Senior Security Analyst in Heredia at TradeStation

Date Posted: 10/17/2021

Job Snapshot

Job Description

Senior Security Analyst
Heredia, Costa Rica
TradeStation is an online brokerage firm seeking to level the playing field for self-directed investors and traders, empowering them to claim their individual financial edge.  At TradeStation, we're continuously pushing the boundaries of what's possible, encouraging out-of-the-box thinking and relentless search for innovation.  We offer a collaborative work environment, competitive salaries, comprehensive benefits and a generous PTO policy.
The Security Senior Analyst is responsible for supporting the Information Security Team in ensuring the protection of the company’s assets from unauthorized access. This includes:
  • Provide guidance to technology teams in regard to regulatory and compliance needs
  • Liaise with internal/external regulatory and audit organizations
  • Work with teams in all business lines to further company Security goals
  • Work with various company’s department to ensure the Information Security team stays abreast of new regulatory, legal, and/or compliance security requirements
  • Drive end-user adoption of Security controls through ongoing interaction with stakeholders across the business
  • Provide guidance to technology groups in their development of compliance artifacts and controls
  • Evaluate and test the design and operating effectiveness of technical and administrative security controls
  • Design and implement periodic security assessments to ensure compliance with information security policies and established security controls, especially for cloud-hosted data environments
  • Develop metrics and compliance dashboards to measure progress for security initiatives, communicate team accomplishments and the effectiveness of audited security processes
  • Assist with maturing the Risk Register, Policy & Standards Exception Tracking, and Security Dashboard
  • Work with internal resources to conduct and manage an assessment program for compliance requirements, including auditing and monitor privileged access to critical information systems; authorization processes; change control processes, and IT operational processes
  • Support the development, monitoring and enforcement of Information Security policies, standards,  procedures, guidelines, and methodologies to maintain compliance where applicable
  • Oversee and coordinate IT audit requests and evidence in partnership with Internal Audit to facilitate compliance with Sarbanes-Oxley, including IT General Controls (ITGC), Quarterly Access Reviews and IT Process narratives
  • Assist with configuring, installing, and administering security tools and systems
  • Provide support for project assignments with strong and effective communication, time management and collaboration skills
  • Assist with other security related initiatives as they arise
  • Excellent English verbal and written communication skills
  • Self-driven, organized, details-oriented with ownership attitude
  • Strong analytical, problem solving, and troubleshooting skills
  • Ability to multi-task and prioritize work with a focus on quality, completeness and accuracy
  • Excellent skills with Microsoft Office and Atlassian tools (Jira and Confluence)
  • Working knowledge of various regulatory and industry standards (GDPR, CCPA,PCI DSS, ISO27001, SOC-2) with a proven experience with Banking and financial services regulations such as Bank Secrecy Act, FinCen
  • Experience writing and managing Information Security policies, standards and procedures
  • Experience mapping common IT general controls across multiple frameworks such as COBIT, NIST
  • Deep understanding of Agile, SDLC and CI/CD concepts
  • Direct experience with security and privacy in cloud (Microsoft Azure and Amazon Web Services) environments required
  • Demonstrable knowledge of Azure and AWS security controls
  • Working experience developing documentation and conducting reviews
  • Must be located in Costa Rica and able to work core EST hours
  • Bachelor's Degree in Computer Science/Information Technology/ Information Security or equivalent work experience required
  • Minimum of 7 years of Information Technology and/or Information Security work experience is required
  • 3+ years of experience in Information Security with an emphasis on IT audit, IT compliance and/or IT risk management.
  • 3+ years of experience operating, monitoring and enforcing security policies, standards, tools, controls and systems in large scale organizations.
  • Working knowledge of Cloud environment such as AWS and Azure
  • An acknowledged industry security certification such as Security+, CASP+ or CySA+ is required
  • Experience as a software developer is a plus
  • AWS, Azure certification(s) are a plus
  • Knowledge of the Cryptocurrency environment is a plus
  • Demonstrated progression toward security career goals and willing to pursue relevant professional designations (ex. CISA, CISAM, CISSP)