Corporation Service Company (CSC), founded in 1899, is a global leader in business administration, compliance solutions, and digital brand services, operating i
Senior Information Security Analyst
Location
Delaware
Posted
3 days ago
Salary
0
Seniority
Senior
Job Description
Senior Information Security Analyst
CSC - Corporation Service Company
Title: Senior Information Security Analyst Location: Wilmington United States Job Description: Senior Information Security Analyst Wilmington, DE Monday - Friday 8:00 am - 5:00 pm Remote The Information Technology Risk Oversight (ITRO) function, within CSC Legal, Risk & Compliance Global Shared Services, is seeking to expand its dynamic second-line IT risk oversight team with the addition of a Senior Information Security Analyst. This role is a key component of the broader Risk Management and Governance frameworks and will play a pivotal part in the continued maturation and embedding of the Enterprise Risk Management (ERM) framework. The position will focus on the oversight and management of current and emerging risks across Technology, Data, Cyber, and Artificial Intelligence (AI). The role is suited for an Information Security professional with proven second/third line oversight experience in Technology risk management and/or Technology audit in financial services. The successful candidate must have subject matter expertise in InfoSec and Cyber risk and the ability handle a variety of Tech/Cyber assurance projects across various domains. Some of the things you'll be doing: - Promote good risk management practices and governance across the organization in line with CSC Enterprise Risk management Framework (ERMF). This includes close cooperation with Enterprise Security and Business Unit technology teams. - Ensure enterprise risk management requirements are incorporated into enterprise and product governance forums and provide independent challenge to technology and business leaders on risk posture. - Provide risk advisory for new product launches, technology and AI adoptions and vendor integrations - Support and guide risk and control owners during initial control design of in-house and third party applications and emerging technologies including AI - Support and drive compliance with regulatory expectations. - Provide 1st line teams with the necessary tools (policy, standards, templates, advice and guidance) to embed a structured, consistent way of risk identification, evaluation, monitoring and reporting across Cyber Security, Technology, Data and AI risk taxonomies. - Participate and/or facilitate IT & cyber risk assessments and deep dives across key systems and applications including third party systems and SaaS solutions - Partner with Enterprise Security and BU Technology teams to ensure risks are properly recorded, tracked and remediated in CSC global GRC tool. - Participate and drive the development of risk action and mitigation plans including root cause analysis. - Promote and support the development of appropriate control frameworks to ensure Cyber security, Technology, Data and AI risks are managed responsibly - Driving firm-wide risk policy enhancements, consistent distribution of the policies, oversight of policy implementation and procedure/standard alignment - Ongoing assessment and recalibration of the global risk appetite across business units, shared services and locations across CSC - Targeted and thematic risk management deep dives. Undertake planned second line risk assessments, application control reviews and third party risk management. - Assist with Executive and Board level risk reporting on Information Security and Technology themes. - the What technical skills, experience and qualifications do you need? - Critical thinking, with a willingness to learn, grow, and challenge status quo. - Self-starter with proven track record on managing demands. - Minimum of 7 years' experience in Information Security and/or Technology Risk management within financial services ideally within regulated environments. - Relevant certification(s) e.g. CISSP, CISM, CRISC or CISA - Deep experience or equivalent experience in technology risk management, information security and cyber with a focus on risk identification, assessment and mitigation - Experience with industry frameworks such as COSO, COBIT, ISO27001, NIST and other including a solid understanding of the 3 lines of defense model. - Knowledge of Operational resilience regulations and guidelines including DORA - Hands-on experience in targeted and thematic risk management deep dives from planning, scheduling and execution with good written and communication skills to all levels of management. - Experience in using and implementing solutions with AI tools such as Claude Code / Github Copilot is an advantage. - Data management and governance experience ideal but not essential, however an interest to grow personally as the company mature. - Results orientated. A self-starter with a commitment to challenge the status quo and help drive the risk management agenda forward in partnership with colleagues across all lines of defense - Stakeholder management. The successful candidate will have excellent interpersonal skills and the ability to communicate well at all levels of the organization #CSC #CSCCareers #LI-HL1 CSC is a global business, legal, and financial services company based in Wilmington, Delaware, USA, providing knowledge-based solutions to clients worldwide. We have offices and capabilities in over 140 jurisdictions in the Americas, Europe, Asia Pacific, and the Middle East, and more than 8,000 colleagues. We are the business behind business. Visit our careers site to learn more about CSC and our commitment to our clients, communities, and each other. CSC is committed to creating a feeling of belonging through a diverse and growth-oriented environment where everyone is valued. CSC colleagues have global career opportunities and excellent benefits, including annual success-sharing bonuses or commission plans based on individual performance. To learn more, visit cscglobal.com/service/careers. We offer a range of support to colleagues with disabilities, ensuring people have the necessary resources to thrive in their roles. We encourage candidates to work closely with our talent acquisition partners to convey their specific needs. Our commitment to accessibility reflects our broader dedication to diversity and belonging, CSC only accepts resumes from employment agencies that are part of our approved supplier program. Resumes submitted from other agencies either to talent acquisition, our hiring leaders, employees, or through any other mechanism other than our supplier process, will not be eligible to claim related fees and the submitted resumes will be considered property of CSC. We encourage candidates to apply directly to our website and not through third-party sources. Disclaimer: The information above describes the general nature and level of work performed by employees in this role. It is not intended to describe all duties, responsibilities, and qualifications.
