Principal Engineer III - Cyber Security

The Principal Engineer III reports within the office of the CISO organization directly to the Business Information Security Officer. The resource is responsible for ensuring that our operational designs, processes, procedures and technology are deployed in manner that meet cyber security standards and cyber resiliency goals in order to defend from and recover from cyber-attack. From within the BISO org. the resource will represent the CISO team during business project initiation, technology architecture, design and lifecycle management of the bank's technology and security infrastructure providing data security oversight, guidance, security consulting and compliance assessment functions. This position supports the banks Information Security and resiliency goals via the ownership of mandatory project security risk assessment processes. The position also works to ensure compliance to Swift, Fedline, FFIEC Security Handbooks, NIST CSF, GLBA and PCI requirements. This position requires a subject matter expert who will provide thought leadership and collaborate with various stakeholders across the WAB enterprise. Engage with business and IT project teams to enforce security standards, offer solutions to applicable security risks and ensure resiliency is built into new project or applications design, engineering, and implementations. Engage with the Information Technology Risk Committee to review and opine on requested exceptions and risk acceptance rationale. Actively drive security, data privacy, business continuity and disaster recovery resiliency goals in project and product deployments as part of project teams and Architectural Standard Board. Provide oversight, review and approval of technology readiness checklist as a member of the Technical Review Board. Drive technical discussions, review and approve control evidence during the CRI Cybersecurity assessment process. Work within the CISO team as technical expert during risk control inventory and risk control self-assessment and control testing. Perform annual Swift and Fedline self-assessment and attestation processes according to industry requirements. Coordinate with SRC compliance to respond to external partner/investor security inquiries. Maintain the mapping of threat and control relationships within MITRE Attack framework. Contributes to the continual development and supports of information security policies and standards. Supports organizations requirements for evidence and control testing during internal and external audit and Federal Reserve examinations. Supports team in the management of security measures and controls over existing operating systems including configuration management, and CIS Standards. Contribute to the development and refinement of key risk indicators and metrics to measure the effectiveness of the cyber security program.