AVP, Information Security Officer

Description

• Develops and maintains comprehensive information security policies, standards, and guidelines.
• Ensures policies are aligned with industry best practices and regulatory requirements.
• Conducts regular risk assessments to identify vulnerabilities and threats.
• In collaboration with Information Security and Infrastructure, develops and ensures implementation of risk mitigation strategies to protect information assets.
• Establishes and leads an incident response team to address security breaches and incidents.
• Investigates security incidents, document findings, and ensures implementation of corrective actions.
• Develops and delivers security awareness training programs for employees.
• Promotes a culture of security awareness across the organization.
• Ensures compliance with relevant legal, regulatory, and contractual requirements.
• Coordinates and supports internal and external security audits and assessments.
• Regularly reviews security logs and reports to identify and address potential issues.
• Collaborates with IT and other departments to ensure integration of security measures into all operations.
• Communicates security policies, procedures, and incidents to senior management.
• Ensures that security technologies are appropriately implemented and managed.
• Assesses and ensures risks associated with third-party vendors and partners are appropriately managed.
• Ensures due diligence and security assessments of third-party providers are conducted.
• Monitors and reports on third-party compliance with security requirements.
• Provides regular updates on the organization's security posture to management and the Board of Directors.
• Works closely with the internal audit team to ensure alignment of security practices with audit requirements. Provides necessary information and implements recommended improvements.

• Has a well-rounded understanding of security programs and protocols and technical knowledge of computer systems and data protection.
• Analytical and decision-making skills to pinpoint the best technologies to determine which strategies can prevent or resolve security breaches.
• Leadership and communication are used to motivate and relegate workers' responsibilities, as well as to explain ideas and strategies to leadership.
• Ability to partner with IT and information security department’s team and personnel.
• Ability to assess security plans for existing vulnerabilities, prioritize security strategies to cover strategically important data best, analyze reports generated by their threat monitoring systems, and anticipate potential issues.
• Knowledge of the types and impact of internal and external drivers (e.g., technology, business environment, risk tolerance) that may affect organizations and information security.
• Demonstrated knowledge of regulatory requirements for financial service organizations and their potential business impact from an information security standpoint.
• Knowledge of risk assessment and analysis methodologies (including measurability, repeatability, and documentation).
• Able to analyze the effectiveness of information security controls and countermeasures.
• Demonstrated ability to interpret and implement information security policies.
• Understanding of the methods and approaches to providing continuous monitoring of security activities in the enterprise’s infrastructure and business applications.
• Ability to manage incidents and post-incident activities, as well as investigative methods to identify causes and determine corrective actions.

• Reports directly to the SVP, General Counsel.

• Bachelor's degree and a minimum of 8 years of related experience; or a Master's degree and 6 years of experience; or equivalent related professional experience.
• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL), National Institute of Standards and Technology Cyber Security Framework (NIST CSF), and NIST 800-53.
• Experience with risk assessment, incident response, security compliance, and TPRM.
• One or more of the following certifications:
• Certified Information Systems Security Professional (CISSP)
• CISA – Certified Information Systems Auditor (CISA)
• CISM – Certified Information Security Manager (CISM)
• Experience working with legal, audit, and compliance staff.