Information Security Policy Manager

About The Position

Requirements

• 7+ years of experience in information / cyber security experience, including 3+ years developing and managing information security policies in a regulated industry (preferably financial services) and 3+ years hands-on, technical cybersecurity roles.
• Fluent understanding of regulatory requirements affecting cybersecurity, including DORA, SEC, FFIEC, and common regulations issued in Europe (EBA) and APAC (SFC, MAS).
• Working familiarity with common security frameworks, including NIST CSF and ISO 27001/27002.
• Prior experience as owner of policies or technical standards documentation.
• Experience as lead responder to regulatory examinations, audit requests, and client due diligence questionnaires related to policy and compliance.
• Proven ability to write clear, actionable policies addressing complex regulatory and technical requirements, grounded in industry accepted practices and risk management concepts, and based on existing controls and technology environments
• Experience building cross functional consensus as an individual contributor
• Bachelor’s degree in Information Security, Computer Science, Information Technology or a related field, or equivalent experience
• Strong critical thinking, analytical, organizational, time management, and writing and editing skills – all with attention to detail.
• Track record of building bridges with technology practitioners and translating complex technical concepts into simple, accessible language for business audiences.
• A self-motivated, open, collaborative, client-centric, consensus-building problem-solving mentality
• Ability to exercise good judgment when solving problems with incomplete information

Nice To Haves

• Experience working with GRC (Governance, Risk, and Compliance) tooling a plus.
• CISM certification a plus.

Responsibilities

• Maintain and extend IBKR’s information security policy library to align with regulatory requirements, business risk appetite, industry-accepted risk frameworks, and IBKR’s control environment.
• Coordinate and drive the development, review, and update of information security policies and standards based on identified need and defined maintenance intervals.
• Map IBKR’s security policies to, and analyze gaps against, applicable risk and regulatory frameworks and laws, such as DORA, FFIEC, NIST CSF.
• Support security-related external assessments, audits, and regulatory examinations by providing evidence of compliance.
• Partner with the Information Security Controls Manager to ensure policies are supported by appropriate controls and testing procedures.
• Evaluate security controls, identify opportunities for improvement, and communicate constructive recommendations.
• Other duties, as assigned

Benefits

• Competitive salary, annual performance-based bonus and stock grant
• Retirement plan 401(k) with competitive company match
• Excellent health and wellness benefits, including medical, dental, and vision benefits. Company paid medical healthcare premium.
• Wellness screenings and assessments, health coaches and counseling services through an Employee Assistance Program (EAP)
• Daily company lunch allowance provided and a fully stocked kitchen with healthy options for breakfast and snack
• Corporate events including team outings, dinners, volunteer activities and company sports teams
• Education reimbursement and learning opportunities