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
• Assess technical vulnerabilities and propose solutions to improve the security of our platform, working across our stack (Ruby, Go, and PHP) and developing security fixes in AWS/Lambda. • Quickly evaluate requests in the development queue to reduce the AppSec bottleneck and unblock Engineering deliveries. • Actively propose and implement fixes in code, going beyond merely reporting findings. • Conduct threat modeling and apply secure-by-design principles to product initiatives. • Create guardrails, tooling, and automations that make the secure path the default for Engineering teams. • Integrate and tune security tools in the CI/CD pipeline (SAST, SCA, and secret scanning), maintaining low noise and few false positives.
Security Analyst III
AquentA multinational staffing and recruiting agency, Aquent specializes in placing marketing and design professionals. The company provides both contract and permane
Role Description Our leading financial client is seeking a visionary cloud security professional to champion a high-visibility, critical initiative. If you are passionate about defining the future of cloud defense and want your expertise to have a direct, lasting impact on a massive enterprise-wide transformation, this is your next career defining move! In this pivotal role, you will serve as the strategic bridge between legacy infrastructure and next-generation public cloud architecture. You will be the go-to authority on network security during a major migration effort, ensuring that every workload and application transitioned is inherently secure, resilient, and compliant. This isn't just about maintaining security; it's about innovating it alongside a dynamic, forward-thinking team. What You'll Do: - Partner & Analyze: Engage deeply with application owners and infrastructure squads to dissect, map, and document application dependencies, traffic flows, and explicit connectivity needs. - Engineer Policy: Convert complex application requirements into precision-engineered network security blueprints, robust firewall matrices, and zero-trust policies. - Architect Cloud Security: Design and validate secure-by-default cloud networks, leveraging a smart mix of native cloud guardrails (Security Groups, NACLs) and enterprise-grade perimeter firewalls. - Accelerate Operations: Collaborate closely with Security Operations and perimeter defense teams to automate, optimize, and accelerate the firewall rule lifecycle from discovery to deployment. - Define Standards: Author and advocate for comprehensive cloud network security standards, clearly defining the boundaries and integration points between corporate firewall eco-systems and native cloud security. - Drive Discovery: Lead the security discovery phases for upcoming migration waves, proactively identifying and mitigating architectural dependencies. - Optimize & Troubleshoot: Act as the Tier-3 escalation point to diagnose, resolve, and fine-tune complex cloud network security configurations. Qualifications - Cloud Security Expertise: 5+ years of dedicated experience in network security engineering or architecture, with a heavy emphasis on architecting public cloud security boundaries. - Control Mastery: Deep technical knowledge of enterprise-tier firewall suites, next-gen perimeter defenses, and the practical application of defense-in-depth frameworks. - Translational Skill: A proven track record of taking messy, real-world application connectivity requirements and translating them into elegant, secure firewall rule sets. - Cloud Networking DNA: Absolute comfort with cloud-native routing, VPC/VNet architecture, subnets, and modern transit gateways. - Agile Mindset: Experience embedding security seamlessly into fast-paced Agile, DevOps, or DevSecOps delivery models. - Communication Impact: Exceptional communication and documentation skills, with the ability to articulate technical risk and security logic to both engineers and leadership. - Autonomy: A self-starting, results-driven mentality capable of navigating ambiguity in a rapidly evolving enterprise environment. - Foundational Strengths: A strong background spanning infrastructure architecture, core network engineering, and information security risk domains. Requirements - Active public cloud certifications (e.g., Cloud Security Specialty or Advanced Solutions Architect). - Hands-on experience with security policy orchestration and firewall automation tools (e.g., AlgoSec, Tufin, FireMon). - Prior experience navigating network security compliance within highly regulated industries (e.g., Finance, Healthcare, Gov). Benefits - Subsidized health, vision, and dental plans. - Paid sick leave. - Retirement plans with a match. Company Description Aquent connects the best talent in marketing, creative, and design with the world's biggest brands. Aquent is an equal-opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. We're about creating an inclusive environment—one where different backgrounds, experiences, and perspectives are valued, and everyone can contribute, grow their careers, and thrive.
• Support administration, monitoring, and tuning of email security platforms • Assist with phishing, BEC, spoofing, malware, impersonation, credential harvesting, and suspicious-message investigations • Analyze email headers, message traces, authentication results, URLs, attachments, sender reputation, and related telemetry to support detection and response • Review quarantined messages, investigate false positives and false negatives, and support allow/block and policy-tuning decisions • Assist with Microsoft 365 email security administration • Support ICES platform configuration and reporting • Use scripting languages to automate repetitive email security tasks • Maintain accurate Jira, Asana, Confluence records • Create and update SOPs, runbooks, and operational procedures
Application Security Analyst
Sound PhysiciansWe deliver uncompromising care and lasting partnerships across acute and post-acute settings.
• Integrate security controls and automated checks into CI/CD pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), secret scanning, container security scanning, and Infrastructure-as-Code (IaC) validation • Partner with developers and platform engineers to identify, prioritize, and remediate application, API, container, and cloud security risks early in the development lifecycle • Perform application security assessments, architecture reviews, and threat modeling exercises for new and existing applications • Conduct secure code reviews and provide guidance on secure coding practices aligned with OWASP Top 10, CWE, and industry standards • Support vulnerability management by validating findings, reducing false positives, tracking remediation, and helping define risk-based service-level expectations • Create and maintain documentation, standards, playbooks, and training materials related to application security, secure development, and DevSecOps practices



