Lead IT Risk & Control

About The Position

Requirements

• Bachelor's Degree or equivalent
• Minimum of 12 years experience in Information/Cyber Security field
• Minimum of 7 years experience in cyber security operations, incident response, IT risk management or investigation
• Minimum 3 years’ experience managing or coordinating resources such as people or projects
• Demonstrated experience analyzing complex cyber security data sets within subject area specialty
• Demonstrated knowledge of cyber security landscape -- threats, trends, technologies
• Demonstrated knowledge of financial regulation and control frameworks applicable to cyber security or IT risk
• Excellent communication and interpersonal skills. Including a strong ability to create positive and professional business relationships with internal clients.
• Strong commitment to working as a team and providing excellent customer service.
• Exposure to banking or equivalent highly controlled technology environment is preferred

Nice To Haves

• Masters' degree in business, computer science or related field preferred
• Security certifications (CISSP, GSEC, etc.) are highly desired.
• Demonstrated experience with Industry or subject specific analysis or assessment frameworks is highly desired (FAIR, NIST CSF, etc.)
• Experience in banking/financial industry is strongly preferred
• Formalized training in cyber security analysis or assessment techniques

Responsibilities

• Define analysis objectives, collect data from internal and external sources, and evaluate/analyze data to provide objective information on cyber risks for IT and business management with both summary and detailed reporting
• Assess risk within subject specialty area to evaluate the design and effectiveness of security controls
• Provide insight and guidance to IT software and hardware upgrades and other projects to ensure production environments meet and exceed minimum security standards and will effectively counter cyber threats
• Partner with external partners, vendors, law enforcement, and intelligence community as applicable to fulfill reporting and information sharing requirements, and collecting information required for comprehensive risk analysis and assessment
• Create new and maintain process and procedural documentation for various risk analysis and risk assessment activities; Highlight industry-based methodologies, techniques or standards (FAIR, NIST, FFIEC, etc.) used as the basis for analysis efforts
• Publish routine, accurate risk analysis and assessment reports as defined by organizational risk policies and procedures to applicable audiences for each subject area discipline
• Participate in other security support projects and duties as needed or requested

Benefits

• Comprehensive healthcare coverage, including Medical, Dental and Vision plans, available the first of the month following start date
• Generous 401(k) company matching contribution
• Career Development through Tuition Reimbursement and other internal upskilling and training resources
• Valued Time Away benefits including vacation, sick and volunteer time
• Specialized health and family planning benefits including fertility benefits, and cancer, diabetes and musculoskeletal support programs
• Career Mobility support from a dedicated recruitment team
• Colleague Resource Groups to support networking and community engagement