14 Apr
Risk Management : Security Consultant-2LOD
Vacancy expired!
- Develop and Manage the Information Security awareness program which includes:
- Development of a Role/Function-Specific training program for high-risk employees;
- Management of the existing platform wide annual training and attestations;
- Delivery of weekly Information Security awareness sessions for new joiners;
- Design and co-ordination of platform-wide phishing campaigns and targeted spear phishing campaigns.
- Enhance Information Security policies and related documentation for the US platform.
- Review local policies to ensure appropriate quality, ownership, coverage and implementation is achieved;
- Develop Policy and Procedure documentation to address identified gaps in existing policy framework;
- Align Information Security documentation with NIST industry standard.
- Risk Management and 2LoD control performance
- Performance of quarterly and annual Information Security controls to ensure appropriate oversight of 1LoD;
- Documenting control performance in GRC tool;
- Co-ordination of vulnerability tracking and remediation activities for Information Security risk;
- Scheduling of workshops to complete risk assessments of new technologies.
- Committees and Administration
- Development of PowerPoint slides to be presented at quarterly committees.
- Co-ordination of evidence gathering required for internal and external audits and inspections.
- BA/BS in Information Security or IT related subjects.
- At least 4 years of experience in Technology Risk or Information Security with at least 2 years in 2LoD.
- Experience developing and managing information security awareness programs and policy frameworks.
- Prior exposure to industry frameworks (e.g. NIST, COBIT, FFIEC) and regulations (NY DFS500, EBA/GL/2019/04, NFA) would be useful but not essential.
Vacancy expired!