Assistant Vice President

About The Position

Requirements

• Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
• At least 1-2 years exposure with various security frameworks. Any AI or machine learning is preferred.
• Ability to produce executive level reporting in power point and excel.
• Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.
• Experience and understanding of various regulatory requirements and laws, including but not limited to PCI, SOX, and GLBA. Additional experience in one or more of the following: FFIEC, ITIL or NIST.
• Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.
• Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing, and application security is required.
• Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management and hardening guidelines.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements.
• Self-motivated, directed, and well-organized, with the vision to position controls in anticipation of threats.
• Familiarity with state, federal privacy laws.
• Highly trustworthy; leads by example.
• Holds or is working toward one or more of the following: CISSP, CRISC, CGEIT or CGRC.

Nice To Haves

• Prior team leadership experience preferred.
• Preferred experience with cloud environments such as Microsoft Azure.

Responsibilities

• Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security.
• Manage a comprehensive risk register within a GRC-related platform.
• Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.
• Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
• Support the oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities.
• Analyze findings, and document, recommend and report program gaps to security leadership.
• Assist in the development of Policy, Procedures, and Standards. Build and maintain a central IS documentation repository with periodic review and update as needed.
• Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices, and procedures.
• Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.
• Function as a key participant in incident response to track occurrence and resolution, with documentation and reporting.
• Work in tandem with security, audit, and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.
• Attend and fully engage in project management meetings.
• Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
• Function as a point of contact for disaster recovery and business continuity as it relates to security frameworks, compliance, and privacy laws.
• Perform other duties as assigned.