Chief Information Security Office-Strategy, Programs & GRC AVP

About The Position

Requirements

• Bachelor’s degree in Business, Computer Science, Management Information Systems, Engineering, Mathematics, or related field is required
• Minimum 5 years of work experience in Financial services Risk Management, Audit, IT/IS Operations, or other relevant functions
• Minimum 3 years of experience in d eveloping and executing IT/IS Risk programs, projects, and policies
• Minimum 1 year of experience working with US Banking Regulations, financial industry standards, and industry standard IT/IS Risk Frameworks
• Strong program, frameworks, project management development, implementation, and maintenance skills
• Sound and practical IT/IS risk management and program knowledge
• Familiarity with IT/IS Risk Management regulations, standards, and frameworks including NIST, ISO27002, FFIEC Guidelines, etc.

Nice To Haves

• CISSP/CRISC/ or IT related certifications preferred

Responsibilities

• Establish and maintain Information Security policies and procedures
• Ensure CISO roles and responsibilities are clearly delineated and documented to ensure efficiency, create synergies and ensure TISR is being properly managed across first and second lines
• Periodically refresh and update TISR controls guidance in relevant policies and supporting procedures with detailed implementation guidance
• Develop, monitor, and track CISO policy adherence measures and metrics
• Coordinate Information Security strategy in alignment with the Bank's strategy
• Maintain strategic initiatives tracking and associated KRIs to track progress and execution of the objectives
• Conduct quarterly strategy reviews with the CISO team to ensure alignment and momentum continue. Adjust strategy as necessary
• Provide end-to-end project management function for all CISO led projects
• Manage all CISO programs, including but not limited to: Information Security Program & Training & Culture Program
• Establish and enhance a TISR framework that consists of the appropriate components to effectively manage TISR
• Conduct risk assessments of TISR for Projects, Third-Party, New Activities and Applications
• Develop and execute an TISR annual work plan of risk identification, assessment, and control evaluation and testing activities
• Review and contribute to the development and maintenance of the taxonomy for Risk, Process and Controls for TISR domains.
• Catalog and oversee remediation of TISR issues include those arising from Audit and Regulatory exams, ITRM deep dives, root cause analyses and control testing
• Prepare and submit Audit Requests for evidence
• Anticipate audit requests and prepare comprehensive approach to for CISO policy and standards and associated implementation
• Prepare response evidence for IT/IS related regulatory exams
• Recommend changes to policy, process or procedures to align with OCC and other federal guidelines and regulations
• Evaluate and provide evidence of compliance for BOCNY Branch Liaison with LCD/RAO/IAD to ensure collaboration and partnership so that CISO can meet regulatory IT/IS requirements
• Manage all metrics and reporting for CISO