Corporate IT Security Officer
Rabo Diversified Services LLC ("RDS") is part of Rabobank, a global financial services leader providing wholesale, rural and retail banking services in more than 40 countries worldwide. Founded by Dutch farmers over a century ago, Rabobank remains true to our core mission: to create value for our customers, our employees, and the local communities where we do business. Rabobank today is one of the world’s largest banks with over $650 billion in assets. In North America, Rabobank is a premier financial institution providing services across the food and agriculture value chain. RDS’s support functions champion over 1,300 employees throughout Rabo AgriFinance and Rabobank North America Wholesale, companion Rabobank subsidiaries.
The Security Officer is responsible for ensuring a consistent and adequate level of security within the region, in compliance with the Rabobank security policies and local procedures. This includes, but is not limited to conducting risk management assessments, design, testing and implementation of security controls, response to security incidents and participation as a subject matter expert in projects. This role is responsible for technical security testing, implementation and SME consultations with the business. As a technical security officer, responsibilities include direct and indirect configuration and support of various technical security tools, including ArcSight, CyberArk, vulnerability scanners, etc. As cloud related, this position will be involved as the primary SME for Security on Cloud related standards, reviews, evaluations and as a security advisor to major cloud initiatives.
Key Responsibilities & Accountabilities:
This position’s primary responsibilities are in the following areas:
Serve as a technical security subject matter expert.
Serve as SIEM and DLP subject matter expert
Serve as a Cloud security subject matter expert
Conduct internal risk assessments to document physical and/or logical access and security controls; provide advisory services to stakeholders in planning risk mitigation and/or residual risk acceptance.
Serve as the cloud security advisory on projects requiring this function.
participate in Global DLP and Security Monitoring Use Case Boards and provide local use cases to support US Regulatory requirements
Coordinate and review third party penetration testing.
Provide architectural guidance and review of regional and head office cloud related projects, ensuring local and regional compliance and security requirements are met.
Identify inefficiencies and streamline daily security operations processes (security report reviews, Symantec AV response, Qualys vulnerability management, etc).
As assigned, conduct and manage the following processes:
System, Vendor, Operational Security Risk Management Processes:
Lead SRMP reviews as Security Officer.
Evaluate system owner responses, assisting with interpretation as needed.
Work with the Asset owner to manage risk as part of the process.
Coordination of, and entry into risk management tools as appropriate.
Produce final report and present for appropriate approvals.
Other responsibilities will include:
Managing business risks/projects (e.g., running Security related projects to support business requirements);
Assist in special projects (e.g., new application implementations) ;
Follow up on possible security incidents;
Represent Security as a subject matter expert to advise in both operational process (ex: Change Management) and project based work.
Organize and ensure the monitoring of the business, corporate, and external policies and regulations
Complete all mandatory training within a timely basis, as instructed
Comply with code of conduct & Bank policies/procedures
Actively identify incidents outside of established policies & procedures and report to management immediately
Be familiar with & comply with laws, regulations, and internal policies & procedures that are applicable to required job duties
Understand & comply with all RAF & Rabobank anti-money laundering (AML), compliance, and all other applicable laws, including, but not limited to, the completion of all required AML & Sanctions training
Actively and consistently demonstrate Rabobank cultural practices.
Assist with other duties and tasks assigned by manager.
Job Knowledge, Skills, and Abilities:
Cloud Certifications such as CCSP, Azure or AWS relating to security.
Experience with production cloud operations and or security.
ArcSight Certified Analyst (ACSA) or ArcSight Certified Integrator/Administrator (ACIA)
1-3 years working in a large technical environment.
Experience working in or with internationally distributed teams.
Extensive working knowledge of many aspects of information technology infrastructure components, such as firewalls, routers, host hardening, central authentication.
Extensive knowledge of basic Security principles, and risk management.
Ability to perform independent research to understand weaknesses within the Security environments.
Information Security professional certifications (ex: ISC2, GIAC, etc).
College Degree (BS) in Engineering, Computer Science, or related field.
At least 8 years experience specifically in the information security/information risk management field, with 3-5 years in a financial regulated organization.
Excellent Communication Skills
Other Technical Certifications (Microsoft, Redhat, Oracle, etc)
Experience operating in a Global/Local Security model.
With healthcare and insurance costs on the rise, Rabo Diversified Services employees enjoy a first-class benefits package, featuring a selection of medical coverage and investment options to meet your personal needs. Our benefits program includes:
Health care spending account
Dependent care spending account
Basic life insurance plus AD&D insurance
Optional life insurance
Health and wellness seminars
Rabo provides equal opportunity in employment to all employees and applicants and does not discriminate on the basis of race, color, creed, religion, national origin, ancestry, alienage or citizenship status, age, sex, sexual orientation, gender identity, gender expression, marital status, genetic information, medical condition, physical or mental disability, pregnancy, childbirth or related medical condition, military service or veteran status, victims of domestic violence, or any other basis protected by applicable law. Rabo also prohibits harassment of any individuals on any of the bases listed above.
Consistent with this policy, Rabo embraces diversity and welcomes employees and applicants of all backgrounds. Our goal is to create an environment that is inclusive, drawing upon the strengths of the diversity of our workforce to exceed the expectations of our clients and customers.