Deputy CISO

About The Position

Requirements

• At least 8 years of professional experience in running an information security function, including defining information security strategy, analyzing, and applying information security risk, risk management and privacy practices, preferably in financial or banking industry.
• At least 8 years of relevant work experience, including consulting and general industry experience.
• Demonstrated proficiency in areas such as information policy formulation, information security management, business risk management, IT risk assessment and management, IT continuity management, IT governance formulation, organizational change management, IT financial management, and IT audit.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
• Extensive experience in strategic planning, budgeting, and allocation.
• Experience successfully executing programs that meet the objectives of excellence in a dynamic business environment.
• Experience with contract and vendor negotiations.
• Up-to-date knowledge of methodologies and trends in information security, risk management, cybersecurity technologies, as well as business and IT.
• A bachelor's degree in a computer-related field or equivalent work experience. Master’s degree preferred.

Nice To Haves

• ISACA or GIAC certifications
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC) or other similar credentials.

Responsibilities

• Work with the CISO to develop and implement an information security strategy that aligns with organizational priorities.
• Oversee the implementation and execution of security standards and policies.
• Develop operational-level roadmaps and execute improvement plans for underperforming security areas.
• Maintain security policy review processes and ensure compliance with laws, regulations, and regulatory guidance.
• Support compliance improvements by furnishing information relevant for audit activities and directing compliance issues to appropriate resources.
• Define local-level KPIs and collect and report necessary metrics to CISO and executive management.
• Communicate identified threat information to Division BISO and Enterprise levels.
• Support implementation and execution of the security control framework.
• Direct oversight for a team of Business Information Security Officers aligned to key business areas.
• Determine information security approach and operating model in consultation with key stakeholders.
• Work effectively with business units to facilitate information security risk assessment and risk management processes.
• Create necessary internal networks to ensure alignment as required.
• Build out appropriate business engagement model and support functions.
• Ensure security is embedded in the project delivery process.
• Liaise with the enterprise architecture team to build alignment between the security and enterprise architectures.
• Create and manage a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements.
• Develop and maintain a document framework of continuously up-to-date information security policies, standards, and guidelines.
• Create a framework for roles and responsibilities with regard to information ownership, classification, accountability, and protection of information assets.
• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program.
• Build and nurture external networks to address common trends, findings, incidents, and cybersecurity risks.
• Liaise with external agencies to ensure the organization maintains a strong security posture.
• Participate in leading industry forums and consortiums to represent business interests and set standards/practices.

Benefits

• Competitive salary ranging from $186,000 to $341,200 annually.
• Equal Opportunity / Affirmative Action Employer policies ensuring a diverse workplace.