US Information Security Director of Regulatory and Controls

About The Position

Requirements

• Experience at a financial institution of similar scope and scale with direct experience working with regulators and regulatory compliance programs.
• Advanced knowledge of applicable US laws and regulations as they relate to Information Security and the effective management of Information Security Risks.
• Experience developing and implementing strategic team goals.
• Experience coaching employees and inspiring successful team performance.
• Strong critical thinking skills.

Nice To Haves

• Caring and accountable leadership.
• Attention to detail.
• Ability to bring real self to work and live values of trust, teamwork, and accountability.

Responsibilities

• Monitor relevant laws, regulations and standards to ensure organization's security practices align with regulatory requirements.
• Own regulatory compliance programs such as NY-DFS, GLBA and FFIEC assessments.
• Serve as primary point of contact for regulatory bodies during audits.
• Creation of materials for and participation in regulatory exams and quarterly briefings to regulators as required.
• Develop responses and drive resolution of Issues, Deficiencies, Matters Requiring Attention (MRAs), and Supervisory Recommendations (SR's) assigned to US Region Information Security.
• Work closely with US TI&I Risk & Controls Team, Regulatory Affairs, Operational Risk Management (ORM) and Internal Audit as required.
• Assist with creation of materials for Annual Cyber Security Board Review and Quarterly Board Risk Committee Meetings.
• Creation of materials for various reporting committees and forums, including weekly status reports, business unit reviews and horizontal reviews.
• Conduct Risk and Control Self-Assessment (RCSA) for Information Security and provide input into RCSA for all other lines of business.
• Mapping of controls to industry frameworks (e.g. NIST, PCI, MITRE).
• Work closely with controls testing teams.
• Drive remediation of ineffective controls owned by the US and provide oversight of control effectiveness for enterprise controls impacting the US.
• Act as secretary for the Cyber Security Controls Oversight Council.
• Recruiting and hiring of Information Security professionals to support target operating model changes.
• Provides ongoing advice and direction on a variety of complex conceptual or interpretative issues.
• Establishing and leveraging peers relationships within the US Region and Parent bank organizations.
• Foster relationships with middle to senior management, and senior executives across a range of functions including Risk Management and Technology.

Benefits

• Medical, Dental, Vision, Health Savings Account, Life Insurance, Disability, and Other Insurance Plans.
• Paid Time Off (including Sick Leave, Parental Leave and Vacation).
• Holidays and 401(k).
• Competitive salary and incentive pay.
• Banking benefits.
• Wellbeing support.
• MomentMakers, our social, points-based recognition program.
• Paid day off dedicated for personal growth and development.