Fortress Investment Group LLC is a leading, highly diversified global investment manager with approximately $52.7 billion of assets under management as of December 31, 2020. Founded in 1998, Fortress manages assets on behalf of approximately 1,800 institutional clients and private investors worldwide across a range of credit and real estate, private equity and permanent capital investment strategies. Investment performance is our cornerstone - we strive to generate strong risk adjusted returns for our investors over the long term. For additional information on Fortress, please visit www.fortress.com.
Fortress’s Information Technology team seeks a highly motivated and qualified IT Risk, and Compliance (ITRC) Associate to join the Information Security team. This person will report to the SVP of ITRC and assist in protecting and securing the information assets owned by Fortress. The ITRC Associate will assist in designing, implementing, operating, and improving key components of FIG’s overall information security program.
Key Responsibilities / Duties
• Helping to build and refine the IT risk management program.
• Performing internal control assessments under applicable frameworks or policies, including internal policy.
• Being the main point of contact with the IT auditors for SOX, J-SOX, internal audits, and other regulatory reviews.
• Tracking and leading remediation on all IT-related findings/exceptions.
• Leading the vendor risk management program from an information security perspective.
• Coordinating the quarterly access recertification process.
• Participating in the firm’s Business Continuity and Disaster Recovery Program, including coordination of the annual BCP/DR test.
• Be the business owner of several security products, such as the phishing awareness tool, the enterprise file sharing platform, the password manager, the crisis management tool, and others that we implement.
• Periodically updating the IT Policies and Standards based on the IT environment
• Performing ad-hoc projects related to information security and risk management, such as Data Loss Prevention, Data Classification, etc.
• Assist in the design of security controls leveraging a combination of automated tools, manual procedures, and review of automated script outputs.
• Review and perform incident response procedures on alerts from various security tools. Maintain and develop incident response playbooks as needed.
• Be able to learn frameworks and leverage that knowledge into processes and controls.
• Excel as a self-motivated individual who can work on their own, as well as integrated with the platform engineering and application development teams in joint projects.
• Evaluate situations and respond with solutions quickly in a high-paced and high-pressure environment.
• Build relationships with both IT and business personnel from all levels across the firm.
• Strong analytical and problem-solving skills.
• Excellent communication skills (verbal and written), ability to influence without authority.
• Demonstrated teamwork and collaboration skills, in particular in contributing to global and multi-functional teams.
• Working knowledge of multidisciplinary security concepts (e.g. Identity and Access Management, Change Management. etc.)
Required Skills and Experience
• Bachelor's degree in Computer Science, Business Administration, Management Information Systems, or related areas.
• 4-7 years performing IT audits, security audits, risk assessments, risk management, security operations center duties, and/or penetration testing engagements
• CISA, CISSP, CCSP, CISM, or other relevant certifications
• Prior experience with various frameworks: SOX, ISO 27001/2, COBIT, NIST, FFIEC, SOC1/2/3, and other relevant frameworks.