Cybersecurity Governance Manager

About The Position

Requirements

• Minimum 5-7 years progressive experience in cybersecurity governance, risk management, or compliance within financial services with a deep understanding of the IT systems.
• Bachelor’s degree in Cybersecurity, Information Security, Risk Management or a related field
• Working knowledge of Cybersecurity risk management frameworks, Governance, Risk, and Compliance process, IT general controls (e.g. asset classification, risk assessments, vulnerability and threat analysis, risk treatment, audit controls and remediation, vendor risk management, and IT risk management & reporting).
• Working knowledge of Information Security & Risk Frameworks including ISO 27001/2, ISO 31000:2009, ISO 27005:2008; NIST Special Publications and Methodologies (e.g. SP800-12, 30, 37, 39, 53,150, 161).
• Working knowledge of California Consumer Privacy Act (CCPA), Gramm-Leach-Bliley Act (GLBA), NYDFS Cybersecurity Regulation, PCI-DSS, FFIEC, SOX, and other relevant laws and regulations.
• Basic understanding of financial regulatory frameworks and cybersecurity best practices.
• Ability to communicate complex security concepts to business leaders and technical teams.

Nice To Haves

• Master’s degree a plus.
• Certifications such as CISSP, CISM, CRISC, CGEIT, CISA, and ITIL are highly desirable.

Responsibilities

• Manage, maintain and enforce security policies, standards and guidelines related to Cybersecurity governance processes.
• Develop, implement, maintain and execute a Cybersecurity Risk Register, Policy Risk Exception Process, and Procedures.
• Conduct risk assessments and impact analyses to identify risks, manage remediations, to ensure compliance across business systems, IT Infrastructure, and network operating environments.
• Perform Global Integrated Security Framework (GSIF) assessments, monitor and ensure remediations are following GSIF ISO 27001 standards across cross-functional departments.
• Collaborate with Cybersecurity Risk Management, Cybersecurity Engineering Operations, and IT to ensure security best practices are integrated within each project and system deployment.
• Develop metrics and reporting for senior management and stakeholders that identify security risks and provide actionable insights to address gaps.
• Develop and maintain the governance mechanisms and automation tools track the Risk Register, and compliance status across the organization.
• Develop and maintain dashboards and regular reporting to manage management performance metrics, risk metrics.

Benefits

• Medical, Dental and Vision plans that include no-cost and low-cost plan options
• Immediate 401(k) matching and vesting
• Vehicle purchase and lease discounts plus monthly vehicle allowances
• Paid Volunteer Time Off with company donation to a charity of your choice
• Tuition reimbursement