Cyber Security Information Risk (Cloud/AWS/Azure), Second Line - VP
Reporting to the Information Risk Assessment - Infrastructure Director, the Infrastructure - Cyber Vice President is responsible for identifying, assessing, and monitoring cyber security risk associated with technology infrastructure and conducting assessments, testing controls, and assessing compliance with cyber-security policies and standards for technology infrastructure.
- Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the cyber security risk associated with technology infrastructure
- Assesses compliance to cyber security policies and standards related to technology infrastructure
- Defines testing processes for cyber security risks associated with technology infrastructure
- Conducts cyber security assessments on technology infrastructure
- Performs independent review and challenge of the front line unit cyber security assessments and remediation plans on technology infrastructure
- Maintains oversight of the front line unit remediation efforts for cyber security exposures, gaps, and deficiencies on technology infrastructure
- Performs independent review and challenge of front line unit cyber-related RCSA outputs for technology infrastructure
- Manages and conducts independent risk assessments, vulnerability scans, and penetration testing results conducted on technology infrastructure
- Stakeholder management and working across various parts of the organization
- Communicates information risk matters to senior management
- Bachelor's Degree or equivalent work experience required
- At least one security certification is strongly preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP)
- 3-5 years of related experience required
- Experience with AWS, Azure, O365 or other cloud solutions is required
- Strong MS Office skills along with strong verbal and written communication skills
- Subject matter expertise in conducting cyber security risk assessments for technology infrastructure
- Prior experience of management of technology infrastructure is preferred
- Experienced with vulnerability scanning and penetration testing tools and technologies
- Understanding of ITIL Service Management processes
- Knowledge of the financial services industry and its regulations / laws strongly preferred
- Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business
- Understanding of respective industry best practices (e.g., NIST, ISO, COBIT, OWASP, ITIL)
- Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches
- Knowledge of current industry trends in information risk management
- Able to collaborate well with internal and external stakeholders
- Able to be a subject matter expert on assessing the maturity of cyber security practices for infrastructure
The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.
We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.
A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.
Back to top