Cyber Resilience Program Leader - Sr. Associate/VP

at BlackRock in Wilmington, Delaware, United States

Job Description


About this role

About BlackRock

At BlackRock, we are all connected by one mission: to help more and more people experience financial well-being. Our clients, and the people they serve, are saving for retirement, paying for their children’s educations, buying homes and starting businesses. Their investments also help to strengthen the global economy: support businesses small and large; finance infrastructure projects that connect and power cities; and facilitate innovations that drive progress.

This mission would not be possible without our smartest investment – the one we make in our employees. It’s why we’re dedicated to creating an environment where our colleagues feel welcomed, valued and supported with networks, benefits and development opportunities to help them thrive.

For additional information on BlackRock, please visit | | Instagram: @blackrock | Twitter: @blackrock | LinkedIn:

BlackRock is proud to be an Equal Opportunity and Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, disability, protected veteran status, and other statuses protected by law.

BlackRock will consider for employment qualified applicants with arrest or conviction records in a manner consistent with the requirements of the law, including any applicable fair chance law.

Our Benefits

To help you stay energized, engaged and inspired, we offer a wide range of benefits including a strong retirement plan, tuition reimbursement, comprehensive healthcare, support for working parents and Flexible Time Off (FTO) so you can relax, recharge and be there for the people you care about.

Technology & Operations

Technology & Operations is the backbone for both the client lifecycle and the investment lifecycle. The group’s Follow the Sun Model ensures that the firm’s operations are consistent and efficient across all investment products, client channels and regions, helping to deliver a superior client experience and drive scalability. Technology & Operations is driven by a global network of Operating Centers of Excellence, which centralizes knowledge and equips support teams with the data and timely information needed to innovate and deliver on behalf of internal partners and clients.

Information Security’s mission is to evaluate, establish, maintain and supervise compliance with information security controls that protect the Company’s information and computer systems. The group is led globally by the Chief Information Security Officer, with regional representation by the Regional Information Security Officers in EMEA and APAC. There are five global functional teams across our pillars of Governance, Strategy, Awareness, Risk Advisory and Monitoring & Metrics.

+ Cyber Operations which provides global 24×7 operation center responsible for cyber monitoring, incident response, cyber intelligence, cyber forensics and vulnerability management. Also responsible for coordinating firm-wide functional engagement and escalation of cyber security issues and delivering firm-wide awareness of cyber security issues

+ Cyber Risk Assessments & Governance which assesses cyber risk in our environment through governance, risk and compliance. This includes leading all aspects of a penetration testing program, reducing vulnerabilities, and partnering with vendor management to assess supplier cyber risk.

+ Cyber Architecture Services which is responsible for analyzing and assessing cyber architecture and new technologies in addition to defining the platform security standards and delivering cyber analytics

+ Cyber Analytics which develops quantitative processes and solutions to measure, automate, and model Information Security controls.

+ Access & Identity Management which delivers Identity Management, and Access automation in support of Aladdin and in partnership with Human Resources for joiners / movers and leavers

As part of our Cyber Operations – Cyber Simulations & Recovery Team, you will be on the cutting edge of supporting our ability to optimally secure Firm and Client information. We have a performance-driven culture, and self-starters who are motivated by our mission will be the best fit for this position. As part of this role, key responsibilities will include:

+ Conducting internal cyber risk assessments of the Firm’s mission critical information assets, associated workflows, and/or systems storing, processing, or transmitting mission critical information

+ Supporting the development of tabletop-style exercises (‘cyber wargames’) designed to stimulate incident response activities within BlackRock, or in partnership with service providers and third-party incident response teams

+ Assisting with the design of Control Action Plans to close gaps identified during cyber risk assessments and cyber wargame activities

+ Tracking Control Action Plans to closure through consistent and timely engagement of issue owners and key stakeholders

+ Effectively communicating with InfoSec management and regional senior management to champion the cyber security program and ensure timely notification and updates on information security incidents

+ Delivering timely and detailed documentation related to any incident or Wargame exercise including recording the findings, tracking follow-up activities, and reporting on progress and providing metrics

+ Participating in cyber threat hunts in support of the global cyber operations function

+ Participating in the creation, modification and maintenance of all Cyber Monitoring policies and procedures

+ Keeping abreast of cyber security trends and the emerging threat landscape in general and as it relates to BlackRock

The ideal candidate should possess:

+ Proven ability to lead independent risk assessments

+ Familiarity with information security control frameworks (ex. ISO, NIST, PCI DSS); ability to develop control improvement recommendations aligned with industry best practice

+ Excellent communication skills

+ Strong program management and organizational skills

+ Strong analytical skills

+ Technical fluency; ability to synthesize and evaluate complex business workflows and their underlying infrastructure

+ Excellent attention to detail

+ Minimum of 5-10 years Information Security industry experience is preferred

+ Knowledge of system security architecture and security solutions – IDS, Splunk, data loss prevention, next generation anti-malware, etc.

+ Knowledge of networking fundamentals (TCP/IP, Network Layers, etc.)

+ Knowledge of malware operation and indicators

+ Knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.)

+ Knowledge of security related technologies and their functions (IDS, IPS, FW, WAF, SIEM, DLP, Proxy, next gen anti-malware etc.)

+ Knowledge of Firewall and Proxy technology

+ Knowledge of penetration techniques

+ Sophisticated incident investigation and response skill set

+ Background in third party security, audit, or technology risk function is preferred

Other personal characteristics:

+ Integrity and the highest ethical standards

+ Quickly adjusts sophisticated data and information and displays a developed learning agility

+ Self-starter with the personal aim to achieve superior performance

+ Courage of convictions and the ability to respectfully debate the status quo

+ Natural curiosity and desire to always learn

More about the team:

As a team, we value:

+ Reliability – we have a strong track record of delivery. This means successfully meeting aggressive milestones throughout the year, in addition to having one another’s backs while doing so.

+ Innovation – as a hub for creative solutions generation at the cutting edge of BlackRock Information Secur

Copy Link

Job Posting: JC208622926

Posted On: Mar 27, 2022

Updated On: May 29, 2022