levels.
• Demonstrated ability to operate and innovate in a small team with a fast-paced environment, balancing both strategic and tactical needs.
• Experience with managing and assessing cybersecurity controls across a broad range of environments.

Physical Requirements

• Prolonged periods of sitting at a desk and working on a computer.
• Must be able to lift up to 15 pounds at times.

We are an equal opportunity employer. All candidates will be recruited and, if applicable, selected and employed without regard to sex, race, religion, marital status, veteran status, age, national origin, sexual orientation, gender identity, color, creed, ancestry, disability, genetic information or any other basis prohibited by law.