Security Specialist Sr - Policy & Controls Governance
Home Location-MA (MAH01)
In collaboration with other members of the Security Policy and Compliance team, this role is responsible for identifying gaps and opportunities to mature the cybersecurity program through the management of a cybersecurity maturity framework like the CRI FS Profile (2.0).
Expert Experience needed with all of the following:
- Knowledge sharing with the lines of business and other security partners on ensuring gaps are remediated, and risks are mitigated as appropriate per the organization’s risk appetite.
- Collaborate with key stakeholders inside Enterprise Information Security as well as CIO and CTO organizations to ensure technical security controls are enabled as part of a risk mitigation strategy
- Provide support of internal audits and regulatory exams across the Security portfolio, providing guidance, oversight and coordination as needed. Responsible for coordinating audit and exam support services including contributing to narrative and artifact generation and cataloguing.
- Keep up to date with the regulatory landscape, partnering with internal legal and regulatory intelligence services, and strategic security partnerships.
- Help to influence the financial services sector’s adoption of standards, frameworks and guidance
- Knowledge of the following framework(s) (ISO 27001, NIST 800-53, CRI, COBIT, PCI)
- Must have excellent time management skills and possess the ability to pivot workload on a moments notice
- Must enjoy working in a team and collaborative environment with little supervision
- Experience in the banking/financial industry is a plus
- Certifications pertaining to the position such as CISA, CRISC, CGEIT, CIPT, CIPP, CISSP, CTPRP, is a plusJob Description
- Provides technical evaluation and analysis in a specific Security area. Supports activities, process, and tools needed to improve overall security posture of the organization. Primary responsibilities do not include Architect or Engineering responsibilities. Provides subject matter expertise.
- Applies security concepts, reviews information, executes defined tasks, analyzes requirements, reviews logs, creates documentation. Performs investigation and data loss prevention, data manipulation, coordination of activities. Performs actions to address or mitigate risks and vulnerabilities. Reviews and defines controls.
- Advises on more complex security procedures and products for clients, security administrators and network operations. Participates in enforcement of control security risks and threats; potential of one more controls subject to manager discretion. Shares knowledge with staff.
- Conducts security assessments and other information security routines consistently. Investigates and recommends corrective actions for data security related to established guidelines.
- Develops policies and procedures to standardize security functions and eliminate potential vulnerabilities and threats. Oversees that business needs are being met during development.
- Shares knowledge, leads and mentors are the discretion of management. Aligns the controls of a specific Security area to the enterprise framework. Devises control implementation strategy.
PNC Employees take pride in our reputation and to continue building upon that we expect our employees to be:
- Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.
- Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support PNC's Enterprise Risk Management Framework.
Successful candidates must demonstrate appropriate knowledge, skills, and abilities for a role. Listed below are skills, competencies, work experience, education, and required certifications/licensures needed to be successful in this position.
Preferred Skills
Access Control (AC), Building Architecture, Customer Solutions, Disaster Recovery Planning, Information Security, Network Security, Physical Security, Risk Assessments, Security TechnologiesCompetencies
Analytical Thinking, Effective Communications, Information Assurance, Information Security Management, Information Security Technologies, IT Environment, IT Standards, Procedures & Policies, IT Systems Management, Knowledge of Organization, Problem Solving, Software Security AssuranceWork Experience
Roles at this level typically require a university / college degree. Higher level education such as a Masters degree, PhD, or certifications is desirable. Industry relevant experience is typically 8+ years. Specific certifications are often required. In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.Education
BachelorsCertifications
No Required Certification(s)Licenses
No Required License(s)Pay TransparencyBase Salary: $88,000.00 – $209,300.00Salaries may vary based on geographic location, market data and on individual skills, experience, and education. This role is incentive eligible with the payment based upon company, business and/or individual performance.Application WindowGenerally, this opening is expected to be posted for two business days from 11/14/2024, although it may be longer with business discretion.BenefitsPNC offers a comprehensive range of benefits to help meet your needs now and in the future. Depending on your eligibility, options for full-time employees include: medical/prescription drug coverage (with a Health Savings Account feature), dental and vision options; employee and spouse/child life insurance; short and long-term disability protection; 401(k) with PNC match, pension and stock purchase plans; dependent care reimbursement account; back-up child/elder care; adoption, surrogacy, and doula reimbursement; educational assistance, including select programs fully paid; a robust wellness program with financial incentives.In addition, PNC generally provides the following paid time off, depending on your eligibility*: maternity and/or parental leave; up to 11 paid holidays each year; 8 occasional absence days each year, unless otherwise required by law; between 15 to 25 vacation days each year, depending on career level; and years of service.To learn more about these and other programs, including benefits for full time and part-time employees, visit pncbenefits.com > New to PNC.
*For more information, please click on the following links:
PNC Full-Time Benefits Summary
PNC Part-Time Benefits Summary
Disability Accommodations StatementIf an accommodation is required to participate in the application process, please contact us via email at AccommodationRequest@pnc.com. Please include “accommodation request” in the subject line title and be sure to include your name, the job ID, and your preferred method of contact in the body of the email. Emails not related to accommodation requests will not receive responses. Applicants may also call 877-968-7762 and say "Workday" for accommodation assistance. All information provided will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.
At PNC we foster an inclusive and accessible workplace. We provide reasonable accommodations to employment applicants and qualified individuals with a disability who need an accommodation to perform the essential functions of their positions.
PNC provides equal employment opportunity to qualified persons regardless of race, color, sex, religion, national origin, age, sexual orientation, gender identity, disability, veteran status, or other categories protected by law.
Refer to the California Consumer Privacy Act Privacy Notice to gain understanding of how PNC may use or disclose your personal information in our hiring practices.
ApplyJob Profile
May not be available in all geographic locations Not available in all geographic locations Position may not be available in all geographic locations Remote position This position may not be available in all geographic locations Work may be performed from a quiet, confidential space in a home location, approved by PNC
Benefits/PerksCollaborative environment Dental and vision options Dependent care reimbursement Disability protection Educational Assistance Health savings account Incentive eligible Inclusive workplace Inclusive workplace culture Life Insurance Opportunity for contribution Pension Remote position Remote work Stock purchase plans Vision options Wellness program
Tasks- Collaborate with stakeholders
- Conduct security assessments
- Development
- Develop security policies
- Documentation
- Identify gaps in cybersecurity
- Influence standards adoption
- Mitigate risks
- Monitor regulatory landscape
- Problem solving
- Risk Management
- Support audits and regulatory exams
Access Control Analysis Analytical Analytical thinking Architecture Audit Support Banking Business decisions Business Needs Business Objectives COBIT Collaboration Compliance CRI Customer Needs Customer solutions Cybersecurity Data Loss Prevention Data Security Disaster Recovery Documentation Effective Communications Enterprise Risk Management Financial Services Governance Implementation Information Assurance Information security Internal Audits ISO 27001 IT Environment IT standards Management Network security NIST 800-53 Operations Organization PCI Physical security Planning Policy Development Procedures & policies Regulatory Risk assessments Risk Management Risk mitigation Security Security assessments Security Technologies Service Software Time Management
Experience5 years
Education CertificationsCGEIT CIPP CIPT CISA CISSP CRISC CTPRP
TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9