SSUSA Job #553: Application Risk Assessor

Job Description



 The primary objective of this role is to ensure that all applications, systems and services introduced into the company operating environment meet our defined security standards, comply with our policies, follow industry best practices and comply with all applicable regulations in the countries in which we operate, with regard to system configuration and security, user access controls, data protection, auditing and monitoring, secure coding and any other relevant security controls that may be introduced.

The application risk assessor will provide expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure applications, operating systems, databases, and networks. The ARA assists in the development of security requirements, conducts security risk assessments, evaluates security services and technologies, and reviews and documents information security policies and procedures.

This role provides technical information security advice and guidance to project teams to assist in identifying, managing, and mitigating security risks for applications, networks, and systems across the company.




1. Application Risk Assurance: Ensure that application architecture, configuration, access controls, auditing and monitoring for core applications in support of business processes meet the Bank’s security requirements and comply with all applicable regulations

2. Risk Liaison for Application Projects: Support project teams in defining security requirements at appropriate times within the development life cycle and to assist in the identification, testing and implementation of 'best practice' security solutions

3. Web Application Risk Assurance: Compliance, auditing, testing, web application pen tests, application configuration reviews

4. Database Management System Risk Assurance: Ensure that Database Management Systems architecture, configuration, access controls, auditing and monitoring meet the Bank’s security requirements and comply with all applicable regulations

5. Secure Coding Practices: Standards definition and monitoring of compliance with secure coding practices

6. Application Risk Assurance / Risk Assessments including all applications in support of business processes, web applications and database management systems

7. Risk/Security Liaison for Application Projects

8. Secure Coding Practices



Sound and current knowledge and understanding of industry best practices for system security.
For example: ISO 27001/2 Information technology “Security techniques - Code of practice for information security management.

Knowledge of European and North American legal and regulatory requirements relating to system security and data protection.

Industry standard IT knowledge
Solid understanding of IT systems and services underlying the business applications such as operating systems (Unix, Linux, Windows), directories (AD, eDirectory), desktops (Microsoft Windows 7, IE, MS Office, Adobe), databases and integration and application infrastructure software (e.g. Websphere Application Server, Websphere MQ Workflow).

Bank specific knowledge
Understanding of the business processes and associated risks enabled by the IT solutions (e.g. cash management, foreign exchange, money market, loans, trade finance, settlement, risk management.




Job Location
New York City

Position Type