A SecDesign Generalist has the following responsibilities:

1.Lead SecDesign security analysis of the architecture or solution with the requestor of the assessment.

2.Prioritize risks identified in relation to business risks.

3.Conduct assessment and provide technology risk/requirements to the requestor. Areas covered:

a. Authentication, Authorization, Auditing

b. Application Security: Session Security, Vulnerability/Pen Testing items, Input Validation

c. Secure data transport and storage

d. Network Security Principles and best practices

e. Cloud Security Principles and best practices

4. Periodically review security reference architecture (security blueprints) and conduct updates/enhancements.

5. Participate in various Operational and Technology Risk governance processes.

6. Assist in identifying new areas and opportunities of technology investment for the firm.

7. Liaise with Risk Officers, Business stakeholders and senior management regarding identified risks and remediation deadlines.

Skills and Experience

Soft Skills (Required)

1. Excellent communication skills: written, oral, presentation, listening.

2. Ability to influence through factual reasoning.

3. Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking.

4. Strong focus on delivery when presented with short timelines and increased involvement from senior management.

5. Ability to adjust communication of technology risks vs business risks based on the audience.