JOB DESCRIPTION
Are you ready to make an impact at DTCC
Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.
Pay and Benefits:
- Competitive compensation, including base pay and annual incentive
- Comprehensive health and life insurance and well-being benefits, based on location
- Pension / Retirement benefits
- Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
- DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).
The Impact you will have in this role:
The Threat Management Associate Director plays a key role in both individual contributions and cross-functional coordination. This role ensures the integrity and effectiveness of DTCC's security monitoring controls by overseeing data quality across multiple sources, identifying coverage gaps, and driving improvements in event processing and control assurance.
Your Primary Responsibilities:
- Mitigate risks by identifying, assessing, and documenting security control gaps in monitoring systems.
- Support the control validation process of the Security Monitoring Assurance program.
- Interface with internal and external stakeholders
- Partner with IT teams to remediate risks and issues impacting security monitoring controls.
- Support network security assessments to identify and enhance monitoring control effectiveness.
- Support Cyber Threat Fusion Center (CTFC) initiatives by implementing and enhancing security monitoring controls.
- Reevaluate and redesign processes to proactively manage and reduce risk to DTCC and its participants.
- Contribute to security strategy, program assessments, and control lifecycle activities.
- Assist in designing solutions with actionable metrics and defined risk thresholds.
- Align cybersecurity assessment reporting with stakeholders to strengthen DTCC's security posture.
- Lead end-to-end process analysis and risk mitigation efforts.
- Fulfill additional CTFC responsibilities and special projects as assigned.
- Integrate risk and control processes into daily operations, escalating issues appropriately.
- Build and maintain relationships across organizational levels.
- Develop and present performance and risk metrics tailored for technical and executive audiences.
- Collaborate with cross-functional teams to deliver compliant, high-quality security monitoring solutions.
- Support executive communications on Security Monitoring Assurance program status.
- Maintain and update security policies, control standards, and process documentation.
- Identify gaps in security monitoring controls and coordinate remediation with control owners.
Specific Skills & Technologies
- Proven expertise in SIEM, Network Security, Endpoint Security and security incident management technologies.
- Strong background in cybersecurity design, implementation, and documentation.
- Skilled in project management and technical presentations.
- Knowledgeable in ethical hacking, penetration testing, and vulnerability assessments.
- Familiar with industry-standard security frameworks, policies, and procedures.
- Solid understanding of network and infrastructure protocols (e.g., TCP/IP, HTTP/S, DNS, firewalls, proxies, IDS/IPS).
Qualifications:
- At least 8 years of cyber security experience, preferably in financial services or regulated environments.
- Bachelor's degree in computer science or related field.
- Security certifications (e.g., CEH, CCSP, CISSP, OSCP) are a plus.
Talents Needed for Success:
- Proven Experience with compliance management platforms like Qualys Policy Compliance (PC), HPNA, or similar
- Knowledge in SIEM, Network Security, Endpoint Security, Rapid7 and security incident management technologies.
- Strong background in cybersecurity design, implementation, and documentation.
- Skilled in project management and technical presentations.
- Proficiency inPython,PowerShell,Bash, orPerlto automate compliance checks, data parsing, and reporting.
- Familiar with industry-standard security frameworks, policies, and procedures.
- Solid understanding of network and infrastructure protocols (e.g., TCP/IP, HTTP/S, DNS, firewalls, proxies, IDS/IPS).
ABOUT THE TEAM
Enterprise Product & Platform Engineering transforms the way we deliver infrastructure to our business clients. A key construct of EP&PE will be the evolution of the IT Product Manager, who will partner with the Engineering organization, the Business Aligned Service Delivery organization, the DevSecOps organization as well as our operational support teams to ensure that this organization provides high quality, commercially attractive and timely solutions to support our business strategy.
