Job Description Black Knight is the premier provider of integrated technology, services, data and analytics that lenders and servicers look to first to help successfully manage the entire loan life cycle. Our deep understanding of regulatory and compliance issues complements the knowledge, technology and solutions we offer to help our clients achieve their business goals. Black Knight offers leading software systems; data and analytics offerings; and information solutions that facilitate and automate many of the business processes across the mortgage life cycle.
JOB FAMILY DESCRIPTION
Administers an information systems program to validate security policies and regulatory requirements are met across the business, ensuring the company and its systems are protected from domestic or international security threats. Evaluates security controls to ensure effectiveness and compliance with the information security program and regulatory requirements; manages security control remediation efforts; and supports internal and external information security related audits. Uses information security tools and procedures to respond to inquiries. Recommends security solutions, advises on systems and application-level security configurations, and investigates/mitigates security risks as required.
GENERAL DUTIES & RESPONSIBILITIES
- Develops and manages security for business units across the enterprise to prevent hackers from compromising company systems and information
- Provide operational and project support for security tools including but not limited to: Security Information Event Monitoring (SIEM), Intrusion Detection Systems (IDS), Database Activity Monitoring (DAM), Data Loss Prevention (DLP), Privileged Access Management (PAM), Identity Management (IDM), Hardware Security Module (HSM), Transparent Database Encryption (TDE), Enterprise Key and Certificate Management (EKCM), Database Encryption, File Encryption, and/or API Encryption.
- Serve as the subject matter expert (SME) in relation to installation, configuration, and troubleshooting of security tools.
- Provide rotating on-call support for security tools to include nights and weekends.
- Provides direct support to the business and IT staff for security-related issues.
- Involved in the evaluation of products and/or procedures to enhance productivity and effectiveness.
- Represents the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues.
- Educates IT and the business about security policies and consults on security issues regarding user built/managed systems.
- Develops and implements security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures, and use of firewalls and encryption routines).
- Enforces security policies and procedures by administering and monitoring security profiles; reviews security violation reports; investigates possible security exceptions; and updates, maintains, and documents security controls.
- Review firewall rules and access control lists
- Performs other related duties as assigned.
Bachelor’s Degree in Computer Science, Information Systems or the equivalent combination of education, training, or work experience. Professional certification such as CISSP, CISM, etc. is strongly preferred.
GENERAL KNOWLEDGE, SKILLS & ABILITIES
- One or more of the following certifications is highly preferred: CISSP, CISM, CEH, GSEC, MCSE, RHCE, CCNP, and/or CASP
- Experience supporting one or more of the following types of security applications or tools: Security Information Event Monitoring (SIEM), Intrusion Detection Systems (IDS), Database Activity Monitoring (DAM), Data Loss Prevention (DLP), Privileged Access Management (PAM), Identity Management (IDM), Hardware Security Module (HSM), Transparent Database Encryption (TDE), Enterprise Key and Certificate Management (EKCM), Database Encryption, File Encryption, and/or API Encryption
- Experience working with QRadar, Guardium, Websense, Splunk, SafeNet, Venafi, Protegrity, SailPoint, Secret Server, or an industry equivalents is a plus
- Working knowledge of Linux, Windows, and Network Operating Systems
- Understanding of networking concepts and technologies
- Experience writing scripts to automate tasks using common scripting languages (PowerShell, Bash, Python, Perl, etc.)
- Basic knowledge of XML, JSON, and/or Regular Expressions
- Basic knowledge of databases and SQL queries
- Knowledge of infrastructure, key processes, and technology-oriented risk issues, specifically around security and privacy
- Knowledge of common information security management frameworks
- Excellent analytical, decision-making and problem-solving skills
- Ability to develop partnership-oriented relationships with business executives and functional leaders, especially as it relates to operations and technology
- Strong background in security operations, processes, solutions and technologies
- Strong understanding of policy, compliance, and best practice security principles
- Experience with enterprise risk assessment methodologies
- Must be able to multitask in a fast-paced environment with focus on timeliness, documentation, and communications with peers and business users alike.
- Proficiency in project management
- Ability to communicate well both verbally and in writing to technical and non-technical audiences of various levels within BKFS or outside the organization (executives, regulators, clients, etc.)
- Results oriented, business focused, and successful at interfacing across multiple organizational units
- Knowledge of relevant legal and regulatory requirements
- Experience working with a diverse range of data sources/streams and managing these effectively
JOB FAMILY LEVEL
Advanced professional level role. Works independently on many IT security projects as a project team member, more frequently as a project leader. Works on large, complex security issues or projects that require increased skill in multiple IT functional areas. Requires extensive knowledge of security issues, techniques and implications across all existing computer platforms. May manage or serve as a project leader for IT security projects or the security components of multi-discipline projects. Must have extensive knowledge in networking, databases, systems and/or Web operations. May coach more junior staff. Typically requires six (6) or more years of combined IT and security work experience with a broad range of exposure to systems analysis, applications development, and database design and administration and at least three (3) or more years of experience in a lower-level IT Security Analyst role.
Black Knight Financial Services is an AA/Equal Opportunity Employer