A national banking group seeks a highly motivated professional to work as the Chief Information Security Officer. This role will be responsible for designing and implementing the Bank’s information security program while protecting the business from cyber security threats. This role will also protect the Bank’s digital assets; manage cyber security and identify and report incidents. Communicate about the methods used to gain unauthorized access and design training programs to address security awareness.
Essential Job Functions:
• Develop an enterprise information security program
• Design a critical response process for cyber security incidents
• Identify, report and control incidents
• Manage and train security staff
• Continuously monitor threats
• Ensure that disaster recovery and business continuity plans are in place and tested
• Approve and administer identity access policies
• Maintain a current understanding of the IT threat landscape for the industry
• Ensure Bank compliance with the changing laws and applicable regulations
• Schedule periodic security tests, including internal and external penetration testing and phishing
• Schedule table-top exercises for Crisis Team and senior management
• Review and approve security policies, procedures and controls
• Ensure that they are kept current and are communicated to staff/consultants
• Ensure staff/vendor compliance with the Bank’s security policies and procedures
• Manage, employees, contractors and vendors involved in IT security
• Provide training and mentoring to security team members and Bank staff
• Brief the executive team on status and risks, overall strategy and necessary budget
• Communicate best practices and risks to the Bank
• Perform a risk assessment of the Bank’s vulnerabilities in the cybersecurity landscape and develop the Bank’s risk appetite for information Security
• Develop key risk indicators and dashboard metrics reporting to both the management team and the Board of Directors.Knowledge, Skills and Experience Requirements:
• Master’s degree or equivalent experience
• Minimum of ten (10) years of experience, at least five (5) years focused on managing information security in a complex, matrixed environments
• Extensive experience in regulated industries, especially financial services; banking experience is preferred
• Proven ability to create and maintain enterprise-level information security programs
• Motivated individual with strong analytical, problem solving and root cause analysis skills
• Ability to work on multiple, time-critical projects simultaneously
• Knowledge of international and local data privacy laws
• Working knowledge of information security engineering concepts and principles
• Familiarity with DFS 500 and similar regulations
• Experience working with external regulators including NY DFS and FDIC
• Excellent verbal and written communications, including presentation of complex data in easily understood ways
• Ability to confidently interact at multiple levels in the organization and lead cross-departmental team projects
• Experience presenting to senior levels including Board of Directors
• CISSP, CISA or CISM designations preferred