Chief Information Security Officer (CISO)
- Job Title
- Chief Information Security Officer (CISO)
- Job ID
- 27559238
- Location
- New York, NY
- Other Location
- Description
-
Looking for a Chief Information Security Officer in the New York City area.
Job Description:
The Chief Information Security Officer (“CISO”) is responsible for establishing and maintaining the New York Branch (“Branch”) Information Security risk management program through leadership, strategic planning, project execution, communication and collaboration. The CISO partners with Branch senior management to ensure that information assets and associated technology, applications, systems infrastructure, user processes, and the usage of third-party vendors are adequately protected. The CISO independently identifies, assesses, and aggregates cyber, technology and resilience risks related to internal and external events through direction, training and influencing the behavior of Branch employees.
The CISO is responsible for positioning and enabling a vision to manage and mitigate risks related to cyber security, data, information, privacy, outsourcing, and information technology compliance. The CISO also directs the adoption and implementation of information security policies, technology, mitigation programs and related procedures to comply with regulatory guidance.
Responsibilities:
² Manage the Branch information security governance framework through the implementation of a strategic program
² Development and oversight of annual information security and third-party risk management security goals, methodologies, policies, and key metrics
² Provide information security program updates and analysis to executive management and the Board
² Identify, define and substantiate the key threats to information assets, internally and externally
² Oversight of all security policies and procedures, threat prevention, threat detection and an incident response strategy, including an incident response process, escalating security incidents, coordinating and leading investigations, and managing the recovery from attacks
² Develop control program that proactively identifies threats to the Branch and guides the acquisition of advanced security controls
² Lead and coordinate, internally and externally, responses to security incidents, providing timely reports during the incident and remediation, as well as proposing solutions to anticipate, prevent, or mitigate future incidents.
² Identify the information security risks of engaging vendors and other third parties who access the Branch systems. Review and assess mitigating control.
² Create and manage a targeted information security awareness training program for all employees and contractors and establish metrics to measure the effectiveness of this security training program
² Evaluate, disseminate information security rules, laws, and best practices
² Implement Head Office (“HO”) information security related projects, exercises, and HO related objectives
Required Skills and Personal Attributes:
² Strong knowledge of information security best practices, standards, and frameworks, such as ISO/IEC 27000, NIST 800-53, FFIEC, and PCI DSS.
² Knowledge of technical infrastructure, networks, databases, and systems in relation to Information Technology Security and Risk Management
² Proven track record and experience in developing information security strategy, policies and procedures
² Independent worker, accountable and skilled in exercising sound judgment, planning, organizational skills, team leadership, and decisiveness under pressure
² Strong interpersonal partnering and organizational communication skills
² Knowledge of information security applications and proficiency in domain specific knowledge applications
² Good command of spoken and written English. Knowledge of Chinese a benefit
Qualifications:
² BS in Computer Science, Information Technology or Technical discipline. Advanced degree is preferred
² At least 8 years of related experience in financial services: including knowledge of regulatory rules such as NYS-DFS 500, information security, cyber security and IT
² Prior experience in risk, information security management, operations, audit or management consulting, preferably in a financial institution environment
² Prior experience at a foreign financial institution is preferred
² CISSP Certification Required