AVP, Risk Assessments

Company: LPL Financial
Location: San Diego
Posted on: April 10, 2021

Job Description:

The health and safety of our employees and candidates is very important to us. Due to the current situation related to the Novel Coronavirus (COVID-19), we're leveraging our digital capabilities to ensure we can continue to recruit top talent at LPL Financial. As your application progresses, you may be asked to use one of our digital tools to help you through your recruitment journey. If so, one of our recruiters will explain what type of interviewing technology will be used throughout the recruitment process and will be on hand to answer any questions that you have. You can also email us at LPLFinancialHiring@lpl.com . Work where independent thinking and collaboration go hand in hand. Experience a culture that thrives on innovation, embraces inclusiveness, and welcomes fresh perspectives. At LPL, your talents, skills, and insights can make a difference. AVP, Risk Assessments & Penetration TestingApply Job ID: R-012410 Date posted: 01/19/2021 Primary Location SC-Fort Mill Other Locations TX-Austin , CA-San Diego Job Description:The LPL Financial Information Security and Technology Risk organization is currently hiring an AVP of Technology Risk Assessments and Penetration Testing. This position will be responsible for growing and leading a comprehensive risk program to uncover vulnerabilities and weaknesses by overseeing and performing risk assessments and penetration testing. They will also collaborate closely with various leaders and stakeholders to communicate results and help recommend key security enhancements.As a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the firm. The position affords opportunities for substantial growth. The demands and high-visibility nature of this position require an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately.Responsibilities:The person in this position will lead key functions in the Technology Risk Management Lifecycle, working in partnership with security control owners, Business leaders and the Business Information Security Officers. Specifically:
Management Responsibilities

• --- Responsible for both the risk assessment and penetration testing programs, leading the team that performs continual information security risk assessment and penetration tests.
• --- Understanding and influencing department vision and mission
• --- Responsible for providing security guidance, coaching and training to direct reports and other employees across the company
• --- Develop and execute an annual plan of risk assessments and penetration tests based on self-identified top security risks facing LPL Financial
• --- Identify and report on new and emerging security risk and risk trends, including participating in risk remediation solution discussions and updates to compliance policy and standards.
• --- Work with appropriate risk assessment owners & leadership to communicate and articulate assessment or aggregation issues/ findings.
• --- Perform other duties as assignedRisk Assessment Responsibilities
  • --- Maintain and enhance the Information Security risk assessment methodology and framework. Ensure the methodology is built for efficiency and continuously updated to reflect the ever-changing nature of cyber threats
  • --- Conduct and oversee Information security risk assessments using established methodologies establishing an accurate view of LPL Financial' s inherent and residual risk posture and determine appropriate risk baselines to manage risk to greater maturity over time
  • --- Execute periodic regulatory assessments (e.g. NYDFS, FFIEC, or NIST CSF) using structured control documentation
  • --- Leading annual cyber risk assessments in partnership with Business Leaders and Technology Business Information Security Officers.
  • --- Align with and influence Enterprise Risk Management policies, procedures, and reporting to represent Technology Risk appropriately to various risk oversight committees.Penetration Testing Responsibilities
    • --- Lead and mature the Penetration Testing program as assessments are performed against LPL Financial' s infrastructure and systems, report out findings, and work with partner vendors and teams where necessary to recommend appropriate mitigation.
    • --- Conduct tactical assessments that require expertise in social engineering, application security (web and mobile), physical methods, lateral movement, threat analysis, internal and external network architecture and a wide array of commercial and bring-your-own (BYO) products.
    • --- Build and support red / purple team exercises designed to build strength across disparate teams.
    • --- Work closely with the security operations center (SOC) to leverage intelligence sources, identify new threats in the wild and verify the organization's security posture against them.
    • --- When necessary, assist in threat and incident response (IR) tabletop exercises as well as postmortem drills with a focus on measurable improvements and benchmarking to show progress (or deficiencies requiring additional attention).Skills and Experience
      • --- 6+ years of experience in information security
      • --- 2+ years of experience leading teams
      • --- Strong knowledge and experience in risk assessment and relevant methodologies including quantitative risk management techniques
      • --- Experience with various application attack vectors, security test processes and strong knowledge of common vulnerabilities (i.e. OWASP Top 10)
      • --- Familiarity with defensive and monitoring technologies such intrusion prevention/detection systems (IPS/IDS), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP) and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).
      • --- Strong analytical skills and thinking, data-driven acumen, proficiency in analysis of risk management data, and knowledge of analytic methods
      • --- Thorough knowledge of IT processes and controls and a deep understanding of risk and control frameworks e.g. NIST, ISO, CIS Critical Security Controls
      • --- Must have good technical communication skills (both written and verbal) and the ability to effectively communicate to anyone in the organization, paired with good analytical and problem-solving skills
      • --- Prefer certifications: CISSP, CRISC, OSCP, FAIR or related certifications Why LPL? At LPL, we believe that objective financial guidance is a fundamental need for everyone. As the nation's leading independent broker-dealer, we offer an integrated platform of proprietary technology, brokerage, and investment advisor services. We provide you with a work environment that encourages your creativity and growth, a leadership team that is supportive and responsive, and the opportunity to create a career that has no limits, only amazing potential.We are--one team on one mission. We take care of our advisors, so they can take care of their clients.Because our company is not too big and not too small, you can seize the opportunity to make a real impact. We are committed to supporting workplace equality, and we embrace the different perspectives and backgrounds of our employees. We also care for our communities, and we encourage our employees to do the same. This creates an environment in which you can do your best work. Want to hear from our employees on what it's like to work at LPL? Watch this !We take social responsibility seriously. Learn more here Want to see info on our benefits? Learn more here Join the LPL team and help us make a difference by turning life's aspirations into financial realities. Please log in or create an account to apply to this position. Principals only. EOE. Information on Interviews: LPL will only communicate with a job applicant directly from an @lpl.com email address and will never conduct an interview online or in a chatroom forum. During an interview, LPL will not request any form of payment from the applicant, or information regarding an applicant's bank or credit card. Should you have any questions regarding the application process, please contact LPL's Human Resources Solutions Center at (800) 877-7210. Apply If you'd like to receive recruiter outreach, news and information from LPL Financial, as well as details on current opportunities that match your preferences and interests, please sign up below. Area(s) of Interest Select a job category from the list of options. Search for a location and select one from the list of suggestions. Finally, click "Add" to create your job alert. Job Category required* Location required*
        • Information Technology, Austin, Texas, United States Remove
        • Information Technology, San Diego, California, United States Remove
        • Information Technology, Fort Mill, South Carolina, United States Remove

Keywords: LPL Financial, San Diego , AVP, Risk Assessments, Other , San Diego, California