Director- Information Security Risk
Our client; a Global Bank, is looking to hire an Information Security Risk Manager that will join the Risk Supervision organization to establish 2nd line-of-defense processes, policies and tools for Cyber Security Risk environment. Cyber Security Risk coverage areas include evaluating overall cyber security risk, providing independent assurance over Cyber Risk, monitoring and reporting on risks and ensuring that remediation efforts remediate the risks is adequate.
- Build a robust and sustainable Cyber Security Risk program.
- Partner with Chief Information Security Officer (CISO), and IT organizations to establish standards, policies, and develop KRIs and KPIs for measuring and monitoring cyber risks on a continuous basis.
- Provide and perform independent assurance and validation activities over common cybersecurity controls that include both administrative and technical.
- Assess the accuracy, completeness, and sufficiency of the risk management governance framework, processes and methodologies. Identify and define emerging cyber threats and risks to corporate environment
- Perform effective challenge of all critical and highly sensitive processes & controls, and business continuity
- Develop cyber security risk scenarios to identify potential attack vectors and TTP (tactics, techniques and procedures) to guide the continuous improvement of firm’s cyber defense posture. Lead and support selected cyber security remediation efforts, involved with strategic planning with 1LOD.
- Solid foundation in information technology and information security principles. Familiar with common cybersecurity frameworks and standards such as NIST SP 800-53, FFIEC CAT, CSC Top 20, COBIT, ISO 27000 series.
- Requires broad and deep understanding of technical security concepts and familiarity with related technologies and infrastructure, as well as a solid conceptual knowledge of enterprise IT system operations.
- Ability to analyze root causes of cyber security issues and documenting remediation
- Understanding of financial services specifically within cyber and data privacy related laws, regulations, frameworks and guidelines (NYSDFS - 23NYCRR500, GDPR, GLBA, Regulation S-P, etc.) Interpersonal and collaborative skills and the ability to communicate security and risk-related concepts to technical and nontechnical audiences
- Excellent written and verbal communication skills.
- Professional certifications in information security such as a CISSP, CISM, CRISC.
- High degree of initiative, dependability and ability to work with little supervision.
- Strong leadership skills with ability to lead by influence
- Proficient in common cybersecurity domains: data protection, access control, encryption, identify management, security operations, application security, penetration tests, end-point security, vulnerability management, threat intelligence, risk assessment.
- Proficient in Excel, Word, Access, PowerPoint, Outlook, Sharepoint
- Strong written and verbal communication
Prior Work Experience:
- Previous working experiences in cybersecurity operation and relevant security design knowledge.
- Previous work within Risk and/or Information Security/Cyber Security. Ideally, has worked in a 2 LOD Cyber Security Risk function
- Bachelor and or Master’s Degree in Computer Science, Engineering or relevant technical field.
- CISSP, CISM, or CISA certifications a strong plus.
- Background in IT Risk Assessment, IT Audit, Information security management.
- Knowledge of US IT Security regulatory requirements and environment in financial services industry a plus (i.e. FFIEC, FIRNA rules, SEC, NIST cybersecurity frameworks).