Chief Information Security Officer

redShift•Schoharie, NY

16h•Onsite

About The Position

Our respected financial client in the Capital Region is seeking an experienced Chief Information Security Officer (CISO) / IT Manager to lead its information security program, technology operations, cybersecurity initiatives, regulatory compliance efforts, and business continuity planning. This is a highly visible leadership position responsible for safeguarding critical information systems, ensuring compliance with regulatory requirements, and supporting the organization's long-term technology strategy. The successful candidate will serve as a trusted advisor to executive leadership and the Board while overseeing the organization's cybersecurity posture and IT governance framework. The CISO / IT Manager will oversee the development, implementation, and ongoing management of the organization's information security and technology programs. This role is responsible for coordinating security efforts across departments, managing cybersecurity risks, supporting regulatory examinations, overseeing disaster recovery planning, and ensuring that technology infrastructure remains secure, reliable, and compliant. This position combines strategic leadership, risk management, regulatory compliance, and hands-on technology oversight.

Requirements

Experience leading information security, cybersecurity, or IT operations programs
Strong knowledge of: Cybersecurity frameworks, Risk assessments, Regulatory compliance, Incident response, Business continuity planning
Experience working within regulated industries, particularly financial services, highly preferred
Experience managing audits, examinations, and compliance initiatives
Information security governance and policy development
Risk management frameworks (NIST, COBIT, FFIEC, GLBA)
Network security technologies
Access control and identity management
Disaster recovery and business continuity planning
Security awareness training and compliance programs
Windows-based environments and enterprise infrastructure
Strong communication and presentation skills
Ability to work directly with executive leadership and boards of directors
Strong project management and organizational abilities
Ability to balance strategic planning with operational execution
Excellent analytical and problem-solving skills

Responsibilities

Lead and manage the organization's Information Security Program
Develop, implement, and maintain information security policies, procedures, and standards
Serve as the organization's primary information security advisor
Evaluate emerging cybersecurity threats and recommend appropriate safeguards
Coordinate information security initiatives across all business units
Provide regular updates and reporting to executive leadership and the Board of Directors
Conduct annual information security risk assessments
Evaluate cybersecurity risks and implement mitigation strategies
Monitor access controls and user permissions across systems
Oversee vulnerability management, security monitoring, and remediation efforts
Review firewall reports, antivirus reporting, network scans, and software update compliance
Ensure appropriate security controls are maintained throughout the organization
Manage compliance with: NYS Department of Financial Services (NYDFS) Cybersecurity Regulations, FFIEC Cybersecurity Assessment requirements, GLBA Information Security requirements, NIST and COBIT cybersecurity frameworks, PCI compliance standards
Coordinate internal and external cybersecurity audits
Prepare for and support regulatory examinations and assessments
Monitor evolving regulatory requirements and implement necessary changes
Develop and oversee cybersecurity awareness programs
Provide security training for employees and leadership
Deliver cybersecurity education and awareness initiatives
Ensure users understand security policies and best practices
Develop and maintain incident response plans and procedures
Coordinate investigation and response efforts related to security incidents
Serve as a key member of incident response and emergency management teams
Review security events and oversee corrective actions
Coordinate response activities with internal stakeholders and external partners
Lead organization-wide disaster recovery and business continuity planning
Coordinate testing and validation of critical technology systems
Ensure recovery plans remain current and effective
Oversee testing of critical infrastructure, applications, and vendor recovery capabilities
Support pandemic planning and operational continuity initiatives
Conduct vendor due diligence and cybersecurity reviews
Review SOC reports, SSAE reports, and other third-party security assessments
Evaluate cybersecurity insurance coverage and risk management practices
Monitor vendor performance and compliance requirements
Participate in technology planning and long-term strategic initiatives
Manage technology-related contracts and vendor relationships
Oversee hardware and software inventory management
Maintain software licensing and technology asset records
Support budgeting and technology investment decisions
Provide backup support for IT infrastructure and end-user support functions as needed
Assist with troubleshooting involving: Active Directory, Firewalls, Network infrastructure, Windows environments, Core business systems, Workstations and end-user technologies