AVP, Information Security

Verinext•North Haven, CT

8d•Onsite

About The Position

The Assistant Vice President of Information Security Operations is a proactive leadership position responsible for the design, execution, planning, budgeting, protection, monitoring, and integration of cybersecurity initiatives. You will be instrumental in developing and enhancing processes related to the Risk Management Framework (RMF), threat and vulnerability assessments, penetration testing, and reporting activities. Your main goal is to strengthen cybersecurity capabilities and incident response procedures to ensure they align with company standards and industry best practices. In this role, you will be tasked with protecting the organization’s information systems and data assets. You will play a vital role in implementing and sustaining security measures that defend against cyber threats, safeguarding the confidentiality, integrity, and availability of these systems. This is a contract-to-hire opportunity with one of Verinext's clients. The position requires five days/week onsite and must be open to on-call responsibility every 5-6 weeks.

Requirements

Possession of industry-recognized certifications such as CISSP, CISM, or CISA.
Familiarity with threat and vulnerability analysis, penetration testing, as well as red team and blue team exercises.
Strong communication skills and the ability to work effectively within a team.
Quick learning capability with adaptability to new technologies and methodologies.
Exceptional attention to detail and a commitment to accuracy in work.
A cooperative attitude and readiness to collaborate with colleagues to achieve common objectives.
Demonstrated experience as an Information Security Engineer or in a similar position.
Comprehensive knowledge of information security principles and industry best practices.
Experience working with security technologies such as firewalls, IDS/IPS, antivirus solutions, and encryption methods.
Awareness of security frameworks and compliance standards, including ISO 27001, NIST, and GDPR.
Practical experience with various security tools and technologies.
Proven leadership experience in information security, encompassing 5 to 8 years of relevant work.
Deep understanding of banking and credit union operations, regulatory requirements, and financial procedures.
Extensive knowledge of cybersecurity technologies, tools, and best practices.
Outstanding communication and leadership abilities.
Capability to adapt in a fast-paced environment and make critical decisions under pressure.
Mandatory experience with cloud computing, network infrastructures, servers, operating systems, and PCs.
Availability for on-call duties outside regular business hours.
A Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field, complemented by relevant professional experience.

Nice To Haves

Experience with security considerations in artificial intelligence (AI) and machine learning (ML).
Familiarity with DevOps practices and security automation.
Experience developing and conducting security awareness training and education.
Skill in evaluating and managing cyber risks, working with recognized frameworks like the NIST Cybersecurity Framework, CIS Top 20, and NIST 800-series.
Knowledge of intrusion analysis methodologies such as the Cyber Kill Chain and Diamond Model.
Preferred experience with ATM and ITM network systems.
Strong problem-solving skills for complex analytical and project-related challenges.
Physical ability to lift boxes weighing up to 50 lbs.

Responsibilities

Lead cybersecurity initiatives, coordinating with internal teams and vendors to ensure continuous resilience testing.
Manage audits, evaluations, project planning, budgeting, and vendor coordination for cybersecurity efforts.
Stay updated on security threats, technologies, and best practices.
Security Policies: Develop and enforce policies, procedures, and controls to protect digital assets, systems, and applications.
Risk Management: Maintain the Risk Management Framework, conduct regular risk and vulnerability assessments, penetration testing, and manage business fraud investigations.
Incident Response: Proactively detect threats, handle security incidents, maintain response plans, and monitor security logs for timely action.
Incident Investigation and Forensics: Conduct thorough investigations with internal teams and vendors to improve security posture.
Regulatory Compliance: Ensure all cybersecurity activities meet regulatory and government standards.
Security Awareness: Develop and manage programs to educate employees and stakeholders on cybersecurity best practices.
Vendor Security: Assess and monitor third-party vendor security practices and RMF compliance.
Stakeholder Collaboration: Work with internal and external partners to ensure security standards and trade compliance, integrating security into system design.
Reporting: Provide regular cybersecurity status updates to executive management and maintain detailed documentation of activities and findings.