Are you ready to explore a world of possibilities?
Join our DTCC family, and you'll grow your expertise and become the best version of you. As you embark on a new journey, you'll be supported and surrounded by other professionals as you learn new skills, advance your career, and see the impact of your efforts every day.
Pay and Benefits:
- Competitive compensation, including base pay and annual incentive
- Comprehensive health and life insurance and well-being benefits, based on location
- Retirement benefits
- Paid Time Off and other leave of absence
- DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (Onsite Tuesdays, Wednesdays and a third day of your choosing)
Why you'll love this job:
The Information Risk Analyst is responsible for performing risk assessments of applications, infrastructure, business and technology vendors against a defined risk framework. These assessments will be conducted either through a formalized risk assessment program or through other risk reporting activities (e.g., policy exceptions, risk acceptance). The Information Risk Analyst will have the ability to identify risks in the way that a business and technology apply information and the supporting technological systems.
Your Primary Responsibilities:
- The incumbent will be responsible for supporting day-to-day activities related to the support of Free Open-Source software usage across DTCC's applications.
- This role is responsible for the Free Open-Source software governance, the design and implementation of automated control checks, and ensuring alignment application security control standards.
- The position requires experience with identifying and remediating Free Open-Source security vulnerabilities, different application security testing methodologies and related application security tools.
- The successful candidate should possess application software programming expertise, along with superb communication, project management and organizational skills.
- Collaboratively work with Application Developers driving Open-Source standard methodologies.
- Create and deliver Open-Source standard methodologies presentations.
- Schedule and perform information risk assessments using DTCC methodology; identify, document and
- communicate control deficiencies in business processes and technology systems.
- Partner with the business and technology to agree cybersecurity risk findings identified through the risk assessment (e.g., vendor, application, infrastructure), new initiatives, and ad hoc processes.
- Provide risk remediation recommendations that the business and technology may implement to mitigate identified control gaps.
**NOTE: The Primary Responsibilities of this role are not limited to the details above. **
Talents Needed For Success:
- Minimum of 2 years of related experience
- Bachelor's degree preferred or equivalent experience
Additional Qualifications:
- 2 years of software development experience.
- Experience converting Proof-Of-Concept (POC) code or vulnerability descriptions to working exploits to validate vulnerabilities.
- Financial Services Industry experience a plus but not required.
- Proficiency with Information Risk Management standard methodologies.
- Proven knowledge of technical infrastructure, networks, databases and systems and how they affect an organization's cybersecurity risk
- Proven knowledge of security methodologies, policies, standards and best practices
- Proven knowledge of information technology systems, infrastructure and operations
Who We Are:
The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
Our Risk Management teams work to protect the safety and soundness of our systems and are responsible for identifying, managing, measuring and mitigating a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.