cover image
Federated Hermes

Federated Hermes

www.federatedhermes.com

1 Job

1,759 Employees

About the Company

Federated Hermes, Inc. (FHI) is one of the nation's largest investment managers offering equity, international, fixed income, alternative and money market strategies. Investors around the globe have relied on Federated Hermes for world-class investment management since 1955. For disclosure and commenting guidelines, please visit https://fii.info/2snRaAP.

Listed Jobs

Company background Company brand
Company Name
Federated Hermes
Job Title
Information Security Engineer
Job Description
**Job Title:** Information Security Engineer **Role Summary:** Conduct end‑to‑end information security assessments, perform risk analyses on third‑party and technical assets, and apply security architecture frameworks to identify and mitigate gaps. **Expectations:** - Apply SABSA, TOGAF, and threat‑modelling (STRIDE) to evaluate security controls. - Analyze risks per NIST 800, CIS, ISO 27001, SOC 2, SOX, and GDPR standards. - Manage third‑party risk using dedicated tools and remediation plans. **Key Responsibilities:** - Execute comprehensive security assessments: questionnaire reviews, audit report analysis, and onsite evaluations. - Perform product‑level security reviews; identify deficiencies and recommend mitigation controls. - Conduct risk analyses for third‑party capabilities, assessing threat, vulnerability, and occurrence probability. - Monitor and reduce cyber risk associated with third parties through evaluation tools and continuous oversight. - Validate remediation plans, evaluate non‑compliance acceptances, and review services/data scope for risk ratings. - Contribute to project initiatives directed by senior management. **Required Skills:** - Proficiency in SABSA, TOGAF, NIST 800, CIS, ISO 27001, and SOC 2 frameworks. - Expertise in threat‑modelling (STRIDE) and risk‑assessment methodologies. - Familiarity with SOX, GDPR, and other financial‑service regulations. - Strong written and verbal communication skills. - Ability to analyze complex security data and produce actionable insights. **Required Education & Certifications:** - Bachelor’s degree in Computer Science, Cybersecurity, Information Security or a related discipline. - Industry certifications preferred: CISSP, CCSP, CompTIA Security+, GIAC Security Essentials.
Warrendale, United states
Hybrid
02-02-2026