TIAA Jobs

Job Information

Nuveen Investments Senior IT Cyber Security Analyst in London, United Kingdom

COMPANY OVERVIEW:

Nuveen is the investment management arm of TIAA. It is one of the largest global asset managers with specialist knowledge across a wide array of asset classes, including fixed income, listed equities and alternatives. Nuveen is driven not only by the independent investment processes across the firm, but also the insights, risk management, analytics and other tools and resources a truly world-class platform provides. As a global asset manager, our mission is to work in partnership with our clients to create outcome-focused solutions to help them secure their financial future. For more information about the firm please visit our website at www.nuveen.com

Â

KEY RESPONSIBILITIES AND DUTIES:

Sr Info Security Gov & Risk Specialist

The Senior Information Security Governance & Risk Specialist identifies and manages potential information security risks to the environment by conducting control assessments, vendor due diligence and creating remediation action plans to mitigate cybersecurity risks. Under limited supervision, this job identifies potential future risks by assessing network traffic, following information security and risk industry trends, and consistently monitoring different environments to minimize possible risk exposure for the organization.

Key Responsibilities and Duties

  • Completes cybersecurity risk assessments and maturity assessments to identify inherent risk and implemented security controls.

  • Works with technology and risk partners to create remediation action plans to mitigate cybersecurity risks and govern action plans through until completion.

  • Drives the remediation of control gaps based on priorities set by the organization.

  • Creates reports and documents regarding potential risks in different environments based on research findings and industry trends.

  • Improves cyber engagement across the organization by providing cyber security inputs to appropriately secure technologies and strategic initiatives.

  • Conducts control assessments to determine how prepared the current network resources are to protect from potential risks.

  • Tests Information Assurance safeguards and employs Computer Network Defense tools and approved practices to protect networks.

  • Coaches and reviews the work of lower level professionals.

Qualifications

  • 3 Years Required; 5 Years Preferred

  • University (Degree), Preferred

Physical Requirements

  • Physical Requirements: Sedentary Work

Preferred Education

  • University (Degree)

Career Level

7IC

Job Title: Senior IT Cyber Security Analyst   Â

Reporting to: IT Security Manager, Europe and Asia Pacific     Â

Department: Information Technology (IT)Â Â

Location: London       Â

Nuveen is the investment management arm of TIAA. It is one of the largest global asset managers with specialist knowledge across a wide array of asset classes, including fixed income, equities and alternatives.  Nuveen is driven not only by the independent investment processes across the firm, but also the insights, risk management, analytics and other tools and resources a truly world-class platform provides. As a global asset manager, our mission is to work in partnership with our clients to create outcome-focused solutions to help them secure their financial future. For more information about the firm please visit our website at www.Nuveen.com

Overview of the Role

You will be working as part of a dynamic Security Team with responsibilities covering Europe and Asia Pacific business regions. You will be responsible for protecting business information and assets and will be directly involved in responding to the ever changing threats of the cyber security landscape.

The role is central to the day-to-day operation of security systems and will be required to coordinate with several teams. You will be responsible for detecting, analysing and responding to real-time threats and risks to Nuveen’s technology and information assets.

The position will involve critical thinking and require someone who is looking to take ownership of information systems and work streams. You will have opportunity to work with new technologies and be involved in building new security solutions.

Key responsibilities will include:

Monitor

Administrate, operate and monitor security applications and systems including: SIEM alerts, web and email content filtering, and data leakage prevention

Maintain and produce metrics on the status of technical information security controls across NRE and identifying trends, anomalies and/or threats and risks to the business

Triage and Analysis

Conduct preliminary incident triage and analysis to as part of incident response management

Determine and classify the severity of alerts and assess potential impacts as per escalate process

Coordinate investigations with the Security Operations Centre to identify indications of compromise

Work with IT Operations and Business Applications Teams

Response

Act as first point of contact for all security incident and anomalies ensuring the IT Security Manager is informed

Follow security operations processes and procedures

Ensure Security Incidents are tracked and recorded within the IT Service Management platform by creating service tickets

Complete Incident Report ensuring all details are recorded including post-incident review

Technical Skills & Qualifications Required

Knowledge and operational experience in: firewalls, intrusion detection and prevention systems, SIEM, web and email content filtering.

Knowledge and operational experience with Active Directory. Access and identity Management solutions an advantage.

Knowledge of networking and the ability utilise that knowledge in security investigations.

Operational experience of data leakage prevention, and responding to data loss events.

Operational experience of maintaining vulnerability scanning scheduling, policy configuration and reporting.

Knowledge and experience of working with, or as part of, a Security Operations Centre

Awareness and understanding of vulnerability management.

Awareness and understanding of threat management.

Awareness and understanding of security frameworks such as ISO27001, NIST, and CIS

Understanding of Enterprise Risk Management principle

The ability to analyse log files.

Microsoft Office for report writing with specific reference to management information metrics, charts and presentations.

FCA registration required: No.

TIAA offers support for those who need assistance with our online application process to provide an equal employment opportunity to all job seekers, including individuals with disabilities.Â

If you are a U.S. applicant and desire a reasonable accommodation to complete a job application please use one of the below options to contact our accessibility support team:Â

Phone: (800) 842-2755

Email: accessibility.support@tiaa.org

For residents of California, please click here (https://www.tiaa.org/public/tiaa-nuveen-ca-privacy) to access the TIAA CA Applicant Privacy Notice.

For residents of the EU / UK, please click here (https://www.tiaa.org/public/nuveen-eu-uk-privacy) to access the EU / UK Pre-employment Notice.

For all other residents, click here (http://www.tiaa.org/public/tiaa-nuveen-privacy) to access the Applicant Privacy Notice.

TIAA started out over 100 years ago to help ensure teachers could retire with dignity. Today, many people who work at not-for-profits rely on our wide range of financial products and services to support and strengthen their financial well-being.

DirectEmployers