Anyone currently working the banking/financial industry?

BGravesBGraves Member Posts: 339
Hi all,

I'm considering a move from my current position (low key do it all IT) to a bank position doing mainly server/network administration. The main purpose of this move would be to position me somewhere with more exposure to Information Security practices and policies.(hey, increased income would be nice too!)

I was wondering if anyone currently works in IT in the banking/financial industry and could give me an idea of what to expect if I make that move, what I can familiarize myself with pre-interview, etc. Feel free to email or PM me directly if that's best.

Thanks in advance! icon_thumright.gif

Comments

  • iBrokeITiBrokeIT GICSP, GCIP, GXPN, GPEN, GWAPT, GCFE, GCIA, GCIH, GSEC, CySA+, Sec+, eJPT Member Posts: 1,299 ■■■■■■■■■□
    Its always good to know your regulations for the industry you will be working in so probably PCI and maybe Sarbanes Oxley if they are big enough.
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA | eCPPT | eWPT | eCTHP

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security
  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    I work this sector. Drop me a line and let's chat.
    When you go the extra mile, there's no traffic.
  • Dieg0MDieg0M Member Posts: 861
    I work for one of the big ones in the financial industry. If you need interview tips send me a pm and ill brief you.
    Follow my CCDE journey at www.routingnull0.com
  • aspiringsoulaspiringsoul Member Posts: 314
    I just got out of banking last year. Transitioned from Desktop Support/Network Administration (sysadmin really, not much networking) to a Consultant position (same stuff really, but a larger environment with vmware).

    Get to know GLBA, and also get used to audits. I spent a lot of my time reviewing Nessus reports, and patching up machines using WSUS and third party patch management tools, and plugging holes on vulnerable machines. Alienvault (OSSIM) is a good tool, especially if you use the OSSEC agents.

    If Information Assurance is your calling, I would say that you will enjoy it. Depending on the size of the bank (is it a large bank or a community bank), your daily job tasks may vary. If it's a community bank, you might be a jack of all trades, master of none. In that case, you'll probably spend a fair amount of time doing desktop support. If it's a larger bank, then you may have someone to handle the desktop support side while you focus on risks assessments and networking/server.

    Banking is a nice industry to work in, and a great way to gain exposure to security and information assurance. You'll be able to take advantage of the downtime in the evenings and weekends to patch machines up without interrupting your users. I miss that luxury personally...
    Education: MS-Information Security and Assurance from Western Governors University, BS-Business Information Systems from Indiana Wesleyan University, AAS-Computer Network Systems - ITT Tech,
  • chrisonechrisone Senior Member Member Posts: 2,099 ■■■■■■■■■□
    I am also eye balling a network engineering position for a bank. It is a smaller bank not one of the big ones but it always intrigued me on their work hours and holidays.

    How is the down time? were any of you exposed to any weekend shifts?

    I work in the finance industry already so I am familiar with their processes.
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (Oct-Dec)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eLearnSecurity: eWPT (failed 2x, no further attempts), eLearnSecurity: eCIR (complete), eLearnSecurity: eCTHPv2 (Mid-Sept), eLearnSecurity: eCPTXv2 (Dec)
  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    I take on a lot of night and weekend shifts because I cannot interrupt business with maintenance/upgrades
    When you go the extra mile, there's no traffic.
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    chrisone wrote: »
    I am also eye balling a network engineering position for a bank. It is a smaller bank not one of the big ones but it always intrigued me on their work hours and holidays.

    How is the down time? were any of you exposed to any weekend shifts?

    I work in the finance industry already so I am familiar with their processes.
    I work in the finance industry (for a Credit Union) as sysadmin. I absolutely love this place. We have a rather small IT team and consequently, we get to put our hands on a lot. For us, there's lots of projects to work on and we don't usually work weekends unless something breaks.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
  • AnonymouseAnonymouse Member Posts: 509 ■■■■□□□□□□
    chrisone wrote: »
    I am also eye balling a network engineering position for a bank. It is a smaller bank not one of the big ones but it always intrigued me on their work hours and holidays.

    How is the down time? were any of you exposed to any weekend shifts?

    I work in the finance industry already so I am familiar with their processes.

    Is this bank primarily on the West Coast and Midwest and have a bear as its mascot? Because by your location and the position you stated it sounds like the bank I came from.
  • BerkshireHerdBerkshireHerd Member Posts: 185
    I work Desktop Support at a small / mis size regional bank (almost 100 locations) I handle Level 2 -Level 3 stuff. I think the banking / financial industry is great.
    Identity & Access Manager // B.A - Marshall University 2005
  • BGravesBGraves Member Posts: 339
    Hi all and thanks for all the replies and information!

    @aspringsoul - Thanks, I'll look in to the GLBA stuff.


    I had a intital HR phone interview yesterday and later today I am meeting in person with the hiring manager. I'm not sure how it will go or what to expect exactly. It's for a senior level windows admin/desktop support kind of position, vmware, exchange, etc. The job description is actually pretty barebones so hoping to get a better idea today.

    Appreciate all the responses and I guess I'll just see how this goes....
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,825 Mod
    I spent 8 years with one of the nations largest bank/finance firms and in March started at another of the nations largest. Previously I did identity and access management for the first, now doing information security risk management. Feel free to PM me and we can chat.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • BradleyHUBradleyHU Member Posts: 918 ■■■■□□□□□□
    I'm trying to make a move to Financial Services. I've gotten a ton of interviews @ asset mgmt, investement mgmt & hedge fund firms....did well at all of them, but haven't gotten an offer yet. usually because i'm missing trader support, and dont have experience with market data applications....
    Link Me
    Graduate of the REAL HU & #1 HBCU...HAMPTON UNIVERSITY!!! #shoutout to c/o 2004
    WIP: 70-410(TBD) | ITIL v3 Foundation(TBD)
  • chrisonechrisone Senior Member Member Posts: 2,099 ■■■■■■■■■□
    No there is no bear as the mascot and yes its in California.
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (Oct-Dec)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eLearnSecurity: eWPT (failed 2x, no further attempts), eLearnSecurity: eCIR (complete), eLearnSecurity: eCTHPv2 (Mid-Sept), eLearnSecurity: eCPTXv2 (Dec)
  • EngRobEngRob Member Posts: 247 ■■■□□□□□□□
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,825 Mod
    BradleyHU wrote: »
    I'm trying to make a move to Financial Services. I've gotten a ton of interviews @ asset mgmt, investement mgmt & hedge fund firms....did well at all of them, but haven't gotten an offer yet. usually because i'm missing trader support, and dont have experience with market data applications....

    I started at the first firm doing second level support. I would learn about Thomson wealth management platforms if you can. Also PM your location and what exactly you're looking for. I'll see if my employer has openings.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    I work in a Security Operation Center for a bank. Unless your applying for a job that involve heavily in dealing with audits and regulatory standards, although its an advantage to know the standard compliance and audit standards, they are secondary matter.

    If you are doing technical work, the bank would be more interested in your experience and how you can fit into the environment more in terms of technical aspect more than compliance aspect. Someone else with the compliance skills will handle the audit and regulatory standards for you. So there is little to worry about in this aspect. Although you should read it up if they ask in case if they asked about it, present your honestly in your lack of understanding in that area with the best answer.

    Even so when it comes to audit, its all about presenting and proving how the risk is mitigate to the lowest through your organization your documentations; the auditors will then checked if this procedures are properly adhere, how they does it can varies but one of the way is to sample some of the system you maintain in your daily work and compare it to your documentation. Four eye principles are exceptionally important, every configuration changes requires approval and accountability with a configuration management system approved and used by the bank.

    Banking sector usually have their financial year accounts done up in april, thus resulting in new budgets and projects. I presume its because during that period, less accountants would take leaves since most go for summer holidays or Christmas leave, so it make sense to held it in april when the department had full strength to work on it. If you are interested in the banking sector, seeking jobs opportunities from April to June are your best choice to break into banking sector.

    On your end, if you are interested in a technical role, your concern would be how good your technical skills will be able to fit into the environment. Background checks is very important here, especially on overdue debts. You may also be interested in financial Sector news like mergers or failed long term investment to assess the bank capability on providing good bonus and future budgets to ensure a long term stay in the bank.
  • BGravesBGraves Member Posts: 339
    Hi everyone, thank you for your replies,information & PMs. It's been a crazy week!

    I had a 2hr interview on Friday with the hiring manager and it went very well. I was called by HR about the position on my way home from the interview and they ended up verbally offering me the job. Been going through the rest of the process this week to see if everything checks out but I don't have any real concerns about that. It's not a huge bank, they've got about 25 branches and are growing through acquisition so seems like things are going well for them.

    They originally listed the position as Infrastructure Specialist IV when I applied but in the written offer, the title was "Senior Systems Administrator".

    Just wanted to say thanks again for all the info!

    @LionelTeo - Thanks! My job will be primarily technical but it's good to know about the audits and budgeting! :) Hopefully this will position me better for exposure to information security/controls in place, as my current job really doesn't have any of that.
  • colemiccolemic Member Posts: 1,568 ■■■■■■■□□□
    I work for a tech company that is held by a large regional bank... we have 75+ branches, and while challenging at times, it's a good field, in a good industry. If you can, especially if you want to move up into a leadership/management role, I would press for some kind of IT training for bank personnel, (they do exist) such as the University of Wisconsin (several programs.) I am sure there are some closer to home for you; I know of two in Texas that are not geared toward tech but for bankers, that would be beneficial (Texas Tech School of Banking and SMU School of banking.) Just some thoughts.
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • BGravesBGraves Member Posts: 339
    @colemic, thanks for the advice! It's hard to think of pursuing more education while I'm in the middle of my MS:ISA with WGU. lol but you are right, that would be a good idea and I'll have to look at that! Thanks for sharing!
  • Cert PoorCert Poor Member Posts: 240 ■■■□□□□□□□
    Banking/Finance isn't a bad place to be in IT. There's a lot of places to work! i was going to say, if you're Desktop Support, there's a ton of driving around to all the branches/banking centers with occasional visits to home base.

    It looks like your role as Sr. SysAdmin you'll likely be in your office most of the time. Maybe the datacenters and DR facilities.

    I agree with whoever said not to worry about learning audit and compliance in depth -- the company will have both Audit and Compliance departments, and you'll just have to provide documentation proving that risks are mitigated and there is adequate AAA. Lots of screenshots and print-outs of log files with dates and time stamps. I can't remember which audits are the worst re: GLBA, SOX, PCI, etc. Some are more or less involved than others, depending on if your bank is state chartered or nationally chartered (FSB or NA charter). Credit Unions are only slightly different but lots of overlap. Also, lots of exporting from the ticketing system: Incidents, Problems, and Change Requests. Good documentation can be a lifesaver. Additionally, audits will often ask for ACLs of Group memberships in AD and individual systems and applications as well as really drill down on those who have read and write access as well as who all the admins are (not just Domain admins but admins in all systems and apps). It can get tedious sometimes.

    OH! There's a saying in banking: "You're either a Vice President or a Teller." icon_lol.gif This is true. I used to be impressed with any VP title, but in banking, they hand out Assistant VP, VP, Senior VP titles out like candy.
    In progress: MTA: Database Fundamentals (98-364)
    Next up: CompTIA Cloud Essentials+ (CLO-002) or LPI Linux Essentials (010-160)
    Earned: CompTIA A+, Net+, Sec+, Server+, Proj+
    ITIL-F v3 2011 | ServiceNow CSA, CAD, CIS | CWNP CWTS
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,825 Mod
    Cert Poor wrote: »
    OH! There's a saying in banking: "You're either a Vice President or a Teller." icon_lol.gif This is true. I used to be impressed with any VP title, but in banking, they hand out Assistant VP, VP, Senior VP titles out like candy.

    This is true. My last employer was one of the nations largest banks and you got title promotions. So people I knew there have become AVP, VP without ever gaining an ounce more responsibility or an actual job promotion. At my new employer (one of the nations largest financial institutions) it's not like that from what I'm seeing. You get the title when you move into a role and you have the responsibilities that fit that level.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • pinkydapimppinkydapimp Member Posts: 732 ■■■■■□□□□□
    Hey all,

    Trying to do a little research for a friend who does app support(yep, shes a VP) in this industry for a bank. What are the options as far as next career steps from here. Is business analyst the next logical? Anyone ever go to the vendor side for one of the more financial specific apps?
  • hurricane1091hurricane1091 Member Posts: 918 ■■■■□□□□□□
    I work in the finance industry and have been at my last two jobs. Still new to the industry, but expect high redundancy and high IT budgets, and expect to dress like a professional every day. And services must always be online at any cost.
  • doobudoobu Member Posts: 87 ■■■□□□□□□□
    JoJoCal19 wrote: »
    I spent 8 years with one of the nations largest bank/finance firms and in March started at another of the nations largest. Previously I did identity and access management for the first, now doing information security risk management. Feel free to PM me and we can chat.

    That's where I'm trying to move to. Healthcare has killed me mentally while studying for the CISA lol.
  • BradleyHUBradleyHU Member Posts: 918 ■■■■□□□□□□
    I work in the finance industry and have been at my last two jobs. Still new to the industry, but expect high redundancy and high IT budgets, and expect to dress like a professional every day. And services must always be online at any cost.

    thats not necessarily true about financial services. it depends on the type of firm you're at. Hedge Fund, Asset Mgmt, Investment firm, Investment bank, yeah sure you'll be dressing biz casual at the very least. Prop trading, HFT, trade execution, those are way more laid back & casual. I sometimes dress in some chinos, polo & kicks, and sometimes, i'll have on some dress pants, dress shirt, and hard bottoms....


    but you're absolutely right about services need to always be online...outside of the occasional maintenance...
    Link Me
    Graduate of the REAL HU & #1 HBCU...HAMPTON UNIVERSITY!!! #shoutout to c/o 2004
    WIP: 70-410(TBD) | ITIL v3 Foundation(TBD)
  • E Double UE Double U Member Posts: 1,745 ■■■■■■■■■□
    Cert Poor wrote: »

    OH! There's a saying in banking: "You're either a Vice President or a Teller." icon_lol.gif This is true. I used to be impressed with any VP title, but in banking, they hand out Assistant VP, VP, Senior VP titles out like candy.

    We have so many VPs at our bank hahaha.

    @BGraves, I've been doing bank security (information/physical) for 2+ years now so ping me with any questions that you have.
    Alphabet soup: CISSP, CCSP, CISM, CISA, GDSA, GPEN, GCIA, GCIH, GCCC, CEH, Azure Fundamentals, Azure Security Engineer Associate, ITIL 4 Foundation, and more.

    2020 goals: AZ-900, AZ-500, GDSA, ITILv4

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
Sign In or Register to comment.