As part of Customer Service and Credit Management (CSCM), the Information Security Program Office (ISPO) team provides for the overall leadership, coordination and governance of the Information Security Management Program across the enterprise. In this role, the ISPO team facilitates the program/strategy while also challenging the status quo across the organization to ensure that program threats and vulnerabilities are being addressed ongoing in accordance with the dynamically changing landscape.
The ISPO is seeking a creative, energetic, and dedicated individual to assist in the continued evolution and enhancement of the information security program throughout the Company. Specifically, this individual will lead and manage the Information Security Risk Management vertical within the ISPO. The ideal candidate will possess technical expertise related to information security technologies and have the ability to leverage this expertise, along with practical industry business experience, to provide a detailed level of understanding and management of information security risk related to internal initiatives and partners/third parties. This individual needs to be an effective communicator, influencer and negotiator. They will need to challenge and engage the organization to balance business needs with the effective management of information risk aligned with the changing and dynamic threat landscape for financial services institutions. The successful individual will have the ability to present innovative solutions and alternatives to business problems through engagement of collaborative and creative thinking outside the boundaries of existing practices and mindsets.
Primary responsibilities will include:
Managing a small team of one to three individual contributors.
Identification of information security risks and requirements in business partner and third party agreements.
Advising business and technology teams concerning information security risks and compensating controls that balance risk with project implementation.
Documenting, tracking and facilitating risk acceptances across the company to ensure alignment to corporate risk appetite.
Managing the enterprise risk assessments and ensuring that regulatory requirements are addressed (e.g. GLBA, FFIEC).
Identification of critical areas of potential information security risks and opportunities.
Working in conjunction with management to establish goals and strategies that challenge the organization to raise the bar on the management of information security risk.
Building constructive and collaborative relationships across the Company.
Promote a risk-aware culture and ensure efficient and effective risk and compliance management practices by adhering to required standards and processes.
Bachelors degree in Business Administration, Risk Management, Information Security, or similar field; OR equivalent practical experience.
A minimum of 3 dedicated years of experience in information security or IT security
Experience in performing information security risk analysis and assessments.
Ability to convey complex information risk and security issues in a manner easily understood and actionable.
Application of information security technologies, frameworks, and controls to address business, information security and cybersecurity risks.
Ability to evangelize information security while balancing counter-veiling pressures.
Ability to constructively challenge prevailing thoughts and processes while being an effective and active listener.
Excellent written and verbal communication skills including expertise in creating and delivering executive presentations.
Negotiation and persuasion abilities.