Corporate IT Security Manager
Indexed description
A Brief Overview
The IT Security Manager is in charge of establishing the required activities and procedures to manage security risks to an acceptable level across the IS functions for the Corporation. Assists in the creation and modification of IS standards, policies, and procedures, to comply with applicable laws/regulations and industry best practices. Advises corporate management by providing functional expertise concerning all aspects of Information Security, integrity and privacy of corporate systems and data resources.
What you’ll do
Information Security Governance
- Builds a strategic and comprehensive information security program that defines, develops, maintains and implements policies and processes that enable consistent, effective information security practices which minimize risk. Ensures information security policies, standards, and procedures are up to date.
- Assists the Corporate Security Director and Corporate Security Division Director with the Information Security (IS) Management functions. Provides reporting to Corporate Security Officer related to IS matters for Management, IT Committees, Audit Committee, and Board of Directors to ensure security topics and risks are known and managed effectively.
- Oversees the development/update of IT policies, procedures, standards, and guidelines related to information security and other related IT areas based on applicable laws/regulations, industry best practices.
- Evaluates the overall integrity and effectiveness of the IS management systems and controls. Oversee the development/update of IS Monitoring Reports (KRIs/ Scorecards/Dashboards)
- Assesses the risks associated with Managed Security Service (MSS) providers.
- Responsible for initial and periodic information security risk mitigation and remediation. Responsible for development and implementation of security risk management plan.
- Establishes and maintains processes for coordinating the correction of deficiencies which may arise from self-assessment, reviews by the Internal Audit or Corporate Compliance departments, or external regulatory bodies.
- Provides support in the evaluation of IT controls over new systems/applications for compliance with IS Policies and regulatory requirements.
- Ascertain the Corporation is complying with Industry best practices and Standards: PCI, ISO 27k series, NIST, etc.
- Responsible for the IT Software Unauthorized revision and remediation process and the Monitoring and approval of the IT Security Budget.
Cyber Security Operations
- Assist the Corporate Security Director as necessary to respond and mitigate cybersecurity risks for internal control improvement. Provide feedback regarding cyber security in the development/update of Information Security (IS) policies, procedures, standards, and guidelines.
- Develop security related dashboards and reports for Cyber Security Management.
- Oversee and monitor critical Information Technology / Information Security third party service providers and monitoring compliance of agreed-upon contracts/terms.
- Oversee the Penetration Tests and Vulnerability Scans and evaluate results to proactively identify and fix security flaws and vulnerabilities.
- Chair the Patch Management Board (PMB) / Vulnerability Management Committee (VMC) for the oversight of the Patch Management efforts to provide feedback and best practices to remediate any outstanding risks/flaws.
- Oversight of Network Security: Firewall Management, IDS / IPS, Web-Content Filtering, Data Loss Prevention (DLP), Endpoint Protection, etc.
- Oversight and evaluation of MSSP Security Operations Center (SOC). Reviews alerts generated from the SOC on a timely basis.
- Responsible for Configuration Management for all IT Assets.
- Periodical report on the Cyber Security Posture of the Corporation to Senior and Executive Management.
Incident Management
- Responsible for the Information Security Incident Response Plan.
- Serve as a subject Matter expert for Incident handling and response.
- Establishes and administers a process for investigating and acting on security incidents which may result in an information breach.
- Assist in forensic investigations regarding Information Security incident or events.
Security Architecture
- Responsible for the Overall strategy and design regarding Information / Cyber Security. Holistic approach evaluating vendors, applications, and processes.
- Reviews encryption technology to ensure they are aligned with Industry Standards and Best Practices.
- Reviewing Network environment to ensure they are aligned with Industry Standards and Best Practices.
- Review Cloud Environment to ensure they comply with Corporate Standards.
- Validate new technology and services and ascertain they meet Corporate Policy and Standards.
Information Security Project Management
- Assist the Project Management Office with the Project Delivery Lifecycle to ensure Information Security practices are maintained in each step.
- Ensure key security milestones are completed for each project (where applicable): Vulnerability scans, Code Review, Penetration Tests, Logging capabilities, Role-based Access, etc.
- Server as a Subject Matter Expert and provide recommendations for remediating vulnerabilities identified through Penetration tests and Vulnerability Scans.
Threat Intelligence
- Ensure the Corporation receives adequate Threat Intel through different forums, such as working knowledge of FS-ISAC and similar open/commercial threat intelligence feeds.
- Process both internal and external Cyber Threat Intel for determination of potential threat and impact, and implementation of mitigating actions.
- Escalate with vendors any outstanding event that may hamper or negatively affect the Corporations IT Assets. Follow up with IT / Information Security Vendors to ensure updates and upgrades have been implemented.
Emerging Responsibilities
- Leads the implementation and continuous improvement of Zero Trust Architecture across the organization, ensuring strict identity verification and least-privilege access principles.
- Integrates AI-driven threat detection and response systems to proactively identify and mitigate advanced persistent threats and anomalous behaviors.
- Oversees Cloud Security Posture Management (CSPM) initiatives to ensure secure configuration and compliance of cloud environments with industry standards.
- Ensures compliance with evolving regulatory frameworks such as the SEC cybersecurity disclosure rules.
- Collaborates with legal and compliance teams to interpret and implement new cybersecurity regulations and ensure timely reporting of incidents as required by law.
- Develops and maintains a threat modeling program to assess risks associated with new technologies and digital transformation initiatives.
- Implements continuous security validation practices such as breach and attack simulation (BAS) to test the effectiveness of security controls.
Other Responsibilities
- Performs other tasks as requested by the Corporate Security Director
- Performs/Supports highly technical tasks such as:
- Systems and procedures review and implementation
- Policies Awareness training
- Special Investigations (Forensic)
- Root Cause Analysis Process
- Performs special tasks in order to assist internal, external auditors and regulators in their procedures.
What You’ll Need to Succeed
- A Bachelor’s Degree in Information Technology, Computer Science, Engineering, or Business is required for this position.
- At least 7 years of related work experience in IT, Information Security topics, or developing, implementing or architecting information security systems, in the banking industry highly preferred.
- Minimum of 5 years of relevant experience at a financial services company or comparable experience working as an advisor to a financial services company.
- CISSP, CISM or any other similar certification is highly desired but not required.
- A master's degree in computer science, information systems, engineering, or MBA is preferred.
- Strong understanding of Information Security Frameworks such as COBIT 5, ISO 27000, NIST, and others is required.
Competencies
- Supervisory, interpersonal communication, leadership and team skills
- Exercise excellent written communication skills with direct experience drafting guidance documentations
- Familiarity with vulnerability assessment and penetration testing best practices
- Understand and be proficient in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events
- Strong working knowledge of Information and System Security, internal control frameworks such as: COBIT, ISO 27000, NIST, etc.
- A strong understanding of Information Security regulatory requirements and compliance issues, previous experience with applicable regulations from the FDIC, FFIEC, SOX, etc.
- Knowledge in databases, Web Applications, Network and communication Infrastructure, operating systems (ex. IBM, Unix, Linux and Windows), security technologies (firewalls, IDS/IPS, etc.)
- Proven experience utilizing PC, Windows Operating Systems (2000, XP, 200X Server and Windows 7), and other operating systems (Linux, SUSE, Mandrake, Red Hat, etc) with familiarity with the pertaining application preferred.
- Hands-on skills in audit planning, development of audit programs, fieldwork and wrap-up
- Experience in project management of information security projects including development of project charters and plans; management of project execution and successful implementation of the planned solution.
- Knowledge of general security concepts and methods such as vulnerability assessments, privacy assessments, intrusion detection, incident response, security policy creation, enterprise security strategies, architectures and governance
- Proficient in EXCEL, WORD, OUTLOOK, ACCESS, POWER POINT
The above statements describe the general nature and level of work performed by individuals assigned to this position and are not intended to be an exhaustive list of all duties or responsibilities.
EQUAL EMPLOYMENT OPPORTUNITY EMPLOYER
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search