Sr Analyst, Info Security & Technology RiskApply Job ID: R-009725 Date posted: 05/12/2020 Primary Location CA-San Diego Other Locations TX-Austin , SC-Fort Mill
The LPL Financial Information Security and Technology Risk organization is currently hiring a Senior Analyst of Technology Risk Assessments. This position will be responsible for leading the program that ensures formalized risk management techniques are embedded across all aspects of Information Security.
"We are looking for an outgoing self-starter with a proven track record of understanding and communicating technology risks to achieve strategic outcomes." – VP, Information Security & Technology Risk
The person in this position will lead key functions in the Technology Risk Management Lifecycle, working in partnership with security control owners, Business leaders and the Business Information Security Officers. Specifically:
- Risk Identification
- Identify and provide insight on top security risks facing LPL Financial
- Maintain the global risk register of top security risks.
- Identify emerging Information Security risks impacting LPL Financial
- Lead and execute holistic annual and periodic assessments to identify risks
- Risks and Controls Assessment
- Execute continual cyber risk and controls assessments to establish an accurate view of LPL Financial’s inherent and residual risk posture and determine appropriate risk baselines to manage risk to greater maturity over time
- Lead the team that performs continual information security risk assessment and gap analysis processes, including assessments of new products and applications.
- Execute periodic regulatory assessments (e.g. NYDFS, FFIEC, or NIST CSF) using structured control documentation
- Leading annual cyber risk assessments in partnership with Business Leaders and Technology Business Information Security Officers.
- Acting as the subject matter expert for risk and control self-assessments
- Maintain and enhance the Information Security risk assessment methodology and framework. Ensure the methodology is built for efficiency and continuously updated to reflect the ever-changing nature of cyber threats
- Risk Treatment
- Work closely with the Business Information Security Officer team to provide support and risk guidance in remediating security risks
- Assist Information Security leadership in developing, maintaining, and enforcing policies, guidelines and standards related to Technology risk management
- Measure and Report on Technology Risk
- Identify and report on new and emerging security risk and risk trends, including participating in risk remediation solution discussions and updates to compliance policy and standards.
- Work with appropriate risk assessment owners & leadership to communicate and articulate assessment or aggregation issues/ findings.
- Develop management reporting dashboards and presentations with risk analysis finding and conclusions, and maintain these artifacts. Elicit requirements for ad hoc reporting requests, design, develop, and run risk management reports, leveraging eGRC to the extent possible for reporting purposes.
- Analyze risk data to determine correlation with threats, vulnerabilities, business processes and apply quantified and qualified risk levels.
- Determine new, and or review existing Key Risk Indicators (KRI) which can be sourced from IT systems, risk assessments, management reports, and audit artifacts. Develop, implement, and maintain all technology KRIs.
- Monitor activities to reduce cyber security risks.
- Penetration Testing Program Management
- Define and lead the penetration testing program in coordination with 3rd party vendors. Responsibilities including scoping, testing coordination, and risk rating & analysis of results.
- 3 years of experience in cybersecurity risk assessment and analysis
- 2 years working for a bank or financial institution preferred
Skills and Knowledge:
- Strong knowledge and experience in risk assessment and relevant methodologies including quantitative risk management techniques
- Proficiency in information security, risk management and audit (risk/security policies, procedures and controls)
- Knowledge of applicable information security standards and regulatory requirements
- Strong analytical skills and thinking, data-driven acumen, proficiency in analysis of risk management data, and knowledge of analytic methods
- Thorough knowledge of IT processes and controls and a deep understanding of risk and control frameworks e.g. NIST, ISO, CIS Critical Security Controls
- Good understanding of the organization’s goals, objectives, and key cyber threats and risks to those objectives
- Demonstrated ability to quickly pick up new functional and technical areas and provide oversight and direction
- Outstanding written and oral communication skills, and ability to adeptly bridge the gap between technical and business context.
- Strong interpersonal skills and ability to collaborate effectively
- Highly self-motivated and directed, and keen attention to detail
- Experience with MS Excel, eGRC systems, such as Archer or RSAM
- Prefer certifications: CISSP, CISA, CRISC, FAIR or related certifications
About LPL Financial:
LPL Financial is a leader in the retail financial advice market and the nation’s largest independent broker/dealer*. We serve independent financial advisors and financial institutions, providing them with the technology, research, clearing and compliance services, and practice management programs they need to create and grow thriving practices. LPL enables them to provide objective guidance to millions of American families seeking wealth management, retirement planning, financial planning and asset management solutions. LPL and its affiliates have more than 4,200 employees with primary offices in Boston, Charlotte, and San Diego.
*As reported by Financial Planning magazine, June 1996-2019, based on total revenue.
If you join LPL, you will join a culture that believes in delivering a world-class client experience and looks to all employees to contribute to that goal by sharing their creativity, experience, and passion for continuous improvement. As a destination of choice, our top priorities are growth and development, social responsibility, and financial health for our employees.
We offer competitive compensation and industry leading benefits, including a wellness facility with onsite fitness classes, healthy meal choices, and a walk-in clinic. We support employee financial health through a 401k match, ESPP, and employee discounts. Work/life balance is our foundation and is supported through paid holidays, and paid time off (including time to volunteer). We foster a diverse work environment through Employee Resource Groups and diverse strategic partnerships.
Join the LPL team and help us make a difference by turning life’s aspirations into financial realities. Please log in or create an account to apply to this position. Principals only. EOE.
Information on Interviews:
LPL will only communicate with a job applicant directly from an @lpl.com email address and will never conduct an interview online or in a chatroom forum. During an interview, LPL will not request any form of payment from the applicant, or information regarding an applicant’s bank or credit card. Should you have any questions regarding the application process, please contact LPL’s Human Resources Solutions Center at (800) 877-7210.