Company Overview
Based in New York City, Social Capital Resources is a specialized recruiting firm serving the Financial Services, Finance/Accounting, FinTech, and Technology sectors. We are committed to supporting both clients and candidates by delivering tailored recruitment solutions that align with their long-term goals.
At Social Capital, we live by the philosophy: “It’s not just who you know—it’s who you get to know.” We invest in building meaningful, lasting relationships that extend far beyond the hiring process, supporting professionals throughout their entire careers.
The term “social capital” refers to the networks and connections that enable individuals and organizations to thrive together. We believe that assembling the right team is a critical step toward operational success. Our mission is to help clients build high-performing teams while guiding candidates toward rewarding and purpose-driven career paths—so that your organization can operate at its highest potential.
Key Responsibilities:
-
Develop, update, and maintain comprehensive information security manuals and documentation.
-
Manage daily monitoring activities using Data Loss Prevention (DLP) tools such as Trellix EPO and TMS.
-
Utilize Spirion to design and execute scans that identify files containing Personally Identifiable Information (PII), ensuring alignment with data retention policies.
-
Oversee Privileged Access Management (PAM) and generate regular audit and compliance reports.
-
Facilitate weekly IT security meetings to address system vulnerabilities, patch management, and alerts generated by security tools.
-
Continuously monitor threat intelligence feeds, including Qualys Threat Protection and CISA alerts, and coordinate proactive network defense strategies.
-
Collaborate with control owners to remediate security deficiencies and track resolution progress.
-
Support the development and enhancement of the organization’s Information Security Program, focusing on strategic improvements and increased maturity.
-
Assess, manage, and mitigate security risks across IT infrastructure, applications, platforms, and third-party vendors, ensuring accountability and clear remediation timelines.
-
Provide regular status updates and progress reports on remediation activities to the Chief Information Security Officer (CISO) and/or Chief Risk Officer (CRO).
-
Conduct vulnerability assessments using Qualys and collaborate with IT teams and end-users to resolve identified issues.
-
Prepare and deliver daily, weekly, and monthly security reports to track incidents, assess trends, and ensure timely remediation.
-
Lead risk assessments, internal audits, governance initiatives, and policy compliance efforts, with a preference for experience in financial institutions.
-
Align security controls with organizational policies, procedures, and standards, and perform control testing to ensure comprehensive coverage.
-
Monitor daily system events for signs of malicious activity and respond promptly to potential threats.
-
Review and approve firewall rule changes using Tufin, ensuring secure network configurations.
-
Analyze security events using AlienVault SIEM and follow up on any anomalies or incidents.
-
Monitor for intrusion and exploit attempts using TippingPoint Intrusion Prevention System (IPS).
-
Coordinate with external vendors for the support, troubleshooting, and maintenance of security tools and technologies.
Qualifications:
-
Minimum of 5 years of experience in information security governance, risk management, and compliance.
-
Bachelor’s degree in Information Security, Computer Science, or a related field.
-
Relevant certifications such as CISSP, CISA, CISM, or CEH are preferred but not required.
-
Strong understanding of security frameworks and standards including NIST, SOC 2, ISO 27001, FFIEC, and NYDFS Part 500.
-
Excellent written and verbal communication skills; must be fluent in English.
-
Hands-on experience with Governance, Risk, and Compliance (GRC) tools such as RSA Archer.
-
Proficient in Microsoft Office Suite, including Excel, Word, PowerPoint, and Outlook.