Vice President, Information Security

About The Position

Requirements

• Bachelor's degree in information technology (or related field) with minimum of 6-10 years’ experience
• Possess strong knowledge of various technologies and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
• Knowledge of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP) strongly desired.
• Practical experience with identifying, analyzing, and communicating cyber threat and vulnerability information.
• Hold key Cybersecurity Certifications, Security+, CISSP, CEH, SANS etc
• Experience working with cloud technology (Azure, GCP, AWS.)
• Strong working knowledge of vulnerability management toolsets (Qualys, Wiz.io, Xray Jfrog etc.)
• Strong working knowledge of operational baselines hardening
• Knowledge of sound, industry-accepted server software support practices and methodologies
• Familiar with International Standards, NIST Special Publications and Cyber Security Frameworks
• Experience with assessing vulnerability management programs
• Familiarity with General IT infrastructure and enterprise architecture (e.g., Server, Network, Workstation, Cloud, etc.)
• Familiarization with patching processes and related technologies (e.g. BladeLogic, SCCM)
• Familiarity with enterprise risk management and how cyber threats and vulnerabilities integrate into ERM efforts
• Background and knowledge of general cyber security concepts (e.g. defense-in-depth security architectures, security controls)
• Exemplary verbal and written communication skills (English business fluent spoken and written)
• Demonstrated ability to think strategically and perform detailed, complex analysis and data interpretation
• Effective interpersonal skills, out-of-the-box thinking and ability to interface with all levels of staff
• Ability to work under pressure and deal with ambiguous situations
• Ability to read and write scripts in various languages. (php, python, ksh, powershell, SQL, and similar)
• Experience and proficiency in a various toolsets and best practices.
• Self-motivated and able to work in an independent manner.

Responsibilities

• Serve as vulnerability management analyst for information systems as primary responsibility
• Perform information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components.
• Conduct risk-based assessment on security vulnerabilities and determine impact to various IT infrastructures.
• Prioritize risks and drive remediation by outlining and providing advice and solutions to technology owners on effective security controls and counter measures.
• Prioritize remediation activities based upon the results of the Enterprise-wide scanning program, Intel Threat advisories, or internal/external audits.
• Engage with stakeholders, to include IT professionals, management, and auditors, to facilitate vulnerability discovery and remediation.
• Communicate security and compliance issues in an effective and appropriate manner
• Recommend appropriate remedial actions to mitigate risks and ensure information systems employ appropriate level of information security controls
• Validate remedial actions and ensure compliance with information security policy and regulatory requirements.
• Stay abreast on new security vulnerabilities and latest advancements in configuration compliance assessments from internal or external threat intelligence sources.
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.
• Conducts adhoc vulnerability scans if needed and coordinates remediation with appropriate support teams.
• Collaborate with our IT Stakeholders and LOB application owners.

Benefits

• BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy.
• We provide access to flexible global resources and tools for your life’s journey.
• Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter.