Associate, Global Technology, Information Security Analyst

About SoftBank Investment Advisers:

SoftBank Investment Advisers, the Manager of the SoftBank Vision Fund, seeks to accelerate the AI revolution through investment in market-leading, tech-enabled growth companies. Our global reach, unrivaled ecosystem, and freedom-level capital help founders build transformative businesses.  For more information, visit www.visionfund.com

Job Description: Reporting to the Chief Information Security Officer (CISO) at SoftBank Investment Advisers based in Menlo Park, CA. The Information Security Analyst is responsible for protecting the organization's information assets by identifying potential cybersecurity risks, implementing security controls, and ensuring compliance with regulatory requirements specific to the financial services sector. The role requires a deep understanding of cybersecurity best practices and financial regulations, such as SEC, FCA, MASNET, J-SOX, and GDPR. The Information Security Analyst will work closely with IT, Risk, Compliance, and Legal teams to maintain a secure environment and ensure the organization meets all regulatory standards.

Key Responsibilities:

1. Security Monitoring and Incident Response:

• Use SIEM (Security Information and Event Management) tools to monitor networks and systems for security breaches, anomalies, or suspicious activities.


• Investigate security incidents and conduct root cause analysis, coordinating with the incident response team to contain and resolve security events.


• Maintain and update the organization's incident response plan, ensuring timely reporting to regulatory bodies (such as the SEC or FCA) when necessary.


• Conduct regular vulnerability scans and penetration testing to identify and mitigate potential threats.

2. Security Architecture and Best Practices:

• Work with IT to design, implement, and manage security controls that protect sensitive financial data and assets, including secure network architecture, firewalls, and encryption.


• Implement access control measures and authentication protocols (e.g., multifactor authentication, role-based access control) to secure sensitive data and systems.


• Ensure the organization follows best practices for cybersecurity, including patch management, secure coding, and configuration management.


• Collaborate with IT on cloud security, GenAI, and data protection strategies, especially since the organization is a cloud-first infrastructure.
  
  
  

3. Compliance and Regulatory Adherence:

• Ensure Softbank adheres to financial industry regulations and data protection best practices, including SEC, FCA, MASNET, J-SOX, GDPR, and CCPA.


• Work closely with the Compliance team to ensure cybersecurity controls are aligned with regulatory requirements, including conducting audits and assessments.


• Document security policies and procedures that comply with financial industry regulations and ensure they are regularly updated.


• Conduct periodic risk assessments and security audits using NIST CSF to identify gaps in regulatory compliance and take corrective actions.
  
  
  

4. Data Protection and Privacy:

• Ensure the protection of sensitive financial data and personally identifiable information (PII) through encryption, data masking, and secure storage solutions.


• Support the organization in adhering to data privacy laws and regulations such as GDPR and CCPA, including managing data protection and retention policies.


• Respond to data security incidents and breaches, ensuring timely remediation and regulatory reporting.
  
  
  

5. Security Awareness and Training:

• Develop and conduct security awareness training programs tailored to financial services employees, focusing on phishing, social engineering, deep fakes, and data privacy.


• Promote a culture of cybersecurity awareness across all departments, helping employees recognize and report suspicious activities.


• Conduct tabletop exercises and simulate cybersecurity incidents to prepare teams for real-world events.
  
  
  

6. Third-Party Risk Management:

• Conduct security assessments of third-party vendors, especially those handling financial data, to ensure they meet the organization's cybersecurity and compliance standards.


• Manage third-party relationships by assessing their cybersecurity practices and ensuring they adhere to contracts that mandate compliance with financial regulations.


• Implement measures to monitor and mitigate risks associated with third-party service providers and partners.
  
  
  

7. Reporting and Documentation:

• Maintain detailed documentation of security incidents, remediation actions, and regulatory reporting activities.


• Prepare regular reports on the state of cybersecurity, risk management, and compliance for senior management and regulatory bodies.


• Ensure audit trails and records are maintained for any financial data-related security events, in line with industry standards and legal requirements.
  
  
  

8. Continuous Improvement:

• Stay current with cybersecurity threats, technologies, and regulations affecting the financial services sector.


• Proactively identify opportunities to improve the organization’s security posture by implementing new tools, policies, or procedures.


• Participate in financial industry forums and working groups to stay informed on regulatory developments and emerging threats.

Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field is highly preferred.


• Professional certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), or CISA (Certified Information Systems Auditor) are highly preferred.


• Strong understanding of financial services regulations, including SEC, FINRA, AML, PCI DSS, GDPR, CCPA, NIST CSF, J-SOX, and other cybersecurity-related frameworks.


• Hands-on experience with security technologies such as SIEM, firewalls, IDS/IPS, DLP (Data Loss Prevention), EDR, Insider Threat, and GenAI tools.

Experience:

• Minimum of 5-8 years of experience in information security roles, with at least 2-3 years in a regulated financial services environment.


• Experience with scripting languages, including Python, JSON, or Powershell.


• Experience using GenAI tools and developing prompts to integrate various security technologies, API’s, and datasets.


• Experience using risk management frameworks such as CIS18, NIST CSF, ISO 27001, or COBIT to protect organizations’ assets.


• Proven track record of managing security incidents, conducting risk assessments, and maintaining compliance with financial regulations.


• Experience working with financial regulators and handling audit requests related to cybersecurity and data protection.

Skills:

• Strong analytical and problem-solving skills, with the ability to assess complex cybersecurity risks in a regulated environment.


• Excellent written and verbal communication skills, with the ability to present security concepts to non-technical stakeholders, including senior management.


• Proficient in using security tools and technologies such as SIEM, insider threat, next-gen firewalls, and endpoint protection systems.


• Detail-oriented, able to manage multiple priorities in a fast-paced, regulated environment.


• Strong collaboration and teamwork skills, with experience working across multiple departments, including IT, Legal, and Compliance